poorbarcode opened a new pull request, #24860: URL: https://github.com/apache/pulsar/pull/24860
### Motivation Before [PIP-321 Introduce allowed-cluster at the namespace level](https://github.com/apache/pulsar/pull/22378), Pulsar does not support enabling topic level Geo Replication without enabling namespace level Geo Replication, because the policies `namespace.replication_clusters` has two meanings: 1. Which cluster is allowed to access the namespace? 2. Which clusters enabled Geo Replication? [PIP-321 Introduce allowed-cluster at the namespace level](https://github.com/apache/pulsar/pull/22378) defined a new policy `namespace.allowed_clusters`, which splits the two definitions. - if `allowed_clusters` is not empty - `allowed_clusters` can be used to define which cluster is allowed to access the namespace, if it is set. - otherwise: the `replication_clusters` defines both statuses. --- ### 3 Issues PIP-321 did not complete all the adaptations of codes, such as follows - 1. Expected behaviour: when a cluster permission was removed from a namespace, Pulsar will unload the namespace to prevent the topics under the namespace from being loaded up again. - Issue: the cluster is still defined `allowed` by `namespace.allowed_clusters`, the namespace is also unloaded. More importantly, in this case, all brokers will trigger an uninstall, which will cause this namespace to remain unavailable for a long time. Every time any policy of the namespace is updated, unload will be triggered again for a round, which will cause the problem to become so serious as to be uncontrollable. The test `testUpdateNamespacePolicies` is used to reproduce the issue. - 2. Expected behaviour: a namespace can only be removed if only one cluster has permission to access it. - Issue: the namespace can be deleted even if `allowed_cluster` is defined as `2` clusters are allowed to access. The test `testDeleteNamespaceIfTwoClustersAllowed` is used to reproduce the issue. - 3. Expected behaviour: broker will unload the namespace if the isolation policy is changed, to make the new policy apply. - Issue: the namespace will not be unloaded if the allowed permission is defined by `namespace.allowed_cluster`. The test `testUpdateNamespaceIsolationPolicy` is used to reproduce the issue. --- ### Modifications - Fix the 3 issues - Rather than check `replication_clusters` and `allowed_clusters` anywhere, use a common method to deal with them, including the following checks - Whether a cluster is allowed to access a namaspace. - New policy checking. ### Documentation <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. --> - [ ] `doc` <!-- Your PR contains doc changes. --> - [ ] `doc-required` <!-- Your PR changes impact docs and you will update later --> - [x] `doc-not-needed` <!-- Your PR changes do not impact docs --> - [ ] `doc-complete` <!-- Docs have been already added --> ### Matching PR in forked repository PR in forked repository: x -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
