[GitHub] [kafka] hachikuji commented on a change in pull request #10206: KAFKA-12369; Implement `ListTransactions` API

[GitBox]

hachikuji commented on a change in pull request #10206:
URL: https://github.com/apache/kafka/pull/10206#discussion_r585654890



##########
File path: core/src/main/scala/kafka/server/KafkaApis.scala
##########
@@ -3303,6 +3304,28 @@ class KafkaApis(val requestChannel: RequestChannel,
       new 
DescribeTransactionsResponse(response.setThrottleTimeMs(requestThrottleMs)))
   }
 
+  def handleListTransactionsRequest(request: RequestChannel.Request): Unit = {
+    val listTransactionsRequest = request.body[ListTransactionsRequest]
+    val filteredProducerIds = 
listTransactionsRequest.data.producerIdFilter.asScala.map(Long.unbox).toSet
+    val filteredStates = 
listTransactionsRequest.data.statesFilter.asScala.toSet
+    val response = txnCoordinator.handleListTransactions(filteredProducerIds, 
filteredStates)
+
+    // The response should contain only transactionalIds that the principal
+    // has `Describe` permission to access.
+    if (response.transactionStates != null) {
+      val transactionStateIter = response.transactionStates.iterator()
+      while (transactionStateIter.hasNext) {

Review comment:
       We have not generally taken the view that cluster permission implies 
other permissions as far as I know. For example, cluster permission is not 
checked in the `Metadata` API to be able to list all topics. 
   
   We do have the following check in the `ListGroups` API, but the code notes 
that this was for compatibility.
   ```scala
       if (authHelper.authorize(request.context, DESCRIBE, CLUSTER, 
CLUSTER_NAME))
         // With describe cluster access all groups are returned. We keep this 
alternative for backward compatibility.
         requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
           createResponse(requestThrottleMs, groups, error))
       else {
         val filteredGroups = groups.filter(group => 
authHelper.authorize(request.context, DESCRIBE, GROUP, group.groupId))
         requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
           createResponse(requestThrottleMs, filteredGroups, error))
       }
   ```
   It's worth keeping in mind that the `ListTransactions` API should be 
seldom-used. I don't think we need to get too crazy with optimizations. We can 
always broaden the allowed ACLs in the future.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org