Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KAFKA-17036: KIP-919 supports for createAcls, deleteAcls, describeAcls #16493

Merged
merged 1 commit into from
Sep 13, 2024
Merged

KAFKA-17036: KIP-919 supports for createAcls, deleteAcls, describeAcls #16493

merged 1 commit into from
Sep 13, 2024

Conversation

FrankYang0529
Copy link
Member

  • Use LeastLoadedBrokerOrActiveKController for describeAcls, createAcls, and deleteAcls APIs.
  • Add --bootstrap-controller to AclCommand.
  • Add related integration tests to AclCommandTest.

Committer Checklist (excluded from commit message)

  • Verify design and implementation
  • Verify test coverage and CI build status
  • Verify documentation (including upgrade notes)

@FrankYang0529 FrankYang0529 force-pushed the KAFKA-17036 branch 3 times, most recently from 5ea3dc6 to d2741e6 Compare July 4, 2024 12:49
chia7712
chia7712 reviewed Jul 4, 2024
View reviewed changes
Copy link
Contributor

@chia7712 chia7712 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FrankYang0529 thanks for this patch. Could you please make testAclOperations run with controller also?

kafka/core/src/test/scala/integration/kafka/api/PlaintextAdminIntegrationTest.scala

Line 1121 in 42f267a

def testAclOperations(quorum: String): Unit = {

core/src/main/scala/kafka/admin/AclCommand.scala Outdated Show resolved Hide resolved
core/src/main/scala/kafka/admin/AclCommand.scala Outdated Show resolved Hide resolved
core/src/main/scala/kafka/admin/AclCommand.scala Outdated Show resolved Hide resolved
@FrankYang0529
Copy link
Member Author

Hi @chia7712, I addressed all comments. Thanks for your review.

@chia7712
Copy link
Contributor

@FrankYang0529 Could you please move all tests to BootstrapControllersIntegrationTest after #16822 gets merged?

@chia7712
Copy link
Contributor

@FrankYang0529 any updates?

@FrankYang0529
Copy link
Member Author

@FrankYang0529 Could you please move all tests to BootstrapControllersIntegrationTest after #16822 gets merged?

Hi @chia7712, updated it. Could you take a look? Thank you.

chia7712
chia7712 reviewed Aug 19, 2024
View reviewed changes
Copy link
Contributor

@chia7712 chia7712 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FrankYang0529 thanks for this nice patch. one one small comment is left

core/src/test/java/kafka/test/server/BootstrapControllersIntegrationTest.java Outdated
.map(server -> server.authorizer().get()).collect(Collectors.toList()));
allAuthorizers.addAll(clusterInstance.controllers().values().stream()
.map(server -> server.authorizer().get()).collect(Collectors.toList()));
allAuthorizers.forEach(authorizer -> kafka.utils.TestUtils.waitAndVerifyAcls(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please add those code to ClusterInstance as a helper method?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, add a method authorizers to ClusterInstance. Thanks.

chia7712
chia7712 reviewed Aug 20, 2024
View reviewed changes
Copy link
Contributor

@chia7712 chia7712 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FrankYang0529 thanks for updated PR

core/src/test/java/kafka/test/ClusterInstance.java
@@ -204,4 +207,13 @@ default void waitForTopic(String topic, int partitions) throws InterruptedExcept
60000L, "Timeout waiting for controller metadata propagating to brokers");
}
}

default List<Authorizer> authorizers() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please check the existence of Option ?

core/src/test/java/kafka/test/ClusterInstance.java
@@ -204,4 +207,13 @@ default void waitForTopic(String topic, int partitions) throws InterruptedExcept
60000L, "Timeout waiting for controller metadata propagating to brokers");
}
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for another, please add waitAcls. for example:

    default void waitAcls(AclBindingFilter filter, Collection<AccessControlEntry> entries) throws InterruptedException {
        for (Authorizer authorizer : authorizers()) {
            TestUtils.waitForCondition(() -> {
                Assertions.assertIterableEquals(authorizer.acls(filter), entries);
                return true;
            }, "except: ");
        }
    }

chia7712
chia7712 reviewed Aug 22, 2024
View reviewed changes
Copy link
Contributor

@chia7712 chia7712 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FrankYang0529 thanks for this patch

core/src/main/scala/kafka/admin/AclCommand.scala Outdated

if (options.has(authorizerPropertiesOpt) && options.has(bootstrapServerOpt))
if (options.has(authorizerPropertiesOpt) && (hasServerOrController))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: if (options.has(authorizerPropertiesOpt) && hasServerOrController)

core/src/test/java/kafka/test/ClusterInstance.java Outdated
authorizer.acls(filter).forEach(aclBinding -> accessControlEntrySet.add(aclBinding.entry()));
actualEntries.set(accessControlEntrySet);
return accessControlEntrySet.containsAll(entries) && entries.containsAll(accessControlEntrySet);
}, () -> "except acls: " + entries + ", actual acls: " + actualEntries.get());
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

`expected acls:

@FrankYang0529
Copy link
Member Author

Hi @chia7712, thanks for the review. I address all comments.

@chia7712
Copy link
Contributor

@FrankYang0529 could you please fix conflicts?

@FrankYang0529
Copy link
Member Author

@FrankYang0529 could you please fix conflicts?

Fixed it. Thank you.

chia7712
chia7712 reviewed Sep 1, 2024
View reviewed changes
Copy link
Contributor

@chia7712 chia7712 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FrankYang0529 thanks for this patch.

core/src/test/java/kafka/admin/AclCommandTest.java Outdated Show resolved Hide resolved
core/src/test/java/kafka/admin/AclCommandTest.java Outdated Show resolved Hide resolved
@FrankYang0529
Copy link
Member Author

Hi @chia7712, I addressed all comments. Could you take a look again? Thank you.

chia7712
chia7712 reviewed Sep 4, 2024
View reviewed changes
Copy link
Contributor

@chia7712 chia7712 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FrankYang0529 overall LGTM. two small comments are left.

core/src/test/java/kafka/admin/AclCommandTest.java Outdated
.filter(e -> e.getLevel().equals(Level.WARN.toString()))
.filter(e -> e.getThrowableClassName().filter(name -> name.equals(InstanceAlreadyExistsException.class.getName())).isPresent())
.count(), "There should be no warnings about multiple registration of mbeans");
} catch (InterruptedException | IOException e) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't need to catch the exception. Instead, we can add the exception to the method signature.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @chia7712, thanks for your review. I add exceptions to the method signature.

core/src/test/java/kafka/admin/AclCommandTest.java Outdated
.filter(e -> e.getLevel().equals(Level.WARN.toString()))
.filter(e -> e.getThrowableClassName().filter(name -> name.equals(InstanceAlreadyExistsException.class.getName())).isPresent())
.count(), "There should be no warnings about multiple registration of mbeans");
} catch (InterruptedException | IOException e) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

@FrankYang0529
Copy link
Member Author

Hi @chia7712, could you help me review this when you have time? Thank you.

@chia7712 chia7712 merged commit 4692aeb into apache:trunk Sep 13, 2024
5 of 6 checks passed
@FrankYang0529 FrankYang0529 deleted the KAFKA-17036 branch September 14, 2024 02:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chia7712 chia7712 chia7712 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@FrankYang0529 @chia7712