Hi, Thanks Fede for the feedback!
I was going to keep PrincipalConnectorClientConfigOverridePolicy but after taking another look I think we can also deprecate it and mark it for deletion. Principal has been a source of security issues and it's not really serving its purpose of allowing sasl configurations as we did not update it to support the new configs we added. Thanks, Mickael On Thu, Oct 16, 2025 at 12:48 PM Federico Valeri <[email protected]> wrote: > > Hi Mickael, thanks for addressing my comments. With this new > configurable policy, does it still make sense to provide > PrincipalConnectorClientConfigOverridePolicy? > > On Thu, Oct 16, 2025 at 12:32 PM Mickael Maison > <[email protected]> wrote: > > > > Hi Federico, > > > > 1. I updated the KIP to explicitly mention Kafka 5.0 as the version > > which would adopt the new policy as default. > > 2. The default allowlist is empty. Users are expected to list all > > configurations they want to allow. > > 3. I'm leaning towards keeping it as an explicit list of literal > > configuration names without regex. If people value regex I'm happy to > > reconsider. > > > > Thanks, > > Mickael > > > > > > On Fri, Jul 25, 2025 at 5:35 PM Federico Valeri <[email protected]> > > wrote: > > > > > > Hi Mickael, thanks for this useful KIP. Few questions from me: > > > > > > 1. Can you please indicate the exact major version for making this the > > > default policy? I think you mean Kafka 5.0.0. > > > 2. What would be the default value of > > > connector.client.config.override.allowlist? I guess it won't be the > > > full list of client configurations, otherwise we could make this > > > change in a Kafka 4 release. > > > 3. Would connector.client.config.override.allowlist also support regex > > > expressions? That would be handy to avoid having a long list of client > > > configuration keys. > > > > > > On Wed, Jul 9, 2025 at 5:02 AM Luke Chen <[email protected]> wrote: > > > > > > > > Thanks for the KIP! > > > > +1 from me to make Kafka safer! > > > > > > > > Luke > > > > > > > > On Fri, Jun 20, 2025 at 8:47 PM Mickael Maison > > > > <[email protected]> > > > > wrote: > > > > > > > > > Link to the KIP: > > > > > > > > > > https://cwiki.apache.org/confluence/display/KAFKA/KIP-1188%3A+New+ConnectorClientConfigOverridePolicy+with+allowlist+of+configurations > > > > > > > > > > On Fri, Jun 20, 2025 at 2:22 PM Mickael Maison > > > > > <[email protected]> > > > > > wrote: > > > > > > > > > > > > Hi, > > > > > > > > > > > > I wrote a KIP introducing a new ConnectorClientConfigOverridePolicy > > > > > > implementation for Kafka Connect to enable users to selectively > > > > > > allow > > > > > > specific client configuration overrides. > > > > > > > > > > > > Let me know if you have any feedback. > > > > > > > > > > > > Thanks, > > > > > > Mickael > > > > >
