Hi, all. I want to submit a kip, and hope get some review and good suggestions. the kip is here: https://cwiki.apache.org/confluence/x/k5KzDw
Motivation: When mirroring ACLs, MirrorMaker downgrades allow ALL ACLs to allow READ. The rationale to is prevent other clients to produce to remote topics, which is mentioned in KIP-382: MirrorMaker 2.0. However in disaster recovery scenarios, where the target cluster is not used and just a "hot standby", it would be preferable to have exactly the same ACLs on both clusters to speed up failover. Therefore, in this scenario, we need to synchronize the topic write&read ACL, group ACL, and absolute user scram credential of the source cluster topic to the target cluster, so that when the user directly switches the read and write service to the target cluster, it can be ran directly. Proposed changes: Add a config parameter: disaster.recovery.enabled in MirrorMakerConfig, the default is false, it will leave the current sync behavior unchanged, if set true, it will synchronize the topic write&read ACL, group ACL, and absolute user scram credential of the source cluster replicated topics to the target cluster. topic write&read ACL: Filter all topic read&write Acl informations related to the topics replicated with the source cluster. user scram credential: Filter the user scram credential to be synchronized according to the topic acl information to be synchronized and create user in target cluster. group ACL: The group Acl information is obtained by filtering the user obtained above. Looking forward to your reply. Best, hudeqi
