[GitHub] [kafka] abbccdda opened a new pull request #9103: KAFKA-10181: Use Envelope RPC to do redirection for (Incremental)AlterConfig, AlterClientQuota and CreateTopics

Tue, 20 Oct 2020 19:04:31 -0700 


abbccdda opened a new pull request #9103:
URL: https://github.com/apache/kafka/pull/9103


   This PR adds support for redirections of the following RPCs:
     1. AlterConfigs
     2. IncrementalAlterConfigs
     3. AlterClientQuotas
     4. CreateTopics
   
   The specific changes include:
   
   1. Use the flag `RequestContext.fromPrivilegedListener` to indicate whether 
a request is **possibly** coming from the inter broker communication, details 
in this [PR](https://github.com/apache/kafka/pull/9144). When a request is from 
a privileged listener, we would do a separate round of `CLUSTER_ACTION` 
authorization for a forwarding request.
   
   2. Add Envelope RPC for the request forwarding, and corresponding handling 
logic in KafkaApis
   
   3. Add forwarding support in the BrokerToControllerChannelManager
    
   4. Add a separate authorization of a forward request in the 
AuthorizableContext with a forwarding principal, and audit logging changes.
   
   5. Checks for the mentioned RPCs to do the redirection. Will do the 
forwarding when the request is not forwarded and the current broker is not the 
controller.
   
   6. Add broker IBP to guard against redirection. If IBP is low, any broker 
would still try to mutate ZK data with admin manager.
   
   7. Add support for principal serialization as an extendable interface called 
`KafkaPrincipalSerde`
   
   8. Built a template called `ForwardRequestHandler` to formulate the workflow 
of forward request handling 
   
   9. Add SSL truststore/keystore path augment/trim logic to trigger file 
reload upon ZK notification
   
   10. Add IBP constraint tests for redirected RPCs since version 2.8, and 
KIP-500 flag to disable redirection.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to