rondagostino commented on a change in pull request #11503: URL: https://github.com/apache/kafka/pull/11503#discussion_r760615477
########## File path: core/src/main/scala/kafka/server/KafkaConfig.scala ########## @@ -1960,9 +1962,16 @@ class KafkaConfig private(doLog: Boolean, val props: java.util.Map[_, _], dynami } def listenerSecurityProtocolMap: Map[ListenerName, SecurityProtocol] = { - getMap(KafkaConfig.ListenerSecurityProtocolMapProp, getString(KafkaConfig.ListenerSecurityProtocolMapProp)) + val mapValue = getMap(KafkaConfig.ListenerSecurityProtocolMapProp, getString(KafkaConfig.ListenerSecurityProtocolMapProp)) .map { case (listenerName, protocolName) => - ListenerName.normalised(listenerName) -> getSecurityProtocol(protocolName, KafkaConfig.ListenerSecurityProtocolMapProp) + ListenerName.normalised(listenerName) -> getSecurityProtocol(protocolName, KafkaConfig.ListenerSecurityProtocolMapProp) + } + if (usesSelfManagedQuorum && !originals.containsKey(ListenerSecurityProtocolMapProp)) { + // Nothing was specified explicitly, so we are using the default value; + // therefore, since we are using KRaft, add the CONTROLLER:PLAINTEXT mapping + mapValue ++ Map(new ListenerName("CONTROLLER") -> SecurityProtocol.PLAINTEXT) Review comment: > Why do we hard-code the "CONTROLLER" listener. Shouldn't we be using the values in controller.listener.names? Hmm, that's an interesting point. We had discussed offline about adding the `CONTROLLER:PLAINTEXT` default mapping in KRaft mode, but we never considered that maybe we should default all specified controller listeners to PLAINTEXT when there is no listener security protocol map explicitly provided. That does seem more reasonable at first glance. @cmccabe thoughts on this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org