KAFKA-14783 (KIP-875): New STOPPED state for connectors

[C0urante]

Jira, relevant KIP section

Adds the new STOPPED target state for connectors, which causes all tasks for the connector to be shut down and for its status in the REST API to be updated to STOPPED.

Committer Checklist (excluded from commit message)

• Verify design and implementation
• Verify test coverage and CI build status
• Verify documentation (including upgrade notes)

[C0urante]

cc @yashmayya; feel free to review and/or build off of this for KAFKA-14786, KAFKA-14368, and KAFKA-14784.

[C0urante]

@mimaison do you think you'll have time to take a look? Hoping to get this in before the 3.5.0 release but we can punt if there's not enough bandwidth for review.

[mimaison]

Yeah let's try to get this into 3.5. I took a quick look and left a few minor comments.

[mimaison]

connector

[mimaison]

As newState is either PAUSED or STOPPED, would state == newState be enough here?

[C0urante]

Yep, good call 👍

[mimaison]

Should we create a ticket for this TODO?

[C0urante]

I'm worried that if we create a ticket, somebody might jump on that and make the change now, even though it's not really necessary yet. If it's too bothersome as a TODO I could just remove it altogether?

[mimaison]

Usually I prefer TODO tags to be associated with a task. What's the drawback if someone was to make this change now?

[yashmayya]

Currently, the KafkaConfigBackingStore uses a transactional producer only when exactly once support is enabled on the worker. Maybe Chris' concern was that currently we'll only be able to do the tasks config + target state write atomically when exactly once support is enabled on the worker? 🤔

Although that is already the case today for other operations that require multiple writes to the config topic like putTaskConfigs and removeConnectorConfig, so I'm not sure whether or not that was his concern.

[C0urante]

I guess this wasn't really a TODO so much as a MAYBE-DO. I've removed it since on second thought it's a DON'T-DO-FOR-NOW as there is little if any benefit from that change, except possibly blocking the herder thread for less time if we're having trouble writing to the config topic.

There's also the transactional producer logic that Yash mentioned, but since it's not guaranteed that we'll have access to one (if exactly-once source support is disabled), that's not worth considering right now.

[mimaison]

during connector start -> during connector stop

[yashmayya]

Thanks Chris! I haven't had a chance to go through all the tests yet, but I hope to do so in a subsequent review.

[yashmayya]

I'm a little confused as to why we have a GET /connectors/{connector}/tasks as well as a GET /connectors/{connector}/tasks-config API? Looks like the only difference between them is that the former returns "raw" task configurations (i.e. before externalized secrets are replaced using config transformers) - in which case the names of the two APIs don't really help to distinguish between them much (same with the Herder methods - Herder::taskConfigs and Herder::tasksConfig).

[C0urante]

Good question... I know the tasks-config endpoint was introduced in KIP-661, but now that you mention it, it does seem a little redundant given the /tasks endpoint's content.

Maybe @mimaison could shed some light here?

[mimaison]

I thought there was a difference but checking now they seem pretty similar. I also wonder if GET /connectors/{connector}/tasks-config should avoid returning the raw configs to avoid leaking values returned by providers.

[yashmayya]

I also wonder if GET /connectors/{connector}/tasks-config should avoid returning the raw configs to avoid leaking values returned by providers.

Yeah that's a good point as well - it's possible that with certain config providers, Connect operators won't be able to access the raw secrets directly but will have access to the worker's REST API (and the worker obviously will have access to the secrets from the provider) right?

Also, if we choose to make that change (I assume it'll require a KIP because it's changing the response of a public REST API), the two APIs would essentially become identical. Would it be possible to deprecate / remove one of the APIs?

[C0urante]

Thanks all for the reviews! I believe I've addressed every comment with either a code change or a response. This should be ready for another pass.

[yashmayya]

Thanks Chris, I just had a couple more minor comments, but none blocking. LGTM!

[yashmayya]

This calls TaskStatus.Listener::onDeletion after the tasks are stopped by the worker which updates their status to DESTROYED whereas this doesn't seem to happen in the DistributedHerder implementation for stopConnector so the task statuses will be UNASSIGNED post shutdown. I guess this shouldn't really matter anyway because we're publishing an empty set of task configs?

[C0urante]

I guess this shouldn't really matter anyway because we're publishing an empty set of task configs?

Exactly--and thanks to the logic introduced in the fix for KAFKA-9472, once the rebalance caused by the empty set of task configs has completed, the DistributedHerder class will automatically wipe the deleted tasks from the status store.

[gharris1727]

LGTM!

[C0urante]

@mimaison thanks for the reviews. Do you think you'll have time to take another look at this before the April 12th feature freeze?

[mimaison]

LGTM

[C0urante]

Thanks Mickael!