You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Manikumar (JIRA)" <ji...@apache.org> on 2018/01/25 17:21:00 UTC

[jira] [Resolved] (KAFKA-6091) Authorization API is called hundred's of times when there are no privileges

     [ https://issues.apache.org/jira/browse/KAFKA-6091?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Manikumar resolved KAFKA-6091.
------------------------------
    Resolution: Fixed

Fixed via KAFKA-5547. Please reopen if you think the issue still exists

> Authorization API is called hundred's of times when there are no privileges
> ---------------------------------------------------------------------------
>
>                 Key: KAFKA-6091
>                 URL: https://issues.apache.org/jira/browse/KAFKA-6091
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.11.0.0
>            Reporter: kalyan kumar kalvagadda
>            Priority: Major
>
> This issue is observed with kafka/sentry integration. When sentry does not have any permissions for a topic and there is a producer trying to add a message to a topic, sentry returns failure but Kafka is not able to handle it properly and is ending up invoking sentry Auth API ~564 times. This will choke authorization service.
> Here are the list of privileges that are needed for a producer to add a message to a topic
> In this example "192.168.0.3" is hostname and topic name is "tOpIc1"
> {noformat}
> HOST=192.168.0.3->Topic=tOpIc1->action=DESCRIBE
> HOST=192.168.0.3->Cluster=kafka-cluster->action=CREATE
> HOST=192.168.0.3->Topic=tOpIc1->action=WRITE
> {noformat}
> This problem is reported in this jira is seen when there are no permissions. Movement a DESCRIBE permission is added, this issue is not seen. Authorization fails but kafka doesn't bombard with he more requests.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)