cmccabe commented on a change in pull request #11649: URL: https://github.com/apache/kafka/pull/11649#discussion_r801150649
########## File path: core/src/main/scala/kafka/server/ControllerServer.scala ########## @@ -173,8 +174,12 @@ class ControllerServer( setMetrics(new QuorumControllerMetrics(KafkaYammerMetrics.defaultRegistry())). setCreateTopicPolicy(createTopicPolicy.asJava). setAlterConfigPolicy(alterConfigPolicy.asJava). - setConfigurationValidator(new ControllerConfigurationValidator()). - build() + setConfigurationValidator(new ControllerConfigurationValidator()) + authorizer match { Review comment: It's not that simple because you could have an authorizer which is not a ClusterMetadataAuthorizer, and therefore should not be passed to the Controller. For example, AclAuthorizer is not a ClusterMetadataAuthorizer. The Controller never authorizes things (since that's a blocking operation) but it does create and remove acls based on records, which is why it needs the object. I wish we had two separate public APIs instead of one: one to change ACLs and one to actually authorize based on the current ACLs. But it's probably not worth refactoring it to be like that now. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org