Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-2276

Sentry-Kafka integration does not support Kafka's Alter/DescribeConfigs and IdempotentWrite operations

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 2.2.0
    • kafka-integration
    • None

    • Cloudera's Kafka (CDK 3.1.0) and Sentry Distribution, as included with CDH 5.13

    Description

      When sending AlterConfigs or DescribeConfigs requests using Kafka's AdminClient class to a Sentry-enabled Kafka broker, I noticed that the request would fail on the broker side with a NullPointerException in ResourceAuthorizationProvider::buildPermissions, the action being null.

      However, other requests, such as DescribeTopics, would work fine. I discovered that these request type are not covered in Sentry's KafkaActionFactory which leads to null values being returned as Actions, e.g., from getActionByName.

      Sentry's Kafka binding does not support the following actions that are defined by Kafka's authorization model:

      • AlterConfigs
      • DescribeConfigs
      • IdempotentWrite

      It does not support the TransactionalId authorizable resource either that is required for using Kafka's transactional capabilities in combination with Sentry authorizer.

       

      Attachments

        1. SENTRY-2276.002.patch
          51 kB
          Gergo Wilder
        2. SENTRY-2276.003.patch
          51 kB
          Gergo Wilder

        Issue Links

          links to

          Web Link Review board

          Activity

            People

              gwilder Gergo Wilder
              julian.eberius Julian Eberius
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: