Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-4867

zookeeper-security-migration.sh does not clear ACLs from all nodes

Attach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Duplicate
    • 0.10.1.1
    • None
    • None
    • None

    Description

      zookeeper-security-migration.sh help for --zookeeper.acl switch with 'secure'/'unsecure' as possible values suggests that command should apply the change to all Kafka znodes. That doesn't seem to be the case at least for 'unsecure', so clearing ACLs use case.

      With ACLs set on Kafka znodes, I ran

      bin/zookeeper-security-migration.sh --zookeeper.acl 'unsecure' --zookeeper.connect x.y.z.w:2181

      and with zookeeper-shell.sh getAcl checked ACLs set on few nodes. Node /brokers/topics had ACL cleared (only default one that world can do anything remained). On the other hand node /brokers still had secure ACLs set that world can read and owner can do everything. Nodes and respective sub trees of /cluster and /controller also had secure ACLs still set.

      Attachments

        Issue Links

        duplicates

        Bug - A problem which impairs or prevents the functions of the product. KAFKA-4864 Kafka Secure Migrator tool doesn't secure all the nodes

        • Critical - Crashes, loss of data, severe memory leak.
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            sslavic Stevo Slavić
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment