Hi Luke, 1. I'm going to assume that migration from ZK to KRaft will sync the info from ZK into the metadata log. There will be no need to bootstrap SCRAM for KRaft in the migration case. I will need to test this.
2. Done! I've also added a comment to each case so people understand the change. Thanks --Proven On Wed, Feb 22, 2023 at 5:46 AM Luke Chen <show...@gmail.com> wrote: > Hi Proven, > > Thanks for the KIP. > > Some questions: > 1. During ZK migrating to KRaft, should we format the KRaft controller with > the SCRAM info, or it'll sync from ZK? > 2. In the KIP, you provided a link to a doc from Confluent (i.e. this > line: See > Configuring SCRAM > < > https://docs.confluent.io/platform/current/kafka/authentication_sasl/authentication_sasl_scram.html#configuring-scram > > > for details), could you change it into official Kafka doc link? That is > this one: https://kafka.apache.org/documentation/#security_sasl_scram > > Thank you. > Luke > > > On Wed, Feb 22, 2023 at 6:17 AM José Armando García Sancio > <jsan...@confluent.io.invalid> wrote: > > > Hi Proven, > > > > On Tue, Feb 21, 2023 at 1:37 PM Proven Provenzano > > <pprovenz...@confluent.io.invalid> wrote: > > > > > > Hi Jose, > > > > > > 1. The SCRAM in SCRAM-SHA-256 is required as the mechanism name is > > > SCRAM-SHA-256. > > > I do realize there is a bit of redundancy here. > > > > > > 2. I'll add documentation for all the possible values. They are > > > SCRAM-SHA-256 and SCRAM-SHA-512. > > > > > > 3. I'd like to keep it with a capital letter as it is a specific type > of > > > message we want to insert. I do agree that -A > > > is not the correct choice so I'll suggest -S for SCRAM and that > > leaves > > > -A for --add-acl and -a for a generic > > > --add-config in the future. > > > > > > > It makes sense to me. Thanks for the changes. > > > > -- > > -José > > >
