Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-4867

zookeeper-security-migration.sh does not clear ACLs from all nodes

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Duplicate
    • 0.10.1.1
    • None
    • None
    • None

    Description

      zookeeper-security-migration.sh help for --zookeeper.acl switch with 'secure'/'unsecure' as possible values suggests that command should apply the change to all Kafka znodes. That doesn't seem to be the case at least for 'unsecure', so clearing ACLs use case.

      With ACLs set on Kafka znodes, I ran

      bin/zookeeper-security-migration.sh --zookeeper.acl 'unsecure' --zookeeper.connect x.y.z.w:2181

      and with zookeeper-shell.sh getAcl checked ACLs set on few nodes. Node /brokers/topics had ACL cleared (only default one that world can do anything remained). On the other hand node /brokers still had secure ACLs set that world can read and owner can do everything. Nodes and respective sub trees of /cluster and /controller also had secure ACLs still set.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-4864 Kafka Secure Migrator tool doesn't secure all the nodes

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              sslavic Stevo Slavić
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: