You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Alexandre GRIFFAUT (Jira)" <ji...@apache.org> on 2022/09/16 10:13:00 UTC

[jira] [Created] (KAFKA-14236) ListGroups request produces too much Denied logs in authorizer

Alexandre GRIFFAUT created KAFKA-14236:
------------------------------------------

             Summary: ListGroups request produces too much Denied logs in authorizer
                 Key: KAFKA-14236
                 URL: https://issues.apache.org/jira/browse/KAFKA-14236
             Project: Kafka
          Issue Type: Bug
          Components: core
    Affects Versions: 3.2.1, 3.1.1, 3.0.1, 2.8.1, 2.7.2, 2.6.3, 2.5.1, 2.4.1, 2.3.1, 2.2.2, 2.1.1, 2.0.1
            Reporter: Alexandre GRIFFAUT


Context

On a multi-tenant secured cluster, with many consumers, a call to ListGroups api will log an authorization error for each consumer group of other tenant.

Reason

The handleListGroupsRequest function first tries to authorize a DESCRIBE CLUSTER, and if it fails it will then try to authorize a DESCRIBE GROUP on each consumer group.

Fix

In that case neither the DESCRIBE CLUSTER, nor the DESCRIBE GROUP of other tenant were intended, and should be specified in the Action using logIfDenied: false



--
This message was sent by Atlassian Jira
(v8.20.10#820010)