Current state: Under Discussion
Discussion thread: here
When mirroring ACLs, MirrorMaker downgrades allow ALL ACLs to allow READ. The rationale to is prevent other clients to produce to remote topics, which is mentioned in KIP-382: MirrorMaker 2.0.
However in disaster recovery scenarios, where the target cluster is not used and just a "hot standby", it would be preferable to have exactly the same ACLs on both clusters to speed up failover. Therefore, in this scenario, we can add a configuration to
MirrorMakerConfig whether to support disaster recovery, where we need to synchronize the topic write&read ACL, group ACL, and absolute user scram credential of the source cluster topic to the target cluster, so that when the user directly switches the read and write service to the target cluster, it can be ran directly.
Add a configuration in
- config name: sync.full.acl.enabled
- config definition: Whether the MirrorMaker supports disaster recovery, the default is false.
Add a config parameter:
sync.full.acl.enabled, the default is false, it will leave the current sync behavior unchanged, if set true, it will synchronize the topic write&read ACL, group ACL, and absolute user scram credential of the source cluster replicated topics to the target cluster.
- topic write&read ACL: Filter all topic read&write Acl informations related to the topics replicated with the source cluster.
- user scram credential: Filter the user scram credential to be synchronized according to the topic acl information to be synchronized and create user in target cluster.
- group ACL: The group Acl information is obtained by filtering the user obtained above.
Compatibility, Deprecation, and Migration Plan
There is no impact on existing behavior, and the existing behavior is not deprecated. just sync more infos when enable
- add unit test for extra syncing.
- actual mirror maker service to verify acl syncing when
sync.full.acl.enabledis set to true or false.