[GitHub] [kafka] rondagostino commented on a change in pull request #9378: MINOR: ACLs for secured cluster system tests

[GitBox <gi...@apache.org>]

rondagostino commented on a change in pull request #9378:
URL: https://github.com/apache/kafka/pull/9378#discussion_r500460487



##########
File path: tests/kafkatest/services/security/kafka_acls.py
##########
@@ -93,11 +97,13 @@ def add_cluster_acl(self, kafka, principal, force_use_zk_connection=False):
 
         force_use_zk_connection = force_use_zk_connection or not kafka.all_nodes_acl_command_supports_bootstrap_server()
 
-        cmd = "%(cmd_prefix)s --add --cluster --operation=ClusterAction --allow-principal=%(principal)s" % {
-            'cmd_prefix': self._acl_cmd_prefix(kafka, node, force_use_zk_connection),
-            'principal': principal
-        }
-        kafka.run_cli_tool(node, cmd)
+        for operation in ['ClusterAction', 'Alter', 'Create']:

Review comment:
       Yes, Alter is needed to create user SCRAM credentials, and Create is needed to create topics.  When we start up a cluster we create the `__consumer_offsets` topic and a `test_topic` (typically).  If the test is using SCRAM we also create the SCRAM credentials at this point.  We now use `--bootstrap-server` instead of `--zookeeper` for these CLI operations, and without these ACLs a system test will not be able to perform these necessary actions if security is enabled.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org