mirror of https://github.com/apache/kafka.git
06b8f09bf3
ACL updates currently get `(currentAcls, currentVersion)` for the resource from ZK and do a conditional update using `(currentAcls+newAcl, currentVersion)`. This supports concurrent atomic updates if the resource path already exists in ZK. If the path doesn't exist, we currently do a conditional createOrUpdate using `(newAcl, 0)`. So two brokers adding acls using `(newAcl1, 0)` and `(newAcl2, 0)` will result in one broker creating the path and setting newAcl1, while the other broker can potentially update the path with `(newAcl2, 0)`, losing newAcl1. The timing window is very small, but we have seen intermittent failures in `SimpleAclAuthorizerTest.testHighConcurrencyModificationOfResourceAcls` as a result of this window. |
||
|---|---|---|
| .. | ||
| src | ||
| .gitignore | ||