Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-6091

Authorization API is called hundred's of times when there are no privileges

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.11.0.0
    • None
    • security
    • None

    Description

      This issue is observed with kafka/sentry integration. When sentry does not have any permissions for a topic and there is a producer trying to add a message to a topic, sentry returns failure but Kafka is not able to handle it properly and is ending up invoking sentry Auth API ~564 times. This will choke authorization service.

      Here are the list of privileges that are needed for a producer to add a message to a topic
      In this example "192.168.0.3" is hostname and topic name is "tOpIc1"

      HOST=192.168.0.3->Topic=tOpIc1->action=DESCRIBE
HOST=192.168.0.3->Cluster=kafka-cluster->action=CREATE
HOST=192.168.0.3->Topic=tOpIc1->action=WRITE

      This problem is reported in this jira is seen when there are no permissions. Movement a DESCRIBE permission is added, this issue is not seen. Authorization fails but kafka doesn't bombard with he more requests.

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. KAFKA-5547 Return topic authorization failed if no topic describe access

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              kkalyan Krishna Kalyan
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: