fix(connect): correct KAFKA-17719 fix to prevent rebalance storm

[woshigaopp]

Summary

• Revert the problematic fix 83c949f515 which caused E2E test failures
• Apply the correct fix from fix/KAFKA-17719-full-tombstone-v2 branch

Problem

The original fix removed the return statement in publishConnectorTaskConfigs(), causing task configs to be rewritten on every rebalance even when unchanged. This triggers a rebalance storm under eager protocol:

Rebalance → reconfigureConnector() → write task config → onTaskConfigUpdate()
    → needsReconfigRebalance=true → new Rebalance → loop...

Observed: 83 rebalances in 10 minutes, connectors never stabilize.

Fix Approach

1. Revert the problematic change in DistributedHerder
2. Implement deferred processing in KafkaConfigBackingStore to handle compaction reorder
3. Write full tombstones on connector deletion to prevent orphaned task configs

Test Plan

• Unit tests added for compaction reorder scenarios
• E2E tests should pass with eager protocol

🤖 Generated with Claude Code

[Copilot]

Pull request overview

This PR addresses KAFKA-17719 by preventing task-config rewrites on every rebalance (which can trigger rebalance storms under the eager protocol) and instead handling task/commit vs connector-config ordering issues in the backing store. It also extends connector deletion to write full tombstones to avoid leaving orphaned task configs/commit records behind.

Changes:

• Revert the “always rewrite task configs” behavior in DistributedHerder.publishConnectorTaskConfigs() to avoid rebalance storms when configs are unchanged.
• Add deferred task-config application in KafkaConfigBackingStore when a task commit is observed before the connector config (compaction/retry reorder scenarios).
• Write connector deletion “full tombstones” (connector + target state + tasks + commit) and add tests covering reordering and deletion/tombstone scenarios.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
connect/runtime/src/main/java/org/apache/kafka/connect/runtime/distributed/DistributedHerder.java	Restores early-return when task configs are unchanged to prevent repeated rewrites/rebalance storms.
connect/runtime/src/main/java/org/apache/kafka/connect/storage/KafkaConfigBackingStore.java	Defers and later applies task configs when commits arrive before connector configs; writes full tombstones on deletion.
connect/runtime/src/test/java/org/apache/kafka/connect/storage/KafkaConfigBackingStoreTest.java	Adds unit tests for compaction/reorder cases and full-tombstone deletion behavior.
connect/runtime/src/test/java/org/apache/kafka/connect/runtime/distributed/DistributedHerderTest.java	Removes assertions that expected task configs to always be rewritten.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

publishConnectorTaskConfigs returns early when task configs are unchanged, but it does not invoke the provided callback. Since callers (e.g., reconfigureConnector) treat the callback as the completion signal, this can leave request/retry logic waiting indefinitely. Call cb.onCompletion(null, null) before returning in the unchanged-configs case.

Suggested change

	if (!taskConfigsChanged(configState, connName, rawTaskProps)) {
	if (!taskConfigsChanged(configState, connName, rawTaskProps)) {
	cb.onCompletion(null, null);

[Copilot]

applyDeferredTaskConfigs can apply deferred task configs and update connector state, but it never triggers updateListener.onTaskConfigUpdate for the tasks it applied. If a tasks commit is received before the connector config while the store is started, the earlier commit is deferred (no listener call), and this method later applies the configs without notifying the herder, so tasks may never be reconfigured. Consider collecting the applied task IDs here (or returning them) and invoking onTaskConfigUpdate after releasing the lock, similar to processTasksCommitRecord.

[Copilot]

removeConnectorConfig only writes task/commit tombstones when connectorTaskCounts contains an entry. If that entry is missing (e.g., connector deleted before task commit was processed, or state not fully loaded), orphaned commit/task records can still persist. At minimum, consider always writing a tombstone for COMMIT_TASKS_KEY(connector), and deriving task IDs from taskConfigs/deferredTaskUpdates even when taskCount is null.

