rondagostino commented on a change in pull request #11503: URL: https://github.com/apache/kafka/pull/11503#discussion_r764161713
########## File path: core/src/main/scala/kafka/server/KafkaConfig.scala ########## @@ -1959,10 +1961,18 @@ class KafkaConfig private(doLog: Boolean, val props: java.util.Map[_, _], dynami } } - def listenerSecurityProtocolMap: Map[ListenerName, SecurityProtocol] = { - getMap(KafkaConfig.ListenerSecurityProtocolMapProp, getString(KafkaConfig.ListenerSecurityProtocolMapProp)) + def effectiveListenerSecurityProtocolMap: Map[ListenerName, SecurityProtocol] = { + val mapValue = getMap(KafkaConfig.ListenerSecurityProtocolMapProp, getString(KafkaConfig.ListenerSecurityProtocolMapProp)) .map { case (listenerName, protocolName) => - ListenerName.normalised(listenerName) -> getSecurityProtocol(protocolName, KafkaConfig.ListenerSecurityProtocolMapProp) + ListenerName.normalised(listenerName) -> getSecurityProtocol(protocolName, KafkaConfig.ListenerSecurityProtocolMapProp) + } + if (usesSelfManagedQuorum && !originals.containsKey(ListenerSecurityProtocolMapProp)) { + // Nothing was specified explicitly, so we are using the default value; therefore, since we are using KRaft, + // add the PLAINTEXT mappings for all controller listener names that are not security protocols + mapValue ++ controllerListenerNames.filter(cln => cln.nonEmpty && !SecurityProtocol.values().exists(_.name.equals(cln))).map( Review comment: > I'm inclined to be stricter if other security protocols are in use. What do you think? Yeah, I agree that we should only map when SSL and SASL_{SSL,PLAINTEXT} are not in use. I've pushed a commit that implement this. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org