You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by "Olumide Ajiboye (Jira)" <ji...@apache.org> on 2021/10/11 17:21:00 UTC

[jira] [Created] (KAFKA-13362) KafkaConnect authorization failure using SCRAM-SHA-512 and OPA

Olumide Ajiboye created KAFKA-13362:
---------------------------------------

             Summary: KafkaConnect authorization failure using SCRAM-SHA-512 and OPA
                 Key: KAFKA-13362
                 URL: https://issues.apache.org/jira/browse/KAFKA-13362
             Project: Kafka
          Issue Type: Bug
          Components: KafkaConnect
    Affects Versions: 2.8.0
         Environment: Kubernetes, Strimzi Operator
            Reporter: Olumide Ajiboye


Using Kafka Strimzi Operator and superuser client credentials to connect to a KafkaCluster set up to use OPA for authorization, authentication is successful but authorization fails for connect-offsets Topic.
{code:java}
2021-10-06 21:39:42,593 ERROR [Worker clientId=connect-1, groupId=dev-kafka] Uncaught exception in herder work thread, exiting:  (org.apache.kafka.connect.runtime.distributed.DistributedHerder) [DistributedHerder-connect-1-1]org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [dev-kafka-connect-offsets]
{code}
 

Expected behavior: No authorization is required.

Superuser account does not require authorization and there is no trace in OPA Server indicating an attempt at verifying the users permssions.

Note:

Using TLS Authentication, there is no issue.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)