[
https://issues.apache.org/jira/browse/KAFKA-15219?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Viktor Somogyi-Vass updated KAFKA-15219:
----------------------------------------
Description:
Delegation tokens have been created in KIP-48 and improved in KIP-373. KRaft
enabled the way to supporting them in KIP-900 by adding SCRAM support but
delegation tokens still don't support KRaft.
There are multiple issues:
- TokenManager still would try to create tokens in Zookeeper. Instead of this
we should forward admin requests to the controller that would store them in the
metadata similarly to SCRAM. We probably won't need new protocols just
enveloping similarly to other existing controller requests.
- TokenManager should run on Controller nodes only (or in mixed mode).
- Integration tests will need to be adapted as well and parameterize them with
Zookeeper/KRaft.
- Documentation needs to be improved to factor in KRaft.
was:
Delegation tokens have been created in KIP-48 and improved in KIP-373. KRaft
enabled the way to supporting them in KIP-900 by adding SCRAM support but
delegation tokens still don't support KRaft.
There are multiple issues:
- TokenManager still would try to create tokens in Zookeeper. Instead of this
we should forward admin requests to the controller that would store them in the
metadata similarly to SCRAM.
- TokenManager should run on Controller nodes only (or in mixed mode).
- Integration tests will need to be adapted as well and parameterize them with
Zookeeper/KRaft.
- Documentation needs to be improved to factor in KRaft.
> Support delegation tokens in KRaft
> ----------------------------------
>
> Key: KAFKA-15219
> URL: https://issues.apache.org/jira/browse/KAFKA-15219
> Project: Kafka
> Issue Type: Improvement
> Affects Versions: 3.6.0
> Reporter: Viktor Somogyi-Vass
> Assignee: Viktor Somogyi-Vass
> Priority: Critical
>
> Delegation tokens have been created in KIP-48 and improved in KIP-373. KRaft
> enabled the way to supporting them in KIP-900 by adding SCRAM support but
> delegation tokens still don't support KRaft.
> There are multiple issues:
> - TokenManager still would try to create tokens in Zookeeper. Instead of this
> we should forward admin requests to the controller that would store them in
> the metadata similarly to SCRAM. We probably won't need new protocols just
> enveloping similarly to other existing controller requests.
> - TokenManager should run on Controller nodes only (or in mixed mode).
> - Integration tests will need to be adapted as well and parameterize them
> with Zookeeper/KRaft.
> - Documentation needs to be improved to factor in KRaft.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
