[ https://issues.apache.org/jira/browse/KAFKA-13852?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Luke Chen resolved KAFKA-13852. ------------------------------- Fix Version/s: 3.3.0 Resolution: Fixed > Kafka Acl documentation bug for wildcard '*' > -------------------------------------------- > > Key: KAFKA-13852 > URL: https://issues.apache.org/jira/browse/KAFKA-13852 > Project: Kafka > Issue Type: Bug > Components: docs, documentation > Affects Versions: 3.1.0, 3.2.0, 3.1.2 > Environment: Mac OS, Linux > Reporter: hongwei.xiang > Priority: Minor > Fix For: 3.3.0 > > > There is a Kafka Acl documentation bug for wildcard '*' in the > [Examples|https://kafka.apache.org/documentation/#security_authz_examples]. > The bug is when we run the below script in one folder which is not empty, we > can not set ACL correctly. However, it works only the folder is empty. > We can find the scripts with wildcard '*' from the Kafka documentation. > > {code:java} > // Adding Acls > > bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 > > --add --allow-principal User:Peter --allow-host 198.51.200.1 --producer > > --topic * > // List Acls > > bin/kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 > > --list --topic *{code} > > Reproduce the issue: > # Create a file foo.txt under an empty folder > # Run the script to add an acl by using the wildcard resource '*' > # We can find the resource name is 'foo.txt'. Not wildcard '*' > > {code:java} > // code placeholder > (base) hongwei.xiang@hongweixiang ~/Downloads/test ll > total 0 > (base) hongwei.xiang@hongweixiang ~/Downloads/test touch foo.txt > (base) hongwei.xiang@hongweixiang ~/Downloads/test ll > total 0 > -rw-r--r-- 1 hongwei.xiang 345931250 0B Apr 23 19:05 foo.txt > (base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=localhost:2181 --add > --allow-principal User:Peter --allow-host 198.51.200.1 --producer --topic * > Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW) > Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW) > (base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=localhost:2181 --add > --allow-principal User:Peter --allow-host 198.51.200.1 --topic * --producer > Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW) > Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW) > (base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=localhost:2181 --list --topic * > Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=foo.txt, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW){code} > > To resolve the issue: > Add single quotes for the wildcard '*' in the script. > {code:java} > (base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=localhost:2181 --add > --allow-principal User:Peter --allow-host 198.51.200.1 --producer --topic '*' > Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=*, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW) > Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=*, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW) > (base) hongwei.xiang@hongweixiang ~/Downloads/test ~/bin/kafka-acls.sh > --authorizer-properties zookeeper.connect=localhost:2181 --list --topic '*' > Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name=*, > patternType=LITERAL)`: > (principal=User:Peter, host=198.51.200.1, operation=WRITE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=CREATE, > permissionType=ALLOW) > (principal=User:Peter, host=198.51.200.1, operation=DESCRIBE, > permissionType=ALLOW){code} > I've submitted a pull request: "KAFKA-13852: Kafka Acl documentation bug for > wildcard '*' #12090" -- This message was sent by Atlassian Jira (v8.20.7#820007)