Suggested change

	if (taskCount != null) {
	// Also collect task IDs from taskConfigs and deferredTaskUpdates to handle the case
	// where task count was reduced (old task keys with higher indices still exist)
	Set<Integer> allTaskIds = new HashSet<>();
	for (int i = 0; i < taskCount; i++) {
	allTaskIds.add(i);
	}
	for (ConnectorTaskId taskId : taskConfigs.keySet()) {
	if (taskId.connector().equals(connector)) {
	allTaskIds.add(taskId.task());
	}
	}
	Map<ConnectorTaskId, Map<String, String>> deferred = deferredTaskUpdates.get(connector);
	if (deferred != null) {
	for (ConnectorTaskId taskId : deferred.keySet()) {
	allTaskIds.add(taskId.task());
	}
	}
	for (int taskId : allTaskIds) {
	keyValues.add(new ProducerKeyValue(TASK_KEY(new ConnectorTaskId(connector, taskId)), null));
	}
	keyValues.add(new ProducerKeyValue(COMMIT_TASKS_KEY(connector), null));
	}
	// Collect task IDs from all available sources so cleanup still works even if
	// connectorTaskCounts does not currently contain an entry for this connector.
	Set<Integer> allTaskIds = new HashSet<>();
	if (taskCount != null) {
	for (int i = 0; i < taskCount; i++) {
	allTaskIds.add(i);
	}
	}
	for (ConnectorTaskId taskId : taskConfigs.keySet()) {
	if (taskId.connector().equals(connector)) {
	allTaskIds.add(taskId.task());
	}
	}
	Map<ConnectorTaskId, Map<String, String>> deferred = deferredTaskUpdates.get(connector);
	if (deferred != null) {
	for (ConnectorTaskId taskId : deferred.keySet()) {
	allTaskIds.add(taskId.task());
	}
	}
	for (int taskId : allTaskIds) {
	keyValues.add(new ProducerKeyValue(TASK_KEY(new ConnectorTaskId(connector, taskId)), null));
	}
	keyValues.add(new ProducerKeyValue(COMMIT_TASKS_KEY(connector), null));

[Copilot]

This method now writes tombstones for individual task config keys. KafkaConfigBackingStore currently treats null-valued task config records as an unexpected error (and does not process them as deletions), which will generate error logs during normal connector deletion. Consider updating task-record handling to treat null values as expected tombstones (remove task configs/deferred entries, and log at debug/trace).

[Copilot]

The tombstone simulation uses a non-null record.value() byte[] that is mapped to a null Struct in the converter stub. Using an actual Kafka tombstone (ConsumerRecord with null value bytes) would better exercise the real converter/toConnectData path for tombstones and reduce the chance of masking null-handling issues.

Suggested change

	CONFIGS_SERIALIZED.get(3), new RecordHeaders(), Optional.empty()));
	LinkedHashMap<byte[], Struct> deserialized = new LinkedHashMap<>();
	deserialized.put(CONFIGS_SERIALIZED.get(0), TASK_CONFIG_STRUCTS.get(0));
	deserialized.put(CONFIGS_SERIALIZED.get(1), TASK_CONFIG_STRUCTS.get(1));
	deserialized.put(CONFIGS_SERIALIZED.get(2), TASKS_COMMIT_STRUCT_TWO_TASK_CONNECTOR);
	deserialized.put(CONFIGS_SERIALIZED.get(3), null); // tombstone: structToMap(null) → null → SchemaAndValue(null, null)
	null, new RecordHeaders(), Optional.empty()));
	LinkedHashMap<byte[], Struct> deserialized = new LinkedHashMap<>();
	deserialized.put(CONFIGS_SERIALIZED.get(0), TASK_CONFIG_STRUCTS.get(0));
	deserialized.put(CONFIGS_SERIALIZED.get(1), TASK_CONFIG_STRUCTS.get(1));
	deserialized.put(CONFIGS_SERIALIZED.get(2), TASKS_COMMIT_STRUCT_TWO_TASK_CONNECTOR);
	deserialized.put(null, null); // tombstone: record.value() is null and converter returns SchemaAndValue(null, null)