You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Stefan Bejan (Jira)" <ji...@apache.org> on 2020/11/13 07:21:00 UTC

[jira] [Created] (KAFKA-10717) ACL authorization log when consumer requires all topics

Stefan Bejan created KAFKA-10717:
------------------------------------

             Summary: ACL authorization log when consumer requires all topics
                 Key: KAFKA-10717
                 URL: https://issues.apache.org/jira/browse/KAFKA-10717
             Project: Kafka
          Issue Type: Improvement
          Components: log
    Affects Versions: 2.5.1
         Environment: kafka 2.5.1
.net confluent consumer (nuget 1.5.2)
            Reporter: Stefan Bejan


When a consumer requires metadata (describe) on all the topics - for example on startup, it receives information about the topics it has access to, in accordance with its ACL permissions, as expected.

However, the kafka broker logs that the user is not authorized to describe all the other topics. If there is a large number of topics in the system and one particular user has describe access to a small subset, a lot of entries are inserted in {{kafka-authorizer.log}} file. Moreover, this happens for each consumer, each time they refresh the metadata (by default, each 5 minutes).

This issue has been reproduced using Confluent .NET consumer ([https://github.com/confluentinc/confluent-kafka-dotnet/issues/1457]) and using a client connection from Kafka Tool 2.0.8. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)