soarez opened a new pull request #10795: URL: https://github.com/apache/kafka/pull/10795
https://issues.apache.org/jira/browse/KAFKA-12866 The broker shouldn't assume create access to the chroot. There are deployement scenarios where the chroot is already created is the only znode which the broker can access. To test this, we can use a ZK integration test, and configure zookeeper in the same way the issue is reproduced. 1. Create the chroot 2. Set free access to the chroot 3. Lock down access to the root znode 4. Try to connect the KafkaZkClient It should be a separate `ZooKeeperTestHarness` to avoid leaving the ACL changes made to ZK root visible to other tests. #### Rejected alternatives * Expect `NoAuth` in `KafkaZkClient.createRecursive` and assume `NoAuth` as success. * Create new configuration to set `createChrootIfNecessary = false` instead of the current non configurable default value of true. ### Committer Checklist (excluded from commit message) - [ ] Verify design and implementation - [ ] Verify test coverage and CI build status - [ ] Verify documentation (including upgrade notes) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
