Configure OAuth principal.builder.class also for controllers #9682
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of change
Description
Currently when we are using OAuth authentication with Keycloak authorization, it works fine for ZK mode and KRaft mode with Kafka nodes that have mixed roles (cotroller and broker). But in case that we switch to KRaft mode with separate roles set for the nodes (so separate NodePool for controllers and for brokers), the controller Pods are not starting because of this exception:
That's happening because we are not setting the
principal.builder.class
for controller nodes.This PR moves the
configureOAuthPrincipalBuilderIfNeeded
method outside of theif
block that contains operations for non-controllers nodes.Checklist