David Arthur created KAFKA-19347:
------------------------------------
Summary: AclControlManager unsafe state update
Key: KAFKA-19347
URL: https://issues.apache.org/jira/browse/KAFKA-19347
Project: Kafka
Issue Type: Bug
Components: controller
Reporter: David Arthur
Assignee: David Arthur
In AclControlManager#createAcls, we are updating the timeline data structures
prior to the record being replayed. This could potentially allow uncommitted
state to be exposed to callers. In general, this kind of update could lead to
data consistency problems, but for ACLs in particular there is actually no
problem.
On the write side of things, createAcls was making the same update as the
replay method and this action is idempotent. This means the end result will be
the same.
On the read side, the concern is that uncommitted state is acted on and the
controller crashes. For ACLs, this actually doesn't present a problem because
we only apply ACLs from AclsDelta which is populated by MetadataLoader. Since
MetadataLoader only replays committed records, there is no potential for
exposing uncommitted data.
Regardless, we should fix this unsafe update in the controller.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
