hi Mickael > No, my plan is to not change the Authorizer APIs. The aclCount() method stays. I'll update StandardAuthorizer to use the KIP-877 APIs to register the metrics listed in the KIP.
thanks again. I will file another jira to be follow-up to deprecate aclCount() Best, Chia-Ping Mickael Maison <mickael.mai...@gmail.com> 於 2025年2月15日 週六 上午1:32寫道: > Hi, > > No, my plan is to not change the Authorizer APIs. The aclCount() method > stays. > I'll update StandardAuthorizer to use the KIP-877 APIs to register the > metrics listed in the KIP. > > Thanks, > Mickael > > On Fri, Feb 14, 2025 at 6:21 PM Chia-Ping Tsai <chia7...@gmail.com> wrote: > > > > hi Mickael > > > > thanks for all sharing. it is great to know that all are in progress. > > > > > Broker-side support is next on my todo list and that will include these > > metrics. > > > > KIP-877 appears to intend to allow authorizer implementations to write > > their own metrics. If this is the case, does KIP-877 plan to deprecate > the ` > > Authorizer#aclCount` method, which is expected used to expose ACL count > > metrics? > > > > Best, > > Chia-Ping > > > > Mickael Maison <mickael.mai...@gmail.com> 於 2025年2月15日 週六 上午1:07寫道: > > > > > Hi Chia-Ping, > > > > > > The plan is to introduce these metrics as part of KIP-877 which > > > supersedes KIP-608: > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-877:+Mechanism+for+plugins+and+connectors+to+register+metrics#KIP877:Mechanismforpluginsandconnectorstoregistermetrics-KIP-608 > > > > > > So far we added: > > > - the initial APIs and client-side support in > > > > > > > https://github.com/apache/kafka/commit/71314739f9b51fa5b443258d68019f58583704eb > > > - Connect support in > > > > > > > https://github.com/apache/kafka/commit/c13324fc166fb44bc1ec428f25049dd7eec52364 > > > > > > Broker-side support is next on my todo list and that will include these > > > metrics. > > > > > > Thanks, > > > Mickael > > > > > > On Fri, Feb 14, 2025 at 5:41 PM Chia-Ping Tsai <chia7...@gmail.com> > wrote: > > > > > > > > hi all, > > > > > > > > I'm revisiting authorizer metrics, which are currently absent from > the > > > > codebase. While KIP-608 and KIP-801 both propose adding authorizer > > > metrics, > > > > neither of them has implemented the actual metrics. Since authorizer > > > > metrics are valuable for Kafka maintainers, I intend to implement > them > > > > based on these accepted KIPs. > > > > > > > > However, I've identified some conflicts between the two KIPs > regarding > > > > metric exposure: > > > > > > > > Q0: Who should expose the metrics? > > > > > > > > - > > > > > > > > KIP-608 suggests that the authorizer itself should expose its > metrics > > > by > > > > receiving a server metrics object. > > > > - > > > > > > > > In contrast, KIP-801 proposes that the broker/controller should > expose > > > > authorizer metrics by calling methods within the authorizer. > > > > - > > > > > > > > To align with both KIPs, I propose passing the server metrics > object > > > to > > > > the authorizer, allowing it to define its own "custom" metrics. > > > > Additionally, the broker/controller should be responsible for > exposing > > > > "general" authorizer metrics. > > > > > > > > Q1: What is the suitable metrics name? > > > > > > > > - > > > > > > > > KIP-608 proposes > kafka.server:type=kafka.security.authorizer.metrics, > > > > while KIP-801 suggests kafka.server:type=Authorizer > > > > - > > > > > > > > I prefer the shorter naming convention. Therefore, I plan to use > the > > > > following metrics names: > > > > - > > > > > > > > kafka.server:type=Authorizer,name=acls-total-count > > > > - > > > > > > > > > > > > kafka.server:type=Authorizer,name=authorization-request-rate-per-minute > > > > > > > > - > > > > > > > > > > > > kafka.server:type=Authorizer,name=authorization-allowed-rate-per-minute > > > > > > > > - > > > > > > > > > > > kafka.server:type=Authorizer,name=authorization-denied-rate-per-minute > > > > > > > > > > > > In short, I plan to implement authorizer metrics. This proposal > addresses > > > > the conflicts between KIP-608 and KIP-801 regarding metric exposure. > The > > > > feedback is welcomed! > > > > > > > > references: > > > > > > > > KIP-608 https://cwiki.apache.org/confluence/x/zBQRCQ > > > > > > > > KIP-801 https://cwiki.apache.org/confluence/x/h5KqCw > > > > > > > > Best, > > > > > > > > Chia-Ping > > > >
