You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "hongwei.xiang (Jira)" <ji...@apache.org> on 2022/04/23 13:56:00 UTC
[jira] [Created] (KAFKA-13852) Kafka Acl documentation bug for wildcard '*'
hongwei.xiang created KAFKA-13852:
-------------------------------------
Summary: Kafka Acl documentation bug for wildcard '*'
Key: KAFKA-13852
URL: https://issues.apache.org/jira/browse/KAFKA-13852
Project: Kafka
Issue Type: Bug
Components: docs, documentation
Affects Versions: 3.1.0, 3.2.0, 3.1.2
Environment: Mac OS, Linux
Reporter: hongwei.xiang
There is a Kafka Acl documentation bug for wildcard '*' in the [Examples|https://kafka.apache.org/documentation/#security_authz_examples].
The bug is when we run the below script in one folder which is not empty, we can not set ACL correctly. However, it works only the folder is empty.
We can find the scripts with wildcard '*' from the Kafka documentation.
{code:java}
// Adding Acls
> bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Peter --allow-host 198.51.200.1 --producer --topic *
// List Acls
> bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list --topic *{code}
Reproduce the issue:
# Create a file foo.txt under an empty folder
# Run the script to add an acl by using the wildcard resource '*'
# We can find the resource name is 'foo.txt'. Not wildcard '*'
{code:java}
// code placeholder
(base) hongwei.xiang@hongweixiang ~/Downloads/test ll
total 0
(base) hongwei.xiang@hongweixiang ~/Downloads/test touch foo.txt
(base) hongwei.xiang@hongweixiang ~/Downloads/test ll
total 0
-rw-r--r-- 1 hongwei.xiang 345931250 0B Apr 23 19:05 foo.txt
(base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Peter --allow-host 198.51.200.1 --producer --topic *
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, patternType=LITERAL)`:
(principal=User:Peter, host=198.51.200.1, operation=WRITE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=CREATE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, permissionType=ALLOW)Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, patternType=LITERAL)`:
(principal=User:Peter, host=198.51.200.1, operation=WRITE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=CREATE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, permissionType=ALLOW)
(base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:Peter --allow-host 198.51.200.1 --topic * --producer
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, patternType=LITERAL)`:
(principal=User:Peter, host=198.51.200.1, operation=WRITE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=CREATE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, permissionType=ALLOW)Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, patternType=LITERAL)`:
(principal=User:Peter, host=198.51.200.1, operation=WRITE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=CREATE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, permissionType=ALLOW)
(base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --list --topic *
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, patternType=LITERAL)`:
(principal=User:Peter, host=198.51.200.1, operation=WRITE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=CREATE, permissionType=ALLOW)
(principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, permissionType=ALLOW){code}
--
This message was sent by Atlassian Jira
(v8.20.7#820007)