Julian Eberius created SENTRY-2276:
--------------------------------------
Summary: Sentry-Kafka integration does not support Kafka's
Alter/DescribeConfigs operations
Key: SENTRY-2276
URL: https://issues.apache.org/jira/browse/SENTRY-2276
Project: Sentry
Issue Type: Bug
Components: kafka-integration
Environment: Cloudera's Kafka (CDK 3.1.0) and Sentry Distribution, as
included with CDH 5.13
Reporter: Julian Eberius
When sending AlterConfigs or DescribeConfigs requests using Kafka's AdminClient
class to a Sentry-enabled Kafka broker, I noticed that the request would fail
on the broker side with a NullPointerException in
ResourceAuthorizationProvider::buildPermissions, the action being null.
However, other requests, such as DescribeTopics, would work fine. I discovered
that these request type are not covered in Sentry's
[KafkaActionFactory|https://github.com/apache/sentry/blob/branch-2.0/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java]
which leads to null values being returned as Actions, e.g., from
getActionByName.
Compare with Kafka's list of authenticable operations in
[Operation.scala|https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/security/auth/Operation.scala]
.
Though I don't know any details about it, the command "IdempotentWrite" also
seems unsupported on the Sentry side.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
