[jira] [Resolved] (KAFKA-13852) Kafka Acl documentation bug for wildcard '*'

Sun, 24 Apr 2022 02:08:05 -0700 


     [ 
https://issues.apache.org/jira/browse/KAFKA-13852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Luke Chen resolved KAFKA-13852.
-------------------------------
    Fix Version/s: 3.3.0
       Resolution: Fixed

> Kafka Acl documentation bug for wildcard '*'
> --------------------------------------------
>
>                 Key: KAFKA-13852
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13852
>             Project: Kafka
>          Issue Type: Bug
>          Components: docs, documentation
>    Affects Versions: 3.1.0, 3.2.0, 3.1.2
>         Environment: Mac OS, Linux
>            Reporter: hongwei.xiang
>            Priority: Minor
>             Fix For: 3.3.0
>
>
> There is a Kafka Acl documentation bug for wildcard '*' in the 
> [Examples|https://kafka.apache.org/documentation/#security_authz_examples].
> The bug is when we run the below script in one folder which is not empty, we 
> can not set ACL correctly. However, it works only the folder is empty.
> We can find the scripts with wildcard '*' from the Kafka documentation.
>  
> {code:java}
> // Adding Acls
> > bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 
> > --add --allow-principal User:Peter --allow-host 198.51.200.1 --producer 
> > --topic * 
> // List Acls
> > bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 
> > --list --topic *{code}
>  
> Reproduce the issue:
>  # Create a file foo.txt under an empty folder
>  # Run the script to add an acl by using the wildcard resource '*'
>  # We can find the resource name is 'foo.txt'. Not wildcard '*'
>  
> {code:java}
> // code placeholder
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  ll
> total 0
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  touch foo.txt
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  ll
> total 0
> -rw-r--r--  1 hongwei.xiang  345931250     0B Apr 23 19:05 foo.txt
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  ~/bin/kafka-acls.sh 
> --authorizer-properties zookeeper.connect=localhost:2181 --add 
> --allow-principal User:Peter --allow-host 198.51.200.1 --producer --topic *
> Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW)
> Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW)
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  ~/bin/kafka-acls.sh 
> --authorizer-properties zookeeper.connect=localhost:2181 --add 
> --allow-principal User:Peter --allow-host 198.51.200.1 --topic * --producer
> Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW)
> Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW) 
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  ~/bin/kafka-acls.sh 
> --authorizer-properties zookeeper.connect=localhost:2181 --list --topic *
> Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW){code}
>  
> To resolve the issue:
> Add single quotes for the wildcard '*' in the script.
> {code:java}
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  ~/bin/kafka-acls.sh 
> --authorizer-properties zookeeper.connect=localhost:2181 --add 
> --allow-principal User:Peter --allow-host 198.51.200.1 --producer --topic '*'
> Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=*, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW)
> Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=*, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW) 
> (base)  hongwei.xiang@hongweixiang  ~/Downloads/test  ~/bin/kafka-acls.sh 
> --authorizer-properties zookeeper.connect=localhost:2181 --list --topic '*'
> Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=*, 
> patternType=LITERAL)`:
>     (principal=User:Peter, host=198.51.200.1, operation=WRITE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=CREATE, 
> permissionType=ALLOW)
>     (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, 
> permissionType=ALLOW){code}
> I've submitted a pull request: "KAFKA-13852: Kafka Acl documentation bug for 
> wildcard '*' #12090"



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to