Re: [DISCUSS] KIP-1037: Allow WriteTxnMarkers API with Alter Cluster Permission
Hi Nikhil, I agree with Christo. This is a good improvement and I think your choice of Alter permission on the cluster is the best available. Thanks, Andrew > On 15 Apr 2024, at 12:33, Christo Lolov wrote: > > Heya Nikhil, > > Thank you for raising this KIP! > > Your proposal makes sense to me. In essence you are saying that the > permission required by WriteTxnMarkers should be the same as for CreateAcls > and DeleteAcls, which is reasonable. If we trust an administrator to assign > the correct permissions then we should also trust them to be able to abort > a hanging transaction. > > I would support this KIP if it is put to the vote unless there are other > suggestions for improvements! > > Best, > Christo > > On Thu, 11 Apr 2024 at 16:48, Nikhil Ramakrishnan < > ramakrishnan.nik...@gmail.com> wrote: > >> Hi everyone, >> >> I would like to start a discussion for >> >> KIP-1037: Allow WriteTxnMarkers API with Alter Cluster Permission >> >> https://cwiki.apache.org/confluence/display/KAFKA/KIP-1037%3A+Allow+WriteTxnMarkers+API+with+Alter+Cluster+Permission >> >> The WriteTxnMarkers API was originally used for inter-broker >> communication only. This required the ClusterAction permission on the >> Cluster resource to invoke. >> >> In KIP-664, we modified the WriteTxnMarkers API so that it could be >> invoked externally from the Kafka AdminClient to safely abort a >> hanging transaction. Such usage is more aligned with the Alter >> permission on the Cluster resource, which includes other >> administrative actions invoked from the Kafka AdminClient (i.e. >> CreateAcls and DeleteAcls). This KIP proposes allowing the >> WriteTxnMarkers API to be invoked with the Alter permission on the >> Cluster. >> >> I am looking forward to your thoughts and suggestions for improvement! >> >> Thanks, >> Nikhil >>
Re: [DISCUSS] KIP-1037: Allow WriteTxnMarkers API with Alter Cluster Permission
Heya Nikhil, Thank you for raising this KIP! Your proposal makes sense to me. In essence you are saying that the permission required by WriteTxnMarkers should be the same as for CreateAcls and DeleteAcls, which is reasonable. If we trust an administrator to assign the correct permissions then we should also trust them to be able to abort a hanging transaction. I would support this KIP if it is put to the vote unless there are other suggestions for improvements! Best, Christo On Thu, 11 Apr 2024 at 16:48, Nikhil Ramakrishnan < ramakrishnan.nik...@gmail.com> wrote: > Hi everyone, > > I would like to start a discussion for > > KIP-1037: Allow WriteTxnMarkers API with Alter Cluster Permission > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1037%3A+Allow+WriteTxnMarkers+API+with+Alter+Cluster+Permission > > The WriteTxnMarkers API was originally used for inter-broker > communication only. This required the ClusterAction permission on the > Cluster resource to invoke. > > In KIP-664, we modified the WriteTxnMarkers API so that it could be > invoked externally from the Kafka AdminClient to safely abort a > hanging transaction. Such usage is more aligned with the Alter > permission on the Cluster resource, which includes other > administrative actions invoked from the Kafka AdminClient (i.e. > CreateAcls and DeleteAcls). This KIP proposes allowing the > WriteTxnMarkers API to be invoked with the Alter permission on the > Cluster. > > I am looking forward to your thoughts and suggestions for improvement! > > Thanks, > Nikhil >
[DISCUSS] KIP-1037: Allow WriteTxnMarkers API with Alter Cluster Permission
Hi everyone, I would like to start a discussion for KIP-1037: Allow WriteTxnMarkers API with Alter Cluster Permission https://cwiki.apache.org/confluence/display/KAFKA/KIP-1037%3A+Allow+WriteTxnMarkers+API+with+Alter+Cluster+Permission The WriteTxnMarkers API was originally used for inter-broker communication only. This required the ClusterAction permission on the Cluster resource to invoke. In KIP-664, we modified the WriteTxnMarkers API so that it could be invoked externally from the Kafka AdminClient to safely abort a hanging transaction. Such usage is more aligned with the Alter permission on the Cluster resource, which includes other administrative actions invoked from the Kafka AdminClient (i.e. CreateAcls and DeleteAcls). This KIP proposes allowing the WriteTxnMarkers API to be invoked with the Alter permission on the Cluster. I am looking forward to your thoughts and suggestions for improvement! Thanks, Nikhil
