mstruk
commented
1 year ago Thank you for reporting this issue. We'll look into it.
Open gengweifeng opened 1 year ago
mstruk
commented
1 year ago Thank you for reporting this issue. We'll look into it.
gengweifeng
commented
1 year ago best wishes !
emaciejm
commented
1 year ago hey, i would like to ask what's next on this issue?
mstruk
commented
1 year ago
The kafka cluster has two mode: zk-based, kraft. The KeycloakRBACAuthorizer class extends AclAuthorizer, but AclAuthorizer is a zk-based cluster implement, which store acl state info zk. When we use it in a zk-based cluster, there is nothing wrong. If we use it in a kraft cluster, there will be a NPE when the cluster starts up, because there has no zk. According kafka's official document and the source code, there seem to be a default implement class, which store acl state into cluster metadata log for kraft cluster, called StandardAuthorizer. A pr about it is in https://github.com/apache/kafka/pull/11649 is there any plain for supporting kraft cluster, because the kraft cluster is all ready for production since 3.3, zk-based cluster will be marked deprecation since 3.4, and there is a plain which removes zk-based cluster since 4.0 Thanks