You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Manikumar (JIRA)" <ji...@apache.org> on 2018/06/05 10:54:00 UTC
[jira] [Resolved] (KAFKA-6972) Kafka ACL does not work expected
with wildcard
[ https://issues.apache.org/jira/browse/KAFKA-6972?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Manikumar resolved KAFKA-6972.
------------------------------
Resolution: Information Provided
> Kafka ACL does not work expected with wildcard
> ----------------------------------------------
>
> Key: KAFKA-6972
> URL: https://issues.apache.org/jira/browse/KAFKA-6972
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.11.0.0
> Environment: OS : CentOS 7, 64bit.
> Confluent : 3.3, Kafka 0.11.
> Reporter: Soyee Deng
> Assignee: Sönke Liebau
> Priority: Major
>
> Just started with Confluent 3.3 platform and Kafka 0.11 having SSL as transportation security and Kerberos to restrict the access control based on the holding principals. In order to make life easier, wildcard is extensively used in my environment. But it turned out that is not working as expected.
> My issue is that when I run the command _kafka-acls_ under one directory with some files, this command would pick up the name of first file as the topic name or group name. e.g. In my case, abcd.txt would be chosen while giving my principal connect-consumer the permissions of consuming message from any topic with any group Id.
> [quality@data-pipeline-1 test_dir]$ KAFKA_OPTS=-Djava.security.auth.login.config='/etc/security/jaas/broker-jaas.conf' kafka-acls --authorizer-properties zookeeper.connect=data-pipeline-1.orion.com:2181 --add --allow-principal User:connect-consumer --consumer --topic * --group *
> Adding ACLs for resource `Topic:abcd.txt`:
> User:connect-consumer has Allow permission for operations: Describe from hosts: *
> User:connect-consumer has Allow permission for operations: Read from hosts: *
> Adding ACLs for resource `Group:abcd.txt`:
> User:connect-consumer has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:abcd.txt`:
> User:connect-consumer has Allow permission for operations: Describe from hosts: *
> User:connect-consumer has Allow permission for operations: Read from hosts: *
> User:connect-consumer has Allow permission for operations: Write from hosts: *
> Current ACLs for resource `Group:abcd.txt`:
> User:connect-consumer has Allow permission for operations: Read from hosts: *
>
> My current work around solution is changing command context to an empty directory and run above command, it works as expected.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)