rajinisivaram commented on code in PR #18989:
URL: https://github.com/apache/kafka/pull/18989#discussion_r1967762380
##########
core/src/main/scala/kafka/server/BrokerServer.scala:
##########
@@ -645,6 +645,7 @@ class BrokerServer(
.withGroupCoordinatorMetrics(new
GroupCoordinatorMetrics(KafkaYammerMetrics.defaultRegistry, metrics))
.withGroupConfigManager(groupConfigManager)
.withPersister(persister)
+ .withAuthorizer(authorizer.toJava)
Review Comment:
Did we consider splitting the processing of heartbeat request in the group
coordinator so that topic authorization can continue to be in KafkaApis? Moving
some of the authorization out of KafkaApis and into the group coordinator
doesn't seem ideal. If we could instead ask the coordinator first for list of
topics to filter out for regex and then invoke
GroupCoordinatorService.consumerGroupHeartbeat() passing the filtered topics as
well, we could avoid splitting out authorization between KafkaApis and group
coordinator. And it would avoid knowledge of `logIfDenied` etc. mentioned in
https://github.com/apache/kafka/pull/18989/files#r1966700208 outside of
KafkaApis.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
