Thanks for the KIP, Colin!
4) For the various "Type" fields in the AccessControlEntityRecord, is it
worth explicitly enumerating the allowed types in the KIP? E.g.,
PermissionType = {Any, Deny, Allow}. If these are listed out in another
KIP, maybe we can just reference that.
5) You mention "StandardAuthorizer must load all the records atomically as
a group" when loading from a snapshot. I was under the impression that
snapshot loads were already effectively atomic operations. That is, we
recalculate the whole MetadataImage from the snapshot and publish it to
components. Can you clarify what you mean here? Is this to do with how
StandardAuthorizer handles the published metadata?
6) When we handle Create/Delete ACL RPCs on the controller, I think
the operations should be written as atomic batches to the metadata log.
Should we mention this here?
Thanks!
David
On Tue, Dec 14, 2021 at 11:27 AM José Armando García Sancio
<jsan...@confluent.io.invalid> wrote:
> Thanks for the additional information Colin.
>
> On Mon, Dec 13, 2021 at 4:43 PM Colin McCabe <cmcc...@apache.org> wrote:
> >
> > Hi José,
> >
> > I think these are good questions. We have a few situations like this
> where there is something brokers have to know before they can contact the
> controller quorum -- or something controllers have to know before they can
> accept broker connections. Basically, the bootstrapping problem.
> >
> > Offhand, I can think of a few scenarios like this:
> > 1. If you need certain ACLs to be present, you need a way of setting
> those up on the controller before starting the controller quorum for the
> first time.
> > 2. If you are using SCRAM for the broker user, you need some way of
> setting that up before starting up the cluster for the first time.
> > 3. If you are using KIP-226 dynamic broker configurations to configure
> the SSL settings for the connection to the controller, you need a way of
> setting those up before starting the broker.
>
> It sounds to me like KIP-801 is assuming that this "bootstrapping KIP"
> will at least generate a snapshot with this information in all of the
> controllers. I would like to understand this a bit better. Do you
> think that we need to write this "bootstrapping KIP" as soon as
> possible?
>
> Thanks
> -José
>
--
-David
