Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
None
-
None
-
Cloudera's Kafka (CDK 3.1.0) and Sentry Distribution, as included with CDH 5.13
Description
When sending AlterConfigs or DescribeConfigs requests using Kafka's AdminClient class to a Sentry-enabled Kafka broker, I noticed that the request would fail on the broker side with a NullPointerException in ResourceAuthorizationProvider::buildPermissions, the action being null.
However, other requests, such as DescribeTopics, would work fine. I discovered that these request type are not covered in Sentry's KafkaActionFactory which leads to null values being returned as Actions, e.g., from getActionByName.
Sentry's Kafka binding does not support the following actions that are defined by Kafka's authorization model:
- AlterConfigs
- DescribeConfigs
- IdempotentWrite
It does not support the TransactionalId authorizable resource either that is required for using Kafka's transactional capabilities in combination with Sentry authorizer.
Attachments
Attachments
Issue Links
- links to