kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bala <kbkre...@yahoo.com.INVALID>
Subject Re: Kafka ACL issue - Operation denied despite having full access to the topic
Date Sat, 29 Sep 2018 15:34:28 GMT
 Yes, I followed all the docs and thing is it's connecting as expected and sending the right
user to the server. The problem is that when I list ACL's I am seeing that the user has all
the access. But when the producer trying to connect to the server, the server is logging message
saying that the user is denied. Something is not right and I want to know how to debug this
further to find out why the server thinks the user has no access.

I even tried adding the user to the super users and still not able to access the topic.
I am using Kafka 1.0.0. 
    On Friday, September 28, 2018, 8:14:30 PM EDT, Vahid Hashemian <vahid.hashemian@gmail.com>
wrote:  
 
 Your produce needs to have Write access to the topic. But as you mentioned
All should cover Write. Which version of Kafka are you using?
FYI, more authn/authz information can be found here for some of the common
client operations:
https://developer.ibm.com/opentech/2017/05/31/kafka-acls-in-practice/

--Vahid

On Fri, Sep 28, 2018 at 9:13 AM Bala <kbkreddy@yahoo.com.invalid> wrote:

> Producer using the Java API. I did configure the jaas config as per docs.
> It looks like is working and the authentication is succeeded but the
> authorization is not honoring the ACL
>    On Friday, September 28, 2018, 11:56:24 AM EDT, Vahid Hashemian <
> vahid.hashemian@gmail.com> wrote:
>
>  Hi Bala,
>
> What operation/command are you trying that gives you this error?
>
> --Vahid
>
> On Fri, Sep 28, 2018 at 7:12 AM Bala <kbkreddy@yahoo.com.invalid> wrote:
>
> > I have a kafka with kerberos security and trying to use the ACL and am
> not
> > able to make it work.
> >
> > Here is the error I am seeing in the server log.[2018-09-28 14:06:54,152]
> > INFO Principal = User:storm-mytestcluster is Denied Operation = Describe
> > from host = <ip address of host> on resource = Topic:icd_alpha
> > (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,312] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,472] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,631] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,793] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> > [2018-09-28 14:06:54,953] INFO Principal = User:storm-mytestcluster is
> > Denied Operation = Describe from host = <ip address of host> on resource
> =
> > Topic:icd_alpha (kafka.authorizer.logger)
> >
> >
> >
> > But the user has full access to the topic: Here is the output of `list `
> > command
> >
> > Current ACLs for resource `Topic:icd_alpha`:
> >      user:storm-mytestcluster has Allow permission for operations: All
> > from hosts: *
> >
> > Please help me, as I am kind of blocked and don't know how to proceed
> > further.
> > ThanksBala
> >
>
  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message