cmccabe commented on a change in pull request #11649:
URL: https://github.com/apache/kafka/pull/11649#discussion_r801150649
##########
File path: core/src/main/scala/kafka/server/ControllerServer.scala
##########
@@ -173,8 +174,12 @@ class ControllerServer(
setMetrics(new
QuorumControllerMetrics(KafkaYammerMetrics.defaultRegistry())).
setCreateTopicPolicy(createTopicPolicy.asJava).
setAlterConfigPolicy(alterConfigPolicy.asJava).
- setConfigurationValidator(new ControllerConfigurationValidator()).
- build()
+ setConfigurationValidator(new ControllerConfigurationValidator())
+ authorizer match {
Review comment:
It's not that simple because you could have an authorizer which is not a
ClusterMetadataAuthorizer, and therefore should not be passed to the
Controller. For example, AclAuthorizer is not a ClusterMetadataAuthorizer.
The Controller never authorizes things (since that's a blocking operation)
but it does create and remove acls based on records, which is why it needs the
object. I wish we had two separate public APIs instead of one: one to change
ACLs and one to actually authorize based on the current ACLs. But it's probably
not worth refactoring it to be like that now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
