You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Brian Byrne (Jira)" <ji...@apache.org> on 2020/02/05 22:12:00 UTC

[jira] [Commented] (KAFKA-9510) Quotas may resolve to incorrect value if user is empty

    [ https://issues.apache.org/jira/browse/KAFKA-9510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17031080#comment-17031080 ] 

Brian Byrne commented on KAFKA-9510:
------------------------------------

Here's another one that may be more common.

/config/clients/<default>, producer_byte_rate=1000
request: (user="test", client-id="")

Resolves to Long.MaxValue since quotaMetricsTags resolves to ("", clientId) -> ("", "").


> Quotas may resolve to incorrect value if user is empty
> ------------------------------------------------------
>
>                 Key: KAFKA-9510
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9510
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Brian Byrne
>            Assignee: Rajini Sivaram
>            Priority: Major
>             Fix For: 2.6.0
>
>
> This may be a pretty rare/uncommon case that I encountered during testing regarding an empty user. [~rsivaram] please let me know if this is a valid bug and whether it's something that's needs further examination.
> Let's say two quota configurations are populated:
> /config/users/<default> {producer_byte_rate=500}
> /config/clients/<default> {producer_byte_rate=1000}
> And let's say a produce request with {user="", client-id="test"} enters the system. When calling ClientQuotaManager::quota(), the metrics tags that are fetched via ClientQuotaCallback::quotaMetricTags() will map to the config entry for /config/users/<default>, which is (sanitizedUser, ""), where substituting gets ("", "").
> Then, when looking up the quota in ClientQuotaCallback::quotaLimit(), both tags are the empty string, which resolves to null, which turns into Long.MaxValue for the result. So where the client may have expected 500 (or 1000?), it's instead unbounded.
> Is it valid for a request to ever contain an empty string for the user? If so, then a fix will be needed, otherwise if not, we should safeguard against this from happening.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)