ray841 commented on PR #9103: URL: https://github.com/apache/kafka/pull/9103#issuecomment-2614325456
> This PR adds support for redirections of the following RPCs: > > 1. Alter Configs > 2. Incremental Alter Configs > 3. Alter Client Quotas > 4. Create Topics > > The specific changes include: > > 1. Use the flag `Request Context. from Privileged Listener` to indicate whether a request is **possibly** coming from the inter-broker communication, details in this [PR](https://github.com/apache/kafka/pull/9144). When a request is from a privileged listener, we will do a separate round of `CLUSTER_ACTION` authorization for a forwarding request. > 2. Add Envelope RPC for the request forwarding, and corresponding handling logic in Kafka > 3. Add forwarding support in the Broker To Controller Channel Manager > 4. Add a separate authorization of a forward request in the Authorizable Context with a forwarding principal, and audit logging changes. > 5. Checks for the mentioned RPCs to do the redirection. Will do the forwarding when the request is not forwarded and the current broker is not the controller. > 6. Add broker IBP to guard against redirection. If IBP is low, any broker would still try to mutate ZK data with the admin manager. > 7. Add support for principal serialization as an extendable interface called `Kafka Principal Serde > 8. Built a template called `Forward Request Handler` to formulate the workflow of forward request handling > 9. Add SSL trust store/keystore path augment/trim logic to trigger file reload upon ZK notification > 10. Add IBP constraint tests for redirected RPCs since version 2.8, and KIP-500 flag to disable redirection. > > Co-authored-by: Jason Gustafson [ja...@confluent.io](mailto:ja...@confluent.io) > > ### Committer Checklist (excluded from commit message) > * [ ] Verify design and implementation > * [ ] Verify test coverage and CI build status > * [ ] Verify documentation (including upgrade notes) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
