hachikuji commented on a change in pull request #9850:
URL: https://github.com/apache/kafka/pull/9850#discussion_r555247829
##########
File path: core/src/main/scala/kafka/server/KafkaApis.scala
##########
@@ -3242,6 +3209,133 @@ class KafkaApis(val requestChannel: RequestChannel,
}
}
+ def handleEnvelope(request: RequestChannel.Request): Unit = {
+ val envelope = request.body[EnvelopeRequest]
+
+ if (!config.metadataQuorumEnabled) {
+ // If forwarding is not yet enabled, we treat the request as unparsable
and close the connection
+ closeConnection(request, Collections.emptyMap())
+ return
+ } else if (!request.context.fromPrivilegedListener) {
+ sendErrorResponseMaybeThrottle(request, new
ClusterAuthorizationException(
Review comment:
To be honest, I'm more inclined to get rid of this requirement. It seems
a little arbitrary that we require the inter-broker listener for envelope
requests only. If a principal has CLUSTER_ACTION, I think the damage they can
do already is virtually unlimited.
@abbccdda What do you think? Do we have a strong reason for this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
