You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Olumide Ajiboye (Jira)" <ji...@apache.org> on 2021/10/11 17:21:00 UTC
[jira] [Created] (KAFKA-13362) KafkaConnect authorization failure
using SCRAM-SHA-512 and OPA
Olumide Ajiboye created KAFKA-13362:
---------------------------------------
Summary: KafkaConnect authorization failure using SCRAM-SHA-512 and OPA
Key: KAFKA-13362
URL: https://issues.apache.org/jira/browse/KAFKA-13362
Project: Kafka
Issue Type: Bug
Components: KafkaConnect
Affects Versions: 2.8.0
Environment: Kubernetes, Strimzi Operator
Reporter: Olumide Ajiboye
Using Kafka Strimzi Operator and superuser client credentials to connect to a KafkaCluster set up to use OPA for authorization, authentication is successful but authorization fails for connect-offsets Topic.
{code:java}
2021-10-06 21:39:42,593 ERROR [Worker clientId=connect-1, groupId=dev-kafka] Uncaught exception in herder work thread, exiting: (org.apache.kafka.connect.runtime.distributed.DistributedHerder) [DistributedHerder-connect-1-1]org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [dev-kafka-connect-offsets]
{code}
Expected behavior: No authorization is required.
Superuser account does not require authorization and there is no trace in OPA Server indicating an attempt at verifying the users permssions.
Note:
Using TLS Authentication, there is no issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)