harmadasg opened a new pull request, #20128: URL: https://github.com/apache/kafka/pull/20128
When using the [zookeeper-security-migration](https://kafka.apache.org/39/documentation.html#zk_authz_migration) tool without the '–enable.path.check' option, the script not only updates the ACLs for the existing znodes, but also creates any non-existing ones (with the ACL options specified) using null values based on the list defined in [ZkData.SecureRootPaths.](https://github.com/apache/kafka/blob/3.9/core/src/main/scala/kafka/zk/ZkData.scala#L1089-L1102) This is especially problematic for the /migration znode as the current logic only checks for the existence of the znode and later the migration process will hang when it tries to parse the null value over and over again. In summary, the migration cannot be completed if the zookeeper-security-migration script was run previously, and the only workaround is to manually remove the /migration znode in such cases. I propose a simple fix to circumvent the manual step by recreating the /migration znode if it contains a null value. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org