Thanks. LGTM.
On Thu, Oct 16, 2025 at 4:10 PM Mickael Maison <[email protected]> wrote: > > Hi, > > Thanks Fede for the feedback! > > I was going to keep PrincipalConnectorClientConfigOverridePolicy but > after taking another look I think we can also deprecate it and mark it > for deletion. > Principal has been a source of security issues and it's not really > serving its purpose of allowing sasl configurations as we did not > update it to support the new configs we added. > > Thanks, > Mickael > > > > On Thu, Oct 16, 2025 at 12:48 PM Federico Valeri <[email protected]> wrote: > > > > Hi Mickael, thanks for addressing my comments. With this new > > configurable policy, does it still make sense to provide > > PrincipalConnectorClientConfigOverridePolicy? > > > > On Thu, Oct 16, 2025 at 12:32 PM Mickael Maison > > <[email protected]> wrote: > > > > > > Hi Federico, > > > > > > 1. I updated the KIP to explicitly mention Kafka 5.0 as the version > > > which would adopt the new policy as default. > > > 2. The default allowlist is empty. Users are expected to list all > > > configurations they want to allow. > > > 3. I'm leaning towards keeping it as an explicit list of literal > > > configuration names without regex. If people value regex I'm happy to > > > reconsider. > > > > > > Thanks, > > > Mickael > > > > > > > > > On Fri, Jul 25, 2025 at 5:35 PM Federico Valeri <[email protected]> > > > wrote: > > > > > > > > Hi Mickael, thanks for this useful KIP. Few questions from me: > > > > > > > > 1. Can you please indicate the exact major version for making this the > > > > default policy? I think you mean Kafka 5.0.0. > > > > 2. What would be the default value of > > > > connector.client.config.override.allowlist? I guess it won't be the > > > > full list of client configurations, otherwise we could make this > > > > change in a Kafka 4 release. > > > > 3. Would connector.client.config.override.allowlist also support regex > > > > expressions? That would be handy to avoid having a long list of client > > > > configuration keys. > > > > > > > > On Wed, Jul 9, 2025 at 5:02 AM Luke Chen <[email protected]> wrote: > > > > > > > > > > Thanks for the KIP! > > > > > +1 from me to make Kafka safer! > > > > > > > > > > Luke > > > > > > > > > > On Fri, Jun 20, 2025 at 8:47 PM Mickael Maison > > > > > <[email protected]> > > > > > wrote: > > > > > > > > > > > Link to the KIP: > > > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1188%3A+New+ConnectorClientConfigOverridePolicy+with+allowlist+of+configurations > > > > > > > > > > > > On Fri, Jun 20, 2025 at 2:22 PM Mickael Maison > > > > > > <[email protected]> > > > > > > wrote: > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > I wrote a KIP introducing a new > > > > > > > ConnectorClientConfigOverridePolicy > > > > > > > implementation for Kafka Connect to enable users to selectively > > > > > > > allow > > > > > > > specific client configuration overrides. > > > > > > > > > > > > > > Let me know if you have any feedback. > > > > > > > > > > > > > > Thanks, > > > > > > > Mickael > > > > > >
