Current state: Under Discussion
Discussion thread: Thread
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Currently the DescribeACLs and DescribeClientQuotas APIs only allow to retrieve ACLs/quotas for a single user at a time. Tooling managing users often have to update several users at a time, this requires making multiple calls to the Admin API which result in multiple requests to the cluster. Being able to retrieve data from multiple users at a time would simplify client code and reduce the amount of requests necessary to make ACL and quota changes.
Update DescribeACLs Request/Response
With version 4, we are adding the Filters field to DescribeAclsRequest.
With version 4, we are adding the FilterResults field to DescribeAclsResponse. We also have to rename the type of the existing Resources and Acls fields to avoid them conflicting with the new fields.
Update DescribeClientQuotas Request/Response
With version 2 we are adding the Filters field to DescribeClientQuotasRequest. We also have to rename the type of the existing Components fields to avoid them conflicting with the new fields.
With version 2 we are adding the Filters field to DescribeClientQuotasResponse. We also have to rename the type of the existing Entries, Entities and Values fields to avoid them conflicting with the new fields.
New Admin APIs
Four new methods will be added to the Admin interface:
Deprecate the existing describeACLs and describeClientQuotas methods
Users should now use the new methods.
Update DescribeClientQuotasResult and DescribeACLsResult
For DescribeClientQuotasResult: deprecate the existing constructor and values() method. Unfortunately we can't have another values() method so the new method is called allValues(). Also add the all() method.
For DescribeClientQuotasResult: Deprecate the existing constructor and add a new non public constructor. Deprecate the entities method and add 2 methods: values() and all().
This KIP consists in:
1) Extending the wire protocol: It introduces new version for the DescribeACLs and DescribeClientQuotas APIs. In both cases the change is to allow passing a collection of entities instead of a single one. The older entity fields will only be accepted in requests/responses for older versions.
2) Extending the Admin API: It introduces four new methods to the Admin interface. These methods accept a collection of filters to retrieve ACLs and quotas for multiple entities in a single call. They follow the same pattern as existing calls that already accepts multiple entities such as deleteACLs(). Existing methods for single entities will be deprecated. When using the new methods, if the brokers don't support the new protocol, the Admin client will use the older API and send multiple requests if necessary.
3) Updating the Result types for describeACLs and describeClientQuotas: For consistency, it makes sense to keep the existing types. Existing methods will be deprecated and new methods will be added to handle collections of entities.
Compatibility, Deprecation, and Migration Plan
This is adding new APIs. The older describeACLs and describeClientQuotas calls will be kept but deprecated. When using brokers that don't support the new APIs, the Admin client will be able to downconvert requests and send multiple older requests to satisfy calls with several entities.
We will add unit and integration tests to cover the internal changes and new APIs.