User creation mismatch

We found the Kafka users were not created properly, so let's suppose we create the user myuser@myuser.com

COMMAND:

/etc/new_kafka/bin/kafka-configs.sh  --bootstrap-server localhost:9092 --alter --add-config 'SCRAM-SHA-256=[iterations=4096,password=blabla],SCRAM-SHA-256=[password=blabla]' --entity-type users --entity-name myuser@myuser.com

RESPONSE:

Completed updating config for user myuser@myuser.com

When listing the users I see the user was created as an encoded string

COMMAND

kafka-configs.sh --bootstrap-server localhost:9092 --describe --entity-type users|grep myuser 

RESPONSE

SCRAM credential configs for user-principal 'myuser%40myuser.com' are SCRAM-SHA-256=iterations=8192, SCRAM-SHA-512=iterations=4096 

So basically the user is being "sanitized" and giving a false OK to the user requester. The user requested does not exist as it should, it creates the encoded one instead.

I dug deep in the code until I found this is happening in the ZkAdminManager.scala in this line 

adminZkClient.changeConfigs(ConfigType.User, Sanitizer.sanitize(user), configsByPotentiallyValidUser(user)) 

So removing the Sanitizer fix the problem, but I have a couple of doubts

I checked we Sanitize because of some JMX metrics, but in this case I don't know if this is really needed, supossing this is needed I think we should forbid to create users with characters that will be encoded.

Even worse after creating an user in general we create ACLs and they are created properly without encoding the characters, this creates a mismatch between the user and the ACLs.

So I can work on fixing this, but I think we need to decide :

A) We forbid to create users with characters that will be encoded, so we fail in the user creation step.

B) We allow the user creation with special characters and remove the Sanitizer.sanitize(user) from the 2 places where it shows up in the file ZkAdminManager.scala

And of course if we go for B we need to create the tests.

Please let me know what you think and i can work on it