[jira] [Updated] (KAFKA-19061) Add ACL changes to enable role based 2PC

Sat, 05 Apr 2025 10:28:03 -0700 


     [ 
https://issues.apache.org/jira/browse/KAFKA-19061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Ritika Reddy updated KAFKA-19061:
---------------------------------
    Description: 
*transaction.max.timeout.ms* guarantees that an ongoing transaction is aborted 
within a reasonable amount of time, but to avoid violation of the 2PC protocol 
we need to keep the transaction open, which could put pressure on the system.  
To mitigate this impact, we should restrict the ability to run 2PC protocol via 
a privilege, so that it’s easy to protect the cluster from a random rogue 
application.

A new value will be added to the {{enum AclOperation: TWO_PHASE_COMMIT ((byte) 
15}} .  When {{InitProducerId}} comes with enable2Pc=true, it would have to 
have both {{WRITE}} and {{TWO_PHASE_COMMIT}} operation enabled on the 
*transactional id* resource.

The {{kafka-acls.sh}} tool is going to support a new {{{}--operation 
TwoPhaseCommit{}}}.

 

  was:A new value will be added to the {{enum AclOperation: TWO_PHASE_COMMIT 
((byte) 15}} .  When {{InitProducerId}} comes with enable2Pc=true, it would 
have to have both {{WRITE}} and {{TWO_PHASE_COMMIT}} operation enabled on the 
*transactional id* resource.


> Add ACL changes to enable role based 2PC
> ----------------------------------------
>
>                 Key: KAFKA-19061
>                 URL: https://issues.apache.org/jira/browse/KAFKA-19061
>             Project: Kafka
>          Issue Type: Sub-task
>            Reporter: Ritika Reddy
>            Assignee: Ritika Reddy
>            Priority: Major
>
> *transaction.max.timeout.ms* guarantees that an ongoing transaction is 
> aborted within a reasonable amount of time, but to avoid violation of the 2PC 
> protocol we need to keep the transaction open, which could put pressure on 
> the system.  To mitigate this impact, we should restrict the ability to run 
> 2PC protocol via a privilege, so that it’s easy to protect the cluster from a 
> random rogue application.
> A new value will be added to the {{enum AclOperation: TWO_PHASE_COMMIT 
> ((byte) 15}} .  When {{InitProducerId}} comes with enable2Pc=true, it would 
> have to have both {{WRITE}} and {{TWO_PHASE_COMMIT}} operation enabled on the 
> *transactional id* resource.
> The {{kafka-acls.sh}} tool is going to support a new {{{}--operation 
> TwoPhaseCommit{}}}.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to