andymg3 opened a new pull request, #12160: URL: https://github.com/apache/kafka/pull/12160
### JIRA https://issues.apache.org/jira/browse/KAFKA-13889 ### Description - Fixes `AclsDelta` to handle `ACCESS_CONTROL_ENTRY_RECORD` quickly followed by `REMOVE_ACCESS_CONTROL_ENTRY_RECORD` for same ACL - As explained in the JIRA, in https://github.com/apache/kafka/blob/trunk/metadata/src/main/java/org/apache/kafka/image/AclsDelta.java#L64 we store the pending deletion in the `changes` Map. This could override a creation that might have just happened. This is an issue because in `BrokerMetadataPublisher` this results in us making a `removeAcl` call which finally results in https://github.com/apache/kafka/blob/trunk/metadata/src/main/java/org/apache/kafka/metadata/authorizer/StandardAuthorizerData.java#L203 being executed and this code throws an exception if the ACL isnt in the Map yet. If the `ACCESS_CONTROL_ENTRY_RECORD` event never got processed by `BrokerMetadataPublisher` then the ACL wont be in the Map yet. - So the fix here is to remove the entry from the `changes` Map if the ACL doesnt exist in the image yet. ### Testing - Added unit tests for new behavior ### Committer Checklist (excluded from commit message) - [ ] Verify design and implementation - [ ] Verify test coverage and CI build status - [ ] Verify documentation (including upgrade notes) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
