You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Piotr (Jira)" <ji...@apache.org> on 2021/11/10 13:11:00 UTC
[jira] [Created] (KAFKA-13440) AdminClient.createAcls() fails if
principal name is not prefixed with "PrincipalType:" without proper
description
Piotr created KAFKA-13440:
-----------------------------
Summary: AdminClient.createAcls() fails if principal name is not prefixed with "PrincipalType:" without proper description
Key: KAFKA-13440
URL: https://issues.apache.org/jira/browse/KAFKA-13440
Project: Kafka
Issue Type: Bug
Components: admin, clients
Affects Versions: 3.0.0
Environment: Admin client runs on Windows 10, Kafka cluster runs on WSL2 Ubuntu-20.04 LTS
Java 11
POM:
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>3.0.0</version>
</dependency>
Reporter: Piotr
AdminClient.createAcls() call without "User:" prefix for principal fails with "{color:#172b4d}org.apache.kafka.common.errors.UnknownServerException: The server experienced an unexpected error when processing the request." error, that says nothing about what is wrong{color}
*AdminClient properties:*
String host = "172.17.157.212:9092";
adminClientProperties = new Properties();
adminClientProperties.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, host);
adminClientProperties.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
// SSL configuration
adminClientProperties.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG,
Paths.get(getClass().getResource("/client.keystore.jks").toURI()).toString());
adminClientProperties.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "123456");
adminClientProperties.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "123456");
adminClientProperties.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG,
Paths.get(getClass().getResource("/client.truststore.jks").toURI()).toString());
adminClientProperties.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "123456");
// SASL configuration
adminClientProperties.put(SaslConfigs.SASL_MECHANISM, "SCRAM-SHA-512");
adminClientProperties.put(SaslConfigs.SASL_JAAS_CONFIG,
"org.apache.kafka.common.security.scram.ScramLoginModule required username=\"admin\" password=\"admin-secret\";");
*Create ACLs call without "User:" prefix for principal:*
try (Admin adminClient = Admin.create(adminClientProperties)) {
ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC, pTopicName, PatternType.LITERAL);
AccessControlEntry accessControlEntry = new AccessControlEntry(pPrincipal_name,
host, AclOperation.READ, AclPermissionType.ALLOW);
AclBinding aclBinding = new AclBinding(resourcePattern, accessControlEntry);
CreateAclsResult createAclsResult = adminClient.createAcls(Arrays.asList(aclBinding));
KafkaFuture<Void> future = createAclsResult.all();
future.get();
}catch (Exception e){
System.out.println(e.getMessage());
throw new Exception();
}
*fails:*
{color:#FF0000}org.apache.kafka.common.errors.UnknownServerException: The server experienced an unexpected error when processing the request.{color}
*Create ACLs call with "User:" prefix for principal works fine:*
try (Admin adminClient = Admin.create(adminClientProperties)) {
ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC, pTopicName, PatternType.LITERAL);
AccessControlEntry accessControlEntry = new AccessControlEntry({*}{color:#FF0000}"User:"{color}{*} + pPrincipal_name,
host, AclOperation.READ, AclPermissionType.ALLOW);
AclBinding aclBinding = new AclBinding(resourcePattern, accessControlEntry);
CreateAclsResult createAclsResult = adminClient.createAcls(Arrays.asList(aclBinding));
KafkaFuture<Void> future = createAclsResult.all();
future.get();
}catch (Exception e){
System.out.println(e.getMessage());
throw new Exception();
}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)