Add Kafka quota enforcer #53
Conversation
danielfritsch
force-pushed
the
feature/kafka_quota_enforcer
branch
from
7bb1b1b
to
8ffa4e5
Compare
| Time.SYSTEM, | ||
| "kafka.server", // default used in the client | ||
| "SessionExpireListener" // default used in the client | ||
| ); |
There was a problem hiding this comment.
A general comment, its a good practice to declare the variable as final as much as possible in many cases it doesn't have an obvious benefit, but in multi-threaded code, it can protect you from bugs
|
|
||
| @Override | ||
| protected Enforcer<ConfiguredQuota> initEnforcer() { | ||
| Map<String, Object> zookeeperConfig = zookeeperConfig(); |
There was a problem hiding this comment.
nit: rename this variable, it conflicts with the method name
| this.adminClient = adminClient; | ||
| } | ||
|
|
||
| enum Type { |
There was a problem hiding this comment.
can you add some docs here explaining what each of these mean?
danielfritsch
force-pushed
the
feature/kafka_quota_enforcer
branch
from
8ffa4e5
to
c1a7f20
Compare
danielfritsch
force-pushed
the
feature/kafka_quota_enforcer
branch
from
c1a7f20
to
9831504
Compare
| bazel build //kafka_quota_enforcer/src/main/java/com/tesla/data/quota/enforcer:Main_deploy.jar | ||
| ``` | ||
|
|
||
| ### Verify |
There was a problem hiding this comment.
Its not clear what to expect from these commands
kafka_quota_enforcer/README.md
Outdated
|
|
||
| * A quota applies to a cluster if that cluster is present under quota's `clusters` | ||
| attribute. If no changes to base config are desired, specify empty dict `{}` | ||
| * Any quota value can be overridden. Quota 'principal' or 'client' properties should not be overridden. |
There was a problem hiding this comment.
i would expect the enforcer to fail in that case (and thus the comment would read "If the 'principal' or 'client' properties are overridden, enforcing will fail")... but i assume this is not possible? In which case how about "'principal' or 'client' are not recommended to be overridden.
There was a problem hiding this comment.
yeah, don't think it's currently supported to restrict specific fields from being overridden. Will add in "not recommended"
kafka_quota_enforcer/README.md
Outdated
| * Map (dictionary) properties are merged in a way that preserves base settings | ||
|
|
||
|
|
||
| Note: `quotasFile` is supported for multi-cluster configuration too. |
There was a problem hiding this comment.
Note: quotasFile supports multi-cluster configuration as well.
kafka_quota_enforcer/README.md
Outdated
| You can read more about it here: https://kafka.apache.org/documentation/#design_quotas | ||
|
|
||
| To specify a default quota, simply use `<default>` as the value in the quota's `principal` or `client` config fields. | ||
| For example, to set a default quota for clients groups that have unique principals, here's a sample `quotasFile.yaml`: |
There was a problem hiding this comment.
For example, to set the default quota for each unique principal - regardless of the client - you could use:
| public void setup() { | ||
| quotaService = mock(QuotaService.class); | ||
| enforcer = new QuotaEnforcer(emptyList(), quotaService, true, true); | ||
| quotas = Arrays.asList( |
There was a problem hiding this comment.
why not just make static, final and set above?
| configuration file is expected | ||
| ``` | ||
|
|
||
| ## Configuration |
There was a problem hiding this comment.
There is no discussion of precedence of quotas for client/principal combinations, or at least a pointer to the kafka docs describing the hierarchy. Can lead to unexpected outcomes and/or confusion for users
There was a problem hiding this comment.
thanks, forgot about that
kafka_quota_enforcer/README.md
Outdated
| * cluster default | ||
| * default | ||
|
|
||
| # Setting 'default' quotas |
There was a problem hiding this comment.
How about calling a "low water mark"... really anything besides default :)
There was a problem hiding this comment.
changed to "entity-default" - it seems that referencing 'default' in the title is important as that's what users will be looking for in the docs, and "entity-default" would help to relate that back to the kafka-configs command usage
| Integer requestPercentage = quota.get(REQUEST_PERCENTAGE) != null ? | ||
| Integer.parseInt(quota.getProperty(REQUEST_PERCENTAGE)) : null; | ||
|
|
||
| switch (quotaType) { |
| this.adminClient = adminClient; | ||
| } | ||
|
|
||
| enum Type { |
There was a problem hiding this comment.
Doesn't EntityType more closely describe what 'type' means here?
| } | ||
|
|
||
| @Override | ||
| public boolean equals(Object o) { |
There was a problem hiding this comment.
minor style nit: generally equals/hashcode/toString are at the bottom of the class
There was a problem hiding this comment.
generally hashcode goes next to equals - they should be logically the same
danielfritsch
force-pushed
the
feature/kafka_quota_enforcer
branch
from
9831504
to
152fa0f
Compare
| } | ||
|
|
||
| @Override | ||
| public boolean equals(Object o) { |
There was a problem hiding this comment.
generally hashcode goes next to equals - they should be logically the same
|
|
||
| enum Type { | ||
| // quota applied solely on a per principal/user basis, ex: principal=user1 | ||
| USER, |
There was a problem hiding this comment.
Everything in ZK and Kafka says principal - it is strictly different than a 'user' https://stackoverflow.com/questions/4989063/what-is-the-meaning-and-difference-between-subject-user-and-principal
| Integer requestPercentage = quota.get(REQUEST_PERCENTAGE) != null ? | ||
| Integer.parseInt(quota.getProperty(REQUEST_PERCENTAGE)) : null; | ||
|
|
||
| switch (quotaType) { |
| case CLIENT: | ||
| return new ConfiguredQuota(null, quotaEntry.getKey(), producerByteRate, consumerByteRate, requestPercentage); | ||
| case COMBINATION: | ||
| // when both user + client are configured, the full name looks like {configuredUser}/clients/{configuredClient} |
There was a problem hiding this comment.
You can name the groups as well and then reference them by name, for instance "(<principal>.*)/clients/(<client>.*)" then you can do new ConfiguredQuota(matcher.group("principal"), matcher.group("client") which is very explicit
| public void testCreate() { | ||
| QuotaEnforcer enforcer = new QuotaEnforcer(emptyList(), quotaService, true, false); | ||
| enforcer.create(quotas); | ||
| verify(quotaService, times(1)).create(quotas); |
There was a problem hiding this comment.
nit: times(1) is the default with verify(), you can just drop the times parameter
… quotas to restrict monopolization of Kafka broker resources caused by bad acting clients.
danielfritsch
force-pushed
the
feature/kafka_quota_enforcer
branch
from
152fa0f
to
696bfb5
Compare
Enables programmatic configuration of Kafka quotas to restrict monopolization of Kafka broker resources caused by bad acting clients.
https://kafka.apache.org/documentation/#design_quotas