[kafka] branch trunk updated: KAFKA-14236; ListGroups request produces too much Denied logs in authorizer (#12652)

Wed, 21 Sep 2022 17:42:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

jgus pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new cb9557a9905 KAFKA-14236; ListGroups request produces too much Denied 
logs in authorizer (#12652)
cb9557a9905 is described below

commit cb9557a99050bf317cb347cc7756a61f25ce032d
Author: aLeX <agriff...@gmail.com>
AuthorDate: Thu Sep 22 02:42:30 2022 +0200

    KAFKA-14236; ListGroups request produces too much Denied logs in authorizer 
(#12652)
    
    Avoid `is Denied Operation` logs when calling ListGroups api, by adding 
`logIfDenied = false` to `authorize` calls.
    
    Reviewers: Jason Gustafson <ja...@confluent.io>
---
 core/src/main/scala/kafka/server/KafkaApis.scala | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/src/main/scala/kafka/server/KafkaApis.scala 
b/core/src/main/scala/kafka/server/KafkaApis.scala
index 7b3f8269f4a..bae20f25667 100644
--- a/core/src/main/scala/kafka/server/KafkaApis.scala
+++ b/core/src/main/scala/kafka/server/KafkaApis.scala
@@ -1635,12 +1635,12 @@ class KafkaApis(val requestChannel: RequestChannel,
         )
     }
     val (error, groups) = groupCoordinator.handleListGroups(states)
-    if (authHelper.authorize(request.context, DESCRIBE, CLUSTER, CLUSTER_NAME))
+    if (authHelper.authorize(request.context, DESCRIBE, CLUSTER, CLUSTER_NAME, 
logIfDenied = false))
       // With describe cluster access all groups are returned. We keep this 
alternative for backward compatibility.
       requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
         createResponse(requestThrottleMs, groups, error))
     else {
-      val filteredGroups = groups.filter(group => 
authHelper.authorize(request.context, DESCRIBE, GROUP, group.groupId))
+      val filteredGroups = groups.filter(group => 
authHelper.authorize(request.context, DESCRIBE, GROUP, group.groupId, 
logIfDenied = false))
       requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
         createResponse(requestThrottleMs, filteredGroups, error))
     }

Reply via email to