You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Rajini Sivaram (JIRA)" <ji...@apache.org> on 2019/03/16 11:12:00 UTC

[jira] [Resolved] (KAFKA-8114) Flaky Test DelegationTokenEndToEndAuthorizationTest#testNoGroupAcl

     [ https://issues.apache.org/jira/browse/KAFKA-8114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rajini Sivaram resolved KAFKA-8114.
-----------------------------------
       Resolution: Fixed
         Assignee: Manikumar
         Reviewer: Rajini Sivaram
    Fix Version/s: 2.2.1

> Flaky Test DelegationTokenEndToEndAuthorizationTest#testNoGroupAcl
> ------------------------------------------------------------------
>
>                 Key: KAFKA-8114
>                 URL: https://issues.apache.org/jira/browse/KAFKA-8114
>             Project: Kafka
>          Issue Type: Bug
>          Components: core, unit tests
>    Affects Versions: 2.3.0
>            Reporter: Matthias J. Sax
>            Assignee: Manikumar
>            Priority: Critical
>              Labels: flaky-test
>             Fix For: 2.3.0, 2.2.1
>
>
> [https://builds.apache.org/job/kafka-pr-jdk11-scala2.12/3254/testReport/junit/kafka.api/DelegationTokenEndToEndAuthorizationTest/testNoGroupAcl/]
> {quote}java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SaslAuthenticationException: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 at org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45) at org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32) at org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89) at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:260) at kafka.api.DelegationTokenEndToEndAuthorizationTest.createDelegationToken(DelegationTokenEndToEndAuthorizationTest.scala:88) at kafka.api.DelegationTokenEndToEndAuthorizationTest.configureSecurityAfterServersStart(DelegationTokenEndToEndAuthorizationTest.scala:63) at kafka.integration.KafkaServerTestHarness.setUp(KafkaServerTestHarness.scala:107) at kafka.api.IntegrationTestHarness.doSetup(IntegrationTestHarness.scala:81) at kafka.api.IntegrationTestHarness.setUp(IntegrationTestHarness.scala:73) at kafka.api.EndToEndAuthorizationTest.setUp(EndToEndAuthorizationTest.scala:183) at kafka.api.DelegationTokenEndToEndAuthorizationTest.setUp(DelegationTokenEndToEndAuthorizationTest.scala:74){quote}
> STDOUT
> {quote}Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Create from hosts: * [2019-03-15 09:58:16,481] ERROR [Consumer clientId=consumer-99, groupId=group] Topic authorization failed for topics [e2etopic] (org.apache.kafka.clients.Metadata:297) [2019-03-15 09:58:17,527] WARN Unable to read additional data from client sessionid 0x104549c2b88000a, likely client has closed socket (org.apache.zookeeper.server.NIOServerCnxn:376) Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:PREFIXED:e2e`: User:scram-user has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * Adding ACLs for resource `Group:PREFIXED:gr`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:PREFIXED:e2e`: User:scram-user has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * Current ACLs for resource `Group:PREFIXED:gr`: User:scram-user has Allow permission for operations: Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:*`: User:scram-user has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * Adding ACLs for resource `Group:LITERAL:*`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * User:scram-user has Allow permission for operations: Write from hosts: * Current ACLs for resource `Group:LITERAL:*`: User:scram-user has Allow permission for operations: Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * [2019-03-15 09:59:00,313] ERROR [Consumer clientId=consumer-105, groupId=group] Offset commit failed on partition e2etopic-0 at offset 0: Not authorized to access topics: [Topic authorization failed.] (org.apache.kafka.clients.consumer.internals.ConsumerCoordinator:815) [2019-03-15 09:59:00,325] ERROR [Consumer clientId=consumer-105, groupId=group] Not authorized to commit to topics [e2etopic] (org.apache.kafka.clients.consumer.internals.ConsumerCoordinator:853) Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Create from hosts: * [2019-03-15 09:59:09,398] ERROR [Consumer clientId=consumer-106, groupId=group] Topic authorization failed for topics [e2etopic] (org.apache.kafka.clients.Metadata:297) Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. [2019-03-15 09:59:16,272] ERROR [AdminClient clientId=adminclient-93] Connection to node -2 (localhost/127.0.0.1:42859) failed authentication due to: Authentication failed during authentication due to invalid credentials with SASL mechanism SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient:714) [2019-03-15 09:59:16,392] WARN Unable to read additional data from client sessionid 0x104549d1e9f0009, likely client has closed socket (org.apache.zookeeper.server.NIOServerCnxn:376) Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Read from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for operations: Write from hosts: * User:scram-user has Allow permission for operations: Create from hosts: * User:scram-user has Allow permission for operations: Describe from hosts: * User:scram-user has Allow permission for operations: Read from hosts: * Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow permission for operations: Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for operations: ClusterAction from hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read from hosts: * Completed Updating config for entity: user-principal 'scram-admin'. Completed Updating config for entity: user-principal 'scram-user'. [2019-03-15 09:59:35,692] ERROR [Producer clientId=producer-215] Topic authorization failed for topics [e2etopic] (org.apache.kafka.clients.Metadata:297){quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)