Thanks Ryanne for the detailed info, currently I mirror user and acl to target Kafka cluster manually and it works.
Let me check with dev list to see if there is any solution or plan for this, maybe I can check code there. Thanks again Ryanne and have a good day! -Calvin > 在 2021年6月18日,00:00,Ryanne Dolan <ryannedo...@gmail.com> 写道: > > Calvin, that's an interesting idea. The motivation behind the current > behavior is to only grant principals access to data they already have > access to. If a principal can access data in one cluster, there's no harm > in providing read access to the same data in another cluster. But you are > right that the resulting ACLs are far from completely synchronized. > > With topic renaming, there's a clear distinction between source topics and > replicated topics. With consumer groups we can be smart about which > direction to replicate by looking at which consumer groups are active and > inactive. But it's not immediately clear how we'd replicate other types of > ACLs without introducing races. We'd need a way to reconcile differences > between corresponding ACLs in different clusters. Do they get unioned > together? Does the latest change win? etc. > > I agree this would be a nice feature tho. You might want to bring it up on > the dev list. > > Ryanne > >> On Thu, Jun 17, 2021, 10:24 AM Calvin Chen <pingc...@hotmail.com> wrote: >> >> Hi all >> >> I have a question, does kafka mirror2.0 mirror kafka users(created by >> kafka-configs.sh dynamically) and kafka acls(topic/group)? >> >> I setup below fields in mirror config file, and I think kafka mirror2.0 >> should mirror users and acls(topic/group) into remote cluster, but I see >> only part of acl are mirrored, basically missing users and group info. >> >> >> topics=.* >> groups=.* >> sync.topic.acls.enabled = true >> >> I manually created kafka user and acl in remote kafka cluster and then >> mirror works on copying message, do I miss some configuration? I think >> kafka user and acls(topic/group) should be automatically mirrored... >> >> Thanks >> -Calvin >>
