5) Ok, gotcha. So will the StandardAuthorizer be replaying records directly, or will it get an *Image like other metadata consumers on the broker?
6) I was thinking since the CreateAcl and DeleteAcl requests can modify multiple ACL in one request, that we should reflect that by committing the resulting records as an atomic batch. I think from an operators perspective, they would expect the ACLs sent in their request to be enacted together atomically. On Tue, Dec 14, 2021 at 4:20 PM Colin McCabe <cmcc...@apache.org> wrote: > On Tue, Dec 14, 2021, at 08:27, José Armando García Sancio wrote: > > Thanks for the additional information Colin. > > > ... > > > > It sounds to me like KIP-801 is assuming that this "bootstrapping KIP" > > will at least generate a snapshot with this information in all of the > > controllers. I would like to understand this a bit better. Do you > > think that we need to write this "bootstrapping KIP" as soon as > > possible? > > > > Hi José, > > I don't know about "as soon as possible." The authorizer is useful even > without the bootstrapping KIP, as I mentioned (just using super.users). But > I do think we'll need the bootstrapping KIP before KRaft goes GA. > > best, > Colin > -- -David
