You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/11/15 22:33:00 UTC

[jira] [Commented] (KAFKA-7633) Kafka Connect requires permission to create internal topics even if they exist

    [ https://issues.apache.org/jira/browse/KAFKA-7633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16688737#comment-16688737 ] 

ASF GitHub Bot commented on KAFKA-7633:
---------------------------------------

arabelle opened a new pull request #5918: KAFKA-7633: Allow Kafka Connect to access internal topics without clu…
URL: https://github.com/apache/kafka/pull/5918
 
 
   …ster ACLs
   
   When Kafka Connect does not have cluster ACLs to create topics,
   it fails to even access its internal topics which already exist.
   This was originally fixed in KAFKA-6250 by ignoring the cluster
   authorization error, but now Kafka 2.0 returns a different response
   code that corresponds to a different error. Add a patch to ignore this
   new error as well.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Kafka Connect requires permission to create internal topics even if they exist
> ------------------------------------------------------------------------------
>
>                 Key: KAFKA-7633
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7633
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>    Affects Versions: 1.1.0
>            Reporter: Arabelle Hou
>            Priority: Major
>
> Similar to issue https://issues.apache.org/jira/browse/KAFKA-6250 but now with a different exception.
> Error is:
> {code:java}
> 018-11-13 16:14:10,283 [DistributedHerder] ERROR o.a.k.c.r.d.DistributedHerder - Uncaught exception in herder work thread, exiting:
> org.apache.kafka.connect.errors.ConnectException: Error while attempting to create/find topic(s) 'connect-offsets'
>         at org.apache.kafka.connect.util.TopicAdmin.createTopics(TopicAdmin.java:255)
>         at org.apache.kafka.connect.storage.KafkaOffsetBackingStore$1.run(KafkaOffsetBackingStore.java:100)
>         at org.apache.kafka.connect.util.KafkaBasedLog.start(KafkaBasedLog.java:126)
>         at org.apache.kafka.connect.storage.KafkaOffsetBackingStore.start(KafkaOffsetBackingStore.java:110)
>         at org.apache.kafka.connect.runtime.Worker.start(Worker.java:144)
>         at org.apache.kafka.connect.runtime.AbstractHerder.startServices(AbstractHerder.java:108)
>         at org.apache.kafka.connect.runtime.distributed.DistributedHerder.run(DistributedHerder.java:211)
>         at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
>         at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [Topic authorization failed.]
>         at org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45)
>         at org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32)
>         at org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89)
>         at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:258)
>         at org.apache.kafka.connect.util.TopicAdmin.createTopics(TopicAdmin.java:228)
>         ... 11 common frames omitted
> Caused by: org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [Topic authorization failed.]
> {code}
> I think it is because Kafka 2.0 uses TOPIC_AUTHORIZATION_FAILED(29) as a response code now in the CreateTopicsResponse class [https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/requests/CreateTopicsResponse.java] whereas it used CLUSTER_AUTHORIZATION_FAILED(31) in Kafka 1.1 for example [https://github.com/apache/kafka/blob/1.1/clients/src/main/java/org/apache/kafka/common/requests/CreateTopicsResponse.java]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)