Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
2.6.0, 2.5.1
-
None
-
None
-
reproduced using kafka 2.5.1 and 2.6.0
.net confluent consumer (nuget 1.5.2)
Description
When a consumer requires metadata (describe) on all the topics - for example on startup, it receives information about the topics it has access to, in accordance with its ACL permissions, as expected.
However, the kafka broker logs that the user is not authorized to describe all the other topics. If there is a large number of topics in the system and one particular user has describe access to a small subset, a lot of entries are inserted in kafka-authorizer.log file. Moreover, this happens for each consumer, each time they refresh the metadata (by default, each 5 minutes).
This issue has been reproduced using Confluent .NET consumer (https://github.com/confluentinc/confluent-kafka-dotnet/issues/1457) and using a client connection from Kafka Tool 2.0.8.