[ https://issues.apache.org/jira/browse/SENTRY-2276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16839447#comment-16839447 ]
Julian Eberius commented on SENTRY-2276: ---------------------------------------- I have now encountered the same problem when enabling idempotent writes in Kafka producers. Writes fail with an "UnknownServerError" as soon as the Kafka-Sentry integration is enabled. As written above, Kafka-Sentry does not seem to support all operations that are authorizable in Kafka. See the Kafka implementation: [https://github.com/apache/kafka/blob/1.0/core/src/main/scala/kafka/server/KafkaApis.scala#L1493] It tries to authorize the IdempotentWrite operation, which does not exist in the Kafka-Sentry binding. > Sentry-Kafka integration does not support Kafka's Alter/DescribeConfigs > operations > ---------------------------------------------------------------------------------- > > Key: SENTRY-2276 > URL: https://issues.apache.org/jira/browse/SENTRY-2276 > Project: Sentry > Issue Type: Bug > Components: kafka-integration > Environment: Cloudera's Kafka (CDK 3.1.0) and Sentry Distribution, as > included with CDH 5.13 > Reporter: Julian Eberius > Priority: Minor > > When sending AlterConfigs or DescribeConfigs requests using Kafka's > AdminClient class to a Sentry-enabled Kafka broker, I noticed that the > request would fail on the broker side with a NullPointerException in > ResourceAuthorizationProvider::buildPermissions, the action being null. > However, other requests, such as DescribeTopics, would work fine. I > discovered that these request type are not covered in Sentry's > [KafkaActionFactory|https://github.com/apache/sentry/blob/branch-2.0/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java] > which leads to null values being returned as Actions, e.g., from > getActionByName. > Compare with Kafka's list of authenticable operations in > [Operation.scala|https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/security/auth/Operation.scala] > . > Though