Closed simplesteph closed 7 years ago
I think allowing setting the group.id as an optional and low-priority configuration is reasonable. We can keep the current generated ID as a default.
makes sense :) I think we know what the change will look like now, so whenever you have a PR ready...
Currently, the
group.id
is created usingschema-registry-<hostname>-<first exposed port>
It seems that the code proceeds to
assign()
and never commits offsets, so here are the following questions:1) What is the use of
group.id
? 2) What if two schema registry share the samegroup.id
? 3) Should we allow users to setgroup.id
using an environment variable?The goal of this discussion is coming up with a good strategy to secure the schema registry.
Currently, it would have been done using:
bin/kafka-acls.sh --authorizer-properties zookeeper.connect=zoo1:2181 --add --allow-principal User:schema_registry --consumer --topic _schemas --group schema-registry-<hostname>-<first exposed port>
Which works if the hostname is fixed, but sometimes schema registry will move host instances, and therefore the
group.id
generated by the code will change too. And because the ACLs won't be set, the schema registry will fail on launch.