kalyan kumar kalvagadda created KAFKA-6091: ----------------------------------------------
Summary: Authorization API is called hundred's of times when there are no privileges Key: KAFKA-6091 URL: https://issues.apache.org/jira/browse/KAFKA-6091 Project: Kafka Issue Type: Bug Components: security Affects Versions: 0.11.0.0 Reporter: kalyan kumar kalvagadda This issue is observed with kafka/sentry integration. When sentry does not have any permissions for a topic and there is a producer trying to add a message to a topic, sentry returns failure but Kafka is not able to handle it properly and is ending up invoking sentry Auth API ~564 times. This will choke authorization service. Here are the list of privileges that are needed for a producer to add a message to a topic In this example "192.168.0.3" is hostname and topic name is "tOpIc1" {noformat} HOST=192.168.0.3->Topic=tOpIc1->action=DESCRIBE HOST=192.168.0.3->Cluster=kafka-cluster->action=CREATE HOST=192.168.0.3->Topic=tOpIc1->action=WRITE {noformat} This problem is reported in this jira is seen when there are no permissions. Movement a DESCRIBE permission is added, this issue is not seen. Authorization fails but kafka doesn't bombard with he more requests. -- This message was sent by Atlassian JIRA (v6.4.14#64029)