Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-5547

Return topic authorization failed if no topic describe access

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 1.0.0
    • None

    Description

      We previously made a change to several of the request APIs to return UNKNOWN_TOPIC_OR_PARTITION if the principal does not have Describe access to the topic. The thought was to avoid leaking information about which topics exist. The problem with this is that a client which sees this error will just keep retrying because it is usually treated as retriable. It seems, however, that we could return TOPIC_AUTHORIZATION_FAILED instead and still avoid leaking information as long as we ensure that the Describe authorization check comes before the topic existence check. This would avoid the ambiguity on the client.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-6091 Authorization API is called hundred's of times when there are no privileges

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #3924

          Activity

            People

              omkreddy Manikumar
              hachikuji Jason Gustafson
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: