Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-10717

ACL authorization log when consumer requires all topics

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 2.6.0, 2.5.1
    • None
    • logging
    • None
    • reproduced using kafka 2.5.1 and 2.6.0
      .net confluent consumer (nuget 1.5.2)

    Description

      When a consumer requires metadata (describe) on all the topics - for example on startup, it receives information about the topics it has access to, in accordance with its ACL permissions, as expected.

      However, the kafka broker logs that the user is not authorized to describe all the other topics. If there is a large number of topics in the system and one particular user has describe access to a small subset, a lot of entries are inserted in kafka-authorizer.log file. Moreover, this happens for each consumer, each time they refresh the metadata (by default, each 5 minutes).

      This issue has been reproduced using Confluent .NET consumer (https://github.com/confluentinc/confluent-kafka-dotnet/issues/1457) and using a client connection from Kafka Tool 2.0.8. 

      Attachments

        Activity

          People

            Unassigned Unassigned
            stefanious Stefan Bejan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: