harmadasg opened a new pull request, #20128:
URL: https://github.com/apache/kafka/pull/20128

   When using the 
[zookeeper-security-migration](https://kafka.apache.org/39/documentation.html#zk_authz_migration)
 tool without the '–enable.path.check' option, the script not only updates the 
ACLs for the existing znodes, but also creates any non-existing ones (with the 
ACL options specified) using null values based on the list defined in 
[ZkData.SecureRootPaths.](https://github.com/apache/kafka/blob/3.9/core/src/main/scala/kafka/zk/ZkData.scala#L1089-L1102)
 This is especially problematic for the /migration znode as the current logic 
only checks for the existence of the znode and later the migration process will 
hang when it tries to parse the null value over and over again. 
   
   In summary, the migration cannot be completed if the 
zookeeper-security-migration script was run previously, and the only workaround 
is to manually remove the /migration znode in such cases. I propose a simple 
fix to circumvent the manual step by recreating the /migration znode if it 
contains a null value.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to