[
https://issues.apache.org/jira/browse/KAFKA-3950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15372705#comment-15372705
]
TAO XIAO edited comment on KAFKA-3950 at 7/12/16 11:18 AM:
-----------------------------------------------------------
How about we still keep the filtering on client side and fix the broken piece?
Here is the trouble maker
[ConsumerCoordinator.java|https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/clients/consumer/internals/ConsumerCoordinator.java#L150]
that fails the validation. Can we remove below check?
{code}
if (!cluster.unauthorizedTopics().isEmpty())
throw new TopicAuthorizationException(new
HashSet<>(cluster.unauthorizedTopics()));
{code}
As the authorization check has been done on server-side already when fetching
metadata all topics stored in {code}cluster.topics(){code} should be the ones
the consumer has permission to read. We can simply return them that matches the
pattern to end user
was (Author: xiaotao183):
How about we still keep the filtering on client side and fix the broken piece?
Here is the trouble maker
[ConsumerCoordinator.java|https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/clients/consumer/internals/ConsumerCoordinator.java#L150]
that fails the validation. Can we remove below check?
{code}
if (!cluster.unauthorizedTopics().isEmpty())
throw new TopicAuthorizationException(new
HashSet<>(cluster.unauthorizedTopics()));
{code}
As the authorization check has been done on server-side already when fetching
metadata all topics stored in {code}cluster.topics(){code} should the ones the
consumer has permission to read. We can simply return them that matches the
pattern to end user
> kafka mirror maker tool is not respecting whitelist option
> ----------------------------------------------------------
>
> Key: KAFKA-3950
> URL: https://issues.apache.org/jira/browse/KAFKA-3950
> Project: Kafka
> Issue Type: Bug
> Reporter: Raghav Kumar Gautam
> Assignee: Manikumar Reddy
> Priority: Critical
>
> A mirror maker launched like this:
> {code}
> /usr/bin/kinit -k -t /home/kfktest/hadoopqa/keytabs/kfktest.headless.keytab
> [email protected]
> JAVA_HOME=/usr/jdk64/jdk1.8.0_77 JMX_PORT=9112
> /usr/kafka/bin/kafka-run-class.sh kafka.tools.MirrorMaker --consumer.config
> /usr/kafka/system_test/mirror_maker_testsuite/testcase_15001/config/mirror_consumer_12.properties
> --producer.config
> /usr/kafka/system_test/mirror_maker_testsuite/testcase_15001/config/mirror_producer_12.properties
> --new.consumer --whitelist="test.*" >>
> /usr/kafka/system_test/mirror_maker_testsuite/testcase_15001/logs/mirror_maker-12/mirror_maker_12.log
> 2>&1 & echo pid:$! >
> /usr/kafka/system_test/mirror_maker_testsuite/testcase_15001/logs/mirror_maker-12/entity_12_pid
> {code}
> Lead to TopicAuthorizationException:
> {code}
> WARN Error while fetching metadata with correlation id 44 :
> {__consumer_offsets=TOPIC_AUTHORIZATION_FAILED}
> (org.apache.kafka.clients.NetworkClient)
> [2016-06-20 13:24:49,983] FATAL [mirrormaker-thread-0] Mirror maker thread
> failure due to (kafka.tools.MirrorMaker$MirrorMakerThread)
> org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to
> access topics: [__consumer_offsets]
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
