mumrah commented on code in PR #13368:
URL: https://github.com/apache/kafka/pull/13368#discussion_r1136047272
##########
core/src/main/scala/kafka/zk/ZkMigrationClient.scala:
##########
@@ -211,12 +214,38 @@ class ZkMigrationClient(zkClient: KafkaZkClient) extends
MigrationClient with Lo
}
}
+ def migrateAcls(recordConsumer: Consumer[util.List[ApiMessageAndVersion]]):
Unit = {
+ // This is probably fairly inefficient, but it preserves the semantics
from AclAuthorizer (which is non-trivial)
+ var allAcls = new scala.collection.immutable.TreeMap[ResourcePattern,
VersionedAcls]()(new ResourceOrdering)
+ def updateAcls(resourcePattern: ResourcePattern, versionedAcls:
VersionedAcls): Unit = {
+ allAcls = allAcls.updated(resourcePattern, versionedAcls)
+ }
+
+ AclAuthorizer.loadAllAcls(zkClient, this, updateAcls)
Review Comment:
Yes, good call-out -- we will need documentation on this. We will only
support migrating ACLs from AclAuthorizer to StandardAuthorizer. Otherwise,
users can continue using whatever authorizer they had configured in ZK mode. In
fact, AclAuthorizer _could_ still be used in KRaft mode, but we want to
discourage that :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
