In #12658 the possibility for specifying validityDays and renewalDays for mTLS KafkaUser was added, however there was a comment about the approach which was used there - #12658 (comment).
The comment is mainly about passing the KafkaUser's validityDays and renewalDays to the ClientsCa (or Ca) constructor, which actually should be validity/renewal of the Clients CA. Instead of doing this, we should refactor the Ca class to have the validity/renewal of the Clients CA and pass the (in this case) KafkaUser's validity/renewal as part of the "generate certificate" method.
So the handling which validity/renewal values should be used will be moved to the "generate certificate" method.
In #12658 the possibility for specifying
validityDaysandrenewalDaysfor mTLS KafkaUser was added, however there was a comment about the approach which was used there - #12658 (comment).The comment is mainly about passing the KafkaUser's
validityDaysandrenewalDaysto theClientsCa(orCa) constructor, which actually should be validity/renewal of the Clients CA. Instead of doing this, we should refactor theCaclass to have the validity/renewal of the Clients CA and pass the (in this case) KafkaUser's validity/renewal as part of the "generate certificate" method.So the handling which validity/renewal values should be used will be moved to the "generate certificate" method.