You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Alexandre GRIFFAUT (Jira)" <ji...@apache.org> on 2022/09/16 10:13:00 UTC
[jira] [Created] (KAFKA-14236) ListGroups request produces too much Denied logs in authorizer
Alexandre GRIFFAUT created KAFKA-14236:
------------------------------------------
Summary: ListGroups request produces too much Denied logs in authorizer
Key: KAFKA-14236
URL: https://issues.apache.org/jira/browse/KAFKA-14236
Project: Kafka
Issue Type: Bug
Components: core
Affects Versions: 3.2.1, 3.1.1, 3.0.1, 2.8.1, 2.7.2, 2.6.3, 2.5.1, 2.4.1, 2.3.1, 2.2.2, 2.1.1, 2.0.1
Reporter: Alexandre GRIFFAUT
Context
On a multi-tenant secured cluster, with many consumers, a call to ListGroups api will log an authorization error for each consumer group of other tenant.
Reason
The handleListGroupsRequest function first tries to authorize a DESCRIBE CLUSTER, and if it fails it will then try to authorize a DESCRIBE GROUP on each consumer group.
Fix
In that case neither the DESCRIBE CLUSTER, nor the DESCRIBE GROUP of other tenant were intended, and should be specified in the Action using logIfDenied: false
--
This message was sent by Atlassian Jira
(v8.20.10#820010)