This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • KIP-201: Rationalising Policy interfaces
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Status

Current state: Under Discussion

Discussion thread: here [Change the link from the KIP proposal email archive to your own email thread]

JIRA: https://issues.apache.org/jira/browse/KAFKA-5693

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

Kafka already has user configurable policies which can be used by a cluster administrator to limit how the cluster can be modified by non-administrator users using the AdminClient API:

  • TopicCreationPolicy can prevent a topic being created based on topic creation parameters (name, number of partitions & replication factor or replica assignments, topic configs)
  • AlterConfigPolicy can prevent a change to topic config (or, in theory, broker config, but it's current not possible to change broker configs via the AdminClient API)

As new APIs are added to the AdminClient we need to apply policies to them, but the existing policy interfaces make it difficult to do in a consistent way.

Example 1

Changing the number of partitions in a topic (KIP-195) is one kind of topic modification. Consider:

  • It shouldn't be possible to create a topic, but then modify it so that it no longer conforms to the TopicCreationPolicy.
  • An administrator who wants to prevent increasing the number of partitions entirely for topics with keys, because of the effect on partitioning.

So there needs to be a policy for modifying a topic in this way. But it is confusing and error-prone if there are different policy classes for creation and modification. So there should be a single policy interface which is applied to both topic creation and modification. We could apply the TopicCreationPolicy to modifications, but this would obscure whether a particular invocation of the policy was for a topic creation or modification (the second bullet). So we conclude we need a different policy than TopicCreationPolicy.

Example 2

Reassigning replicas is another kind of topic modification (KIP-179). By similar reasoning to example 1 it, too, should be covered by the same policy.

 

How does this KIP relate to KIP-170?

Rationalise the AlterConfigPolicy (in particular topic config changes and topic modifications)

Public Interfaces

Briefly list any new interfaces that will be introduced as part of this proposal or any existing interfaces that will be removed or changed. The purpose of this section is to concisely call out the public contract that will come along with this feature.

A public interface is any change to the following:

  • Binary log format

  • The network protocol and api behavior

  • Any class in the public packages under clientsConfiguration, especially client configuration

    • org/apache/kafka/common/serialization

    • org/apache/kafka/common

    • org/apache/kafka/common/errors

    • org/apache/kafka/clients/producer

    • org/apache/kafka/clients/consumer (eventually, once stable)

  • Monitoring

  • Command line tools and arguments

  • Anything else that will likely break existing users in some way when they upgrade

Proposed Changes

 

/**
 * A policy that is enforced on actions affecting topics.
 */
interface TopicActionPolicy {
    /** Enumerates possible actions on topics. */
    static enum Action {
        /** The creation of a topic. */
        CREATE,
        /** The modification of a topic. */
        MODIFY,
        /** The deletion of a topic. */
        DELETE
    }
    /**
     * Represents the state of a topic either before, or as a result of, an administrative request affecting the topic.
     */
    static interface TopicState {
        /**
         * The number of partitions of the topic.
         */
        public abstract int numPartitions();
        /**
         * The replication factor of the topic.
         */
        public abstract Short replicationFactor();
        /**
         * The replica assignments of the topic.
         */
        public abstract Map<Integer, List<Integer>> replicasAssignments()
        /**
         * The topic config.
         */
        public abstract Map<String,String> configs();
    }
    /**
     * Parameters for a request to perform an {@linkplain #action} on a {@linkplain #topic}
     * @see #validate(RequestMetadata)
     */
    static interface RequestMetadata {
    /**
     * The {@linkplain Action action} being performed on the topic.
     */
    public abstract Action action();
    /**
     * The topic the {@linkplain #action() action} is being performed upon.
     */
    public abstract String topic();
    /**
     * The authenticated principal making the request, or null if the session is not authenticated.
     */
    Principal principal();
    /**
     * The state the topic has before the request.
     * <ul>
     * <li>For {@link Action#CREATE} this will be null.</li>
     * <li>For {@link Action#MODIFY} this will be the state the topic currently has (before the modification).</li>
     * <li>For {@link Action#DELETE} this will be the state of the topic which is going to be deleted.</li>
     * </ul>
     */
    public abstract TopicState preRequestState();
    /**
     * The state the topic will have after the request.
     * <ul>
     * <li>For {@link Action#CREATE} this will be the requested state of the topic to be created.</li>
     * <li>For {@link Action#MODIFY} this will be the state the topic will have after the modification.</li>
     * <li>For {@link Action#DELETE} this will be null.</li>
     * </ul>
     */
    public abstract TopicState postRequestState();
    public abstract String toString();
}
    /**
     * Validate the request parameters and throw a <code>PolicyViolationException</code> with a suitable error
     * message if the request parameters for the provided topic do not satisfy this policy.
     *
     * Clients will receive the POLICY_VIOLATION error code along with the exception's message. Note that validation
     * failure only affects the relevant topic, other topics in the request will still be processed.
     *
     * @param requestMetadata the request parameters for the provided topic.
     * @throws PolicyViolationException if the request parameters do not satisfy this policy.
     */
    void validate(RequestMetadata requestMetadata) throws PolicyViolationException;
}

 

Compatibility, Deprecation, and Migration Plan

  • What impact (if any) will there be on existing users?
  • If we are changing behavior how will we phase out the older behavior?
  • If we need special migration tools, describe them here.
  • When will we remove the existing behavior?

Rejected Alternatives

If there are alternative ways of accomplishing the same thing, what were they? The purpose of this section is to motivate why the design is the way it is and not some other way.

  • No labels