KAFKA-19824: New AllowlistConnectorClientConfigOverridePolicy (KIP-1188) #20750
+244
−5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Author
|
cc @C0urante @AndrewJSchofield @showuon as you voted on the KIP. Thanks |
C0urante
reviewed
Oct 26, 2025
Contributor
C0urante
left a comment
C0urante
left a comment
There was a problem hiding this comment.
Thanks Mickael, only comment is about making the upgrade path clearer for users currently on the principal policy. Everything else looks good to me
.../org/apache/kafka/connect/connector/policy/PrincipalConnectorClientConfigOverridePolicy.java
Show resolved
Hide resolved
AndrewJSchofield
approved these changes
Oct 27, 2025
Member
AndrewJSchofield
left a comment
AndrewJSchofield
left a comment
There was a problem hiding this comment.
Thanks for the PR. A couple of nits only. Looks good to me.
| public static final String CONNECTOR_CLIENT_POLICY_CLASS_CONFIG = "connector.client.config.override.policy"; | ||
| public static final String CONNECTOR_CLIENT_POLICY_CLASS_DOC = | ||
| "Class name or alias of implementation of <code>ConnectorClientConfigOverridePolicy</code>. Defines what client configurations can be " | ||
| + "overridden by the connector. The default implementation is <code>All</code>, meaning connector configurations can override all client properties. " |
Member
There was a problem hiding this comment.
nit: "The default policy" reads a little better than "The default implementation" given that the others are described as policies.
Member
Author
There was a problem hiding this comment.
I agree, updated. Thanks
| ConfigInfos result = herder.validateConnectorConfig(config, s -> null, false); | ||
| assertEquals(ConnectorType.SOURCE, herder.connectorType(config)); | ||
|
|
||
| // We expect there to be errors due to sasl.jaas.config not being allowed Note that these assertions depend heavily on |
Member
There was a problem hiding this comment.
nit: Missing "." before "Note"
chia7712
reviewed
Oct 30, 2025
| * @deprecated Use {@link AllowlistConnectorClientConfigOverridePolicy} instead. | ||
| */ | ||
| @Deprecated(since = " 4.2", forRemoval = true) | ||
| public class PrincipalConnectorClientConfigOverridePolicy extends AbstractConnectorClientConfigOverridePolicy { |
Member
There was a problem hiding this comment.
> Task :connect:runtime:compileTestJava
/home/chia7712/project/kafka/connect/runtime/src/test/java/org/apache/kafka/connect/connector/policy/PrincipalConnectorClientConfigOverridePolicyTest.java:30: warning: [removal] PrincipalConnectorClientConfigOverridePolicy in org.apache.kafka.connect.connector.policy has been deprecated and marked for removal
ConnectorClientConfigOverridePolicy principalConnectorClientConfigOverridePolicy = new PrincipalConnectorClientConfigOverridePolicy();
^
Note: /home/chia7712/project/kafka/connect/runtime/src/test/java/org/apache/kafka/connect/runtime/WorkerSinkTaskTest.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
1 warning
@mimaison Do you have time to open a minor PR to fix the warning?
chia7712
reviewed
Nov 9, 2025
| private static final String ALLOWLIST_CONFIG_DOC = "List of client configurations that can be overridden by " + | ||
| "connectors. If empty, connectors can't override any client configurations."; | ||
| private static final ConfigDef CONFIG_DEF = new ConfigDef() | ||
| .define(ALLOWLIST_CONFIG, ConfigDef.Type.LIST, ALLOWLIST_CONFIG_DEFAULT, ConfigDef.Importance.MEDIUM, ALLOWLIST_CONFIG_DOC); |
Member
There was a problem hiding this comment.
Should we check the duplicate items for this new configuration?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements KIP-1188