You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by HariBabu kuruva <ha...@gmail.com> on 2023/05/19 06:58:54 UTC
kafka acl issue
Hi All,
I am trying to implement kafka acl for one of the topics.
it's a kafka cluster with 1 broker.
Below are the ACL's applied on the topic
Current ACLs for resource `ResourcePattern(resourceType=TOPIC,
name=ibxkb.test.topic, patternType=LITERAL)`:
(principal=User:kafkauser, host=*, operation=WRITE,
permissionType=ALLOW)
(principal=User:kafkauser, host=*, operation=CREATE,
permissionType=ALLOW)
(principal=User:kafkauser, host=*, operation=DESCRIBE,
permissionType=ALLOW)
(principal=User:kafkauser, host=*, operation=READ,
permissionType=ALLOW)
-----------
When the producer is trying to connect using the below script, it throws
the error as shown below .
*Producer Script:*
import { Kafka, logLevel } from 'kafkajs';
(async () => {
const kafka = new Kafka({
clientId: 'saurabhs-program',
brokers: ['broker.corp.equinix.com:9092'],
// authenticationTimeout: 10000,
// reauthenticationThreshold: 10000,
//ssl: true,
sasl: {
mechanism: 'PLAIN', // scram-sha-256 or scram-sha-512
username: 'kafkauser',
password: 'kafkauser',
//group: 'test-app'
},
});
kafka.logger().setLogLevel(logLevel.DEBUG);
const producer = kafka.producer();
producer.logger().setLogLevel(logLevel.DEBUG);
await producer.connect();
const response = await producer.send({
topic: 'ibxkb.test.topic',
messages: [
{ value: 'Auth Test' },
],
});
console.log(response);
})();
*ERROR:*
*KafkaJSProtocolError: Request is not valid given the current SASL state*
at createErrorFromCode
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\error.js:581:10)
at Object.parse
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\requests\saslHandshake\v0\response.js:24:11)
at Connection.send
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:433:35)
at process.processTicksAndRejections
(node:internal/process/task_queues:95:5)
at async SASLAuthenticator.authenticate
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\saslAuthenticator\index.js:35:23)
at async
C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:139:9
at async Connection.authenticate
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:315:5)
at async Broker.connect
(C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\index.js:111:7)
at async
C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\brokerPool.js:93:9
at async
C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\index.js:107:14
{
retriable: false,
helpUrl: undefined,
* type: 'ILLEGAL_SASL_STATE',*
code: 34,
[cause]: undefined
Please give me some advice. Let me know if you need any more information.
--
Thanks and Regards,
Hari
Mobile:9790756568
Re: kafka acl issue
Posted by Luke Chen <sh...@gmail.com>.
Hi Hari,
You might want to ask in the client repo (kafkajs?)
They should be able to help you.
Thanks.
Luke
On Fri, May 19, 2023 at 3:00 PM HariBabu kuruva <ha...@gmail.com>
wrote:
> Hi All,
>
> I am trying to implement kafka acl for one of the topics.
> it's a kafka cluster with 1 broker.
>
> Below are the ACL's applied on the topic
>
> Current ACLs for resource `ResourcePattern(resourceType=TOPIC,
> name=ibxkb.test.topic, patternType=LITERAL)`:
> (principal=User:kafkauser, host=*, operation=WRITE,
> permissionType=ALLOW)
> (principal=User:kafkauser, host=*, operation=CREATE,
> permissionType=ALLOW)
> (principal=User:kafkauser, host=*, operation=DESCRIBE,
> permissionType=ALLOW)
> (principal=User:kafkauser, host=*, operation=READ,
> permissionType=ALLOW)
> -----------
> When the producer is trying to connect using the below script, it throws
> the error as shown below .
>
> *Producer Script:*
> import { Kafka, logLevel } from 'kafkajs';
>
>
> (async () => {
>
> const kafka = new Kafka({
> clientId: 'saurabhs-program',
> brokers: ['broker.corp.equinix.com:9092'],
> // authenticationTimeout: 10000,
> // reauthenticationThreshold: 10000,
> //ssl: true,
>
> sasl: {
> mechanism: 'PLAIN', // scram-sha-256 or scram-sha-512
> username: 'kafkauser',
> password: 'kafkauser',
> //group: 'test-app'
>
> },
> });
> kafka.logger().setLogLevel(logLevel.DEBUG);
>
>
> const producer = kafka.producer();
> producer.logger().setLogLevel(logLevel.DEBUG);
>
> await producer.connect();
>
> const response = await producer.send({
> topic: 'ibxkb.test.topic',
> messages: [
> { value: 'Auth Test' },
> ],
> });
>
> console.log(response);
>
> })();
>
>
> *ERROR:*
>
> *KafkaJSProtocolError: Request is not valid given the current SASL state*
> at createErrorFromCode
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\error.js:581:10)
> at Object.parse
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\protocol\requests\saslHandshake\v0\response.js:24:11)
> at Connection.send
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:433:35)
> at process.processTicksAndRejections
> (node:internal/process/task_queues:95:5)
> at async SASLAuthenticator.authenticate
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\saslAuthenticator\index.js:35:23)
> at async
>
> C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:139:9
> at async Connection.authenticate
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\network\connection.js:315:5)
> at async Broker.connect
>
> (C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\broker\index.js:111:7)
> at async
>
> C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\brokerPool.js:93:9
> at async
>
> C:\Hari\Equinix\EISP\node-utils\node-utils2\node-utils2\node_modules\kafkajs\src\cluster\index.js:107:14
> {
> retriable: false,
> helpUrl: undefined,
> * type: 'ILLEGAL_SASL_STATE',*
> code: 34,
> [cause]: undefined
>
>
> Please give me some advice. Let me know if you need any more information.
> --
>
> Thanks and Regards,
> Hari
> Mobile:9790756568
>