KAFKA-12590: Remove deprecated kafka.security.auth.Authorizer, SimpleAclAuthorizer and related classes in 3.0 #10450
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ijuma
changed the title
|
@rajinisivaram @omkreddy Thoughts on this? Do you know if third-party implementations have migrated to the new interface? |
|
looks like Apache Ranger is not migrated to the new interface. maybe we can remove and send a mail to the mailing list? |
|
@omkreddy Thanks. Maybe we can file a JIRA. Their code would probably be quite a bit simpler by not having to deal with the Scala conversions. |
|
Also, did Sentry migrate? |
|
Sentry project has retired. so no issues i think. |
|
I filed a JIRA for Apache Ranger: |
ijuma
changed the title
|
@omkreddy I updated the PR description to elaborate a bit more on the motivation. I agree we should go ahead with this PR. Can you review it, please? |
rondagostino
reviewed
Apr 2, 2021
docs/upgrade.html
Outdated
| @@ -27,6 +27,8 @@ <h5><a id="upgrade_300_notable" href="#upgrade_300_notable">Notable changes in 3 | |||
| or updating the application not to use internal classes.</li> | |||
| <li>The Streams API removed all deprecated APIs that were deprecated in version 2.5.0 or earlier. | |||
| For a complete list of removed APIs compare the detailed Kafka Streams upgrade notes.</li> | |||
| <li>The deprecated Scala <code>Authorizer</code><code>, <code>SimpleAclAuthorizer</code> and related classes have been removed. Please use the Java <code>Authorizer</code> | |||
There was a problem hiding this comment.
extra/unbalanced opening tag at end of <code>Authorizer</code><code>
rondagostino
reviewed
Apr 2, 2021
Comment on lines
96
to
97
| # Bounce again with ACLs for new mechanism. | ||
| self.set_authorizer_and_bounce(security_protocol, security_protocol, KafkaService.ACL_AUTHORIZER) |
There was a problem hiding this comment.
Can invoke self.set_authorizer_and_bounce(security_protocol, security_protocol) as is done elsewhere in this file and eliminate the ability to specify a different authorizer class name in the method, like this:
def set_authorizer_and_bounce(self, client_protocol, broker_protocol):
self.kafka.authorizer_class_name = KafkaService.ACL_AUTHORIZER
ijuma
added a commit
to ijuma/kafka
that referenced
this pull request
Apr 4, 2021
…e-allocations-lz4 * apache-github/trunk: (243 commits) KAFKA-12590: Remove deprecated kafka.security.auth.Authorizer, SimpleAclAuthorizer and related classes in 3.0 (apache#10450) KAFKA-3968: fsync the parent directory of a segment file when the file is created (apache#10405) KAFKA-12283: disable flaky testMultipleWorkersRejoining to stabilize build (apache#10408) MINOR: remove KTable.to from the docs (apache#10464) MONOR: Remove redudant LocalLogManager (apache#10325) MINOR: support ImplicitLinkedHashCollection#sort (apache#10456) KAFKA-12587 Remove KafkaPrincipal#fromString for 3.0 (apache#10447) KAFKA-12426: Missing logic to create partition.metadata files in RaftReplicaManager (apache#10282) MINOR: Improve reproducability of raft simulation tests (apache#10422) KAFKA-12474: Handle failure to write new session keys gracefully (apache#10396) KAFKA-12593: Fix Apache License headers (apache#10452) MINOR: Fix typo in MirrorMaker v2 documentation (apache#10433) KAFKA-12600: Remove deprecated config value `default` for client config `client.dns.lookup` (apache#10458) KAFKA-12952: Remove deprecated LogConfig.Compact (apache#10451) Initial commit (apache#10454) KAFKA-12575: Eliminate Log.isLogDirOffline boolean attribute (apache#10430) KAFKA-8405; Remove deprecated `kafka-preferred-replica-election` command (apache#10443) MINOR: Fix docs for end-to-end record latency metrics (apache#10449) MINOR Replaced File with Path in LogSegmentData. (apache#10424) KAFKA-12583: Upgrade netty to 4.1.62.Final ...
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These were deprecated in Apache Kafka 2.4 (released in December 2019) to be replaced
by
org.apache.kafka.server.authorizer.AuthorizerandAclAuthorizer.As part of KIP-500, we will implement a new
Authorizerimplementation that relieson a topic (potentially a KRaft topic) instead of
ZooKeeper, so we should take the chanceto remove related tech debt in 3.0.
Details on the issues affecting the old Authorizer interface can be found in the KIP:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface
Committer Checklist (excluded from commit message)