harmadasg commented on PR #20128:
URL: https://github.com/apache/kafka/pull/20128#issuecomment-3131096102
@viktorsomogyi thanks for the review,
The nodes are not created explicitly, basically the logic iterates over
[ZkData.SecureRootPaths](https://github.com/apache/kafka/blob/3.9/core/src/main/scala/kafka/zk/ZkData.scala#L1089-L1102)
and calls `setACL` on every znode in the list
([here](https://github.com/apache/kafka/blob/b7b2676f5345b1683db1599a2c0d04461619ecbf/core/src/main/scala/kafka/admin/ZkSecurityMigrator.scala#L185)
and
[here](https://github.com/apache/kafka/blob/b7b2676f5345b1683db1599a2c0d04461619ecbf/core/src/main/scala/kafka/admin/ZkSecurityMigrator.scala#L195)).
Also `setAcl` is part of the zookeeper java client so we don't have too much
flexibility.
Regarding creating the node with an empty array or skipping the znode
altogether, I think this solution can work (like in
[KAFKA-9267](https://issues.apache.org/jira/browse/KAFKA-9267) for the
controller znode) but this wouldn't fix the null znode issue for people who ran
[zookeeper-security-migration](https://kafka.apache.org/39/documentation.html#zk_authz_migration)
tool in the past (from 3.4.1 to 3.9.1) and have already a null `migration`
znode
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
