You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by HariBabu kuruva <ha...@gmail.com> on 2023/05/19 06:58:54 UTC

kafka acl issue

Hi All,

I am trying to implement kafka acl for one of the topics.
it's a kafka cluster with 1 broker.

Below are the ACL's applied on the topic

Current ACLs for resource `ResourcePattern(resourceType=TOPIC,
name=ibxkb.test.topic, patternType=LITERAL)`:
        (principal=User:kafkauser, host=*, operation=WRITE,
permissionType=ALLOW)
        (principal=User:kafkauser, host=*, operation=CREATE,
permissionType=ALLOW)
        (principal=User:kafkauser, host=*, operation=DESCRIBE,
permissionType=ALLOW)
        (principal=User:kafkauser, host=*, operation=READ,
permissionType=ALLOW)
-----------
When the producer is trying to connect using the below script, it throws
the error as shown below .

*Producer Script:*
import { Kafka, logLevel } from 'kafkajs';


(async () => {

    const kafka = new Kafka({
        clientId: 'saurabhs-program',
        brokers: ['broker.corp.equinix.com:9092'],
        // authenticationTimeout: 10000,
        // reauthenticationThreshold: 10000,
        //ssl: true,

        sasl: {
mechanism: 'PLAIN', // scram-sha-256 or scram-sha-512
username: 'kafkauser',
password: 'kafkauser',
//group: 'test-app'

        },
    });
    kafka.logger().setLogLevel(logLevel.DEBUG);


    const producer = kafka.producer();
    producer.logger().setLogLevel(logLevel.DEBUG);

    await producer.connect();

    const response = await producer.send({
        topic: 'ibxkb.test.topic',
        messages: [
            { value: 'Auth Test' },
        ],
    });

    console.log(response);

})();


*ERROR:*

*KafkaJSProtocolError: Request is not valid given the current SASL state*
    at createErrorFromCode
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\error.js:581:10)
    at Object.parse
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\requests\saslHandshake\v0\response.js:24:11)
    at Connection.send
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:433:35)
    at process.processTicksAndRejections
(node:internal/process/task_queues:95:5)
    at async SASLAuthenticator.authenticate
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\saslAuthenticator\index.js:35:23)
    at async
C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:139:9
    at async Connection.authenticate
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:315:5)
    at async Broker.connect
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\index.js:111:7)
    at async
C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\brokerPool.js:93:9
    at async
C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\index.js:107:14
{
  retriable: false,
  helpUrl: undefined,
*  type: 'ILLEGAL_SASL_STATE',*
  code: 34,
  [cause]: undefined


Please give me some advice. Let me know if you need any more information.
-- 

Thanks and Regards,
 Hari
Mobile:9790756568

Re: kafka acl issue

Posted by Luke Chen <sh...@gmail.com>.

Hi Hari,

You might want to ask in the client repo (kafkajs?)
They should be able to help you.

Thanks.
Luke

On Fri, May 19, 2023 at 3:00 PM HariBabu kuruva <ha...@gmail.com>
wrote:

> Hi All,
>
> I am trying to implement kafka acl for one of the topics.
> it's a kafka cluster with 1 broker.
>
> Below are the ACL's applied on the topic
>
> Current ACLs for resource `ResourcePattern(resourceType=TOPIC,
> name=ibxkb.test.topic, patternType=LITERAL)`:
>         (principal=User:kafkauser, host=*, operation=WRITE,
> permissionType=ALLOW)
>         (principal=User:kafkauser, host=*, operation=CREATE,
> permissionType=ALLOW)
>         (principal=User:kafkauser, host=*, operation=DESCRIBE,
> permissionType=ALLOW)
>         (principal=User:kafkauser, host=*, operation=READ,
> permissionType=ALLOW)
> -----------
> When the producer is trying to connect using the below script, it throws
> the error as shown below .
>
> *Producer Script:*
> import { Kafka, logLevel } from 'kafkajs';
>
>
> (async () => {
>
>     const kafka = new Kafka({
>         clientId: 'saurabhs-program',
>         brokers: ['broker.corp.equinix.com:9092'],
>         // authenticationTimeout: 10000,
>         // reauthenticationThreshold: 10000,
>         //ssl: true,
>
>         sasl: {
> mechanism: 'PLAIN', // scram-sha-256 or scram-sha-512
> username: 'kafkauser',
> password: 'kafkauser',
> //group: 'test-app'
>
>         },
>     });
>     kafka.logger().setLogLevel(logLevel.DEBUG);
>
>
>     const producer = kafka.producer();
>     producer.logger().setLogLevel(logLevel.DEBUG);
>
>     await producer.connect();
>
>     const response = await producer.send({
>         topic: 'ibxkb.test.topic',
>         messages: [
>             { value: 'Auth Test' },
>         ],
>     });
>
>     console.log(response);
>
> })();
>
>
> *ERROR:*
>
> *KafkaJSProtocolError: Request is not valid given the current SASL state*
>     at createErrorFromCode
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\error.js:581:10)
>     at Object.parse
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\requests\saslHandshake\v0\response.js:24:11)
>     at Connection.send
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:433:35)
>     at process.processTicksAndRejections
> (node:internal/process/task_queues:95:5)
>     at async SASLAuthenticator.authenticate
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\saslAuthenticator\index.js:35:23)
>     at async
>
> C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:139:9
>     at async Connection.authenticate
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:315:5)
>     at async Broker.connect
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\index.js:111:7)
>     at async
>
> C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\brokerPool.js:93:9
>     at async
>
> C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\index.js:107:14
> {
>   retriable: false,
>   helpUrl: undefined,
> *  type: 'ILLEGAL_SASL_STATE',*
>   code: 34,
>   [cause]: undefined
>
>
> Please give me some advice. Let me know if you need any more information.
> --
>
> Thanks and Regards,
>  Hari
> Mobile:9790756568
>