Add super.users
to controller relevant options
#10309
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Description
Some Admin API queries such as
describeMetadataQuorum
seem to be executed and authorized on the controller nodes even when the Admin API is connected to a broker. But currently, we do not roll controller nodes when thesuper.users
field changes. That means that even through a user is configured as super user, it still gets ACL denied because the controller is not aware of this.This Pr adds the
super.users
option to the controller-relevant configuration options to make sure the contoller nodes are roled when it changes. That should help us to avoid such confusing issues as described above when super users is denied something by ACLs.Checklist