You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by jg...@apache.org on 2022/09/22 00:42:45 UTC
[kafka] branch trunk updated: KAFKA-14236; ListGroups request produces too much Denied logs in authorizer (#12652)
This is an automated email from the ASF dual-hosted git repository.
jgus pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new cb9557a9905 KAFKA-14236; ListGroups request produces too much Denied logs in authorizer (#12652)
cb9557a9905 is described below
commit cb9557a99050bf317cb347cc7756a61f25ce032d
Author: aLeX <ag...@gmail.com>
AuthorDate: Thu Sep 22 02:42:30 2022 +0200
KAFKA-14236; ListGroups request produces too much Denied logs in authorizer (#12652)
Avoid `is Denied Operation` logs when calling ListGroups api, by adding `logIfDenied = false` to `authorize` calls.
Reviewers: Jason Gustafson <ja...@confluent.io>
---
core/src/main/scala/kafka/server/KafkaApis.scala | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/core/src/main/scala/kafka/server/KafkaApis.scala b/core/src/main/scala/kafka/server/KafkaApis.scala
index 7b3f8269f4a..bae20f25667 100644
--- a/core/src/main/scala/kafka/server/KafkaApis.scala
+++ b/core/src/main/scala/kafka/server/KafkaApis.scala
@@ -1635,12 +1635,12 @@ class KafkaApis(val requestChannel: RequestChannel,
)
}
val (error, groups) = groupCoordinator.handleListGroups(states)
- if (authHelper.authorize(request.context, DESCRIBE, CLUSTER, CLUSTER_NAME))
+ if (authHelper.authorize(request.context, DESCRIBE, CLUSTER, CLUSTER_NAME, logIfDenied = false))
// With describe cluster access all groups are returned. We keep this alternative for backward compatibility.
requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
createResponse(requestThrottleMs, groups, error))
else {
- val filteredGroups = groups.filter(group => authHelper.authorize(request.context, DESCRIBE, GROUP, group.groupId))
+ val filteredGroups = groups.filter(group => authHelper.authorize(request.context, DESCRIBE, GROUP, group.groupId, logIfDenied = false))
requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
createResponse(requestThrottleMs, filteredGroups, error))
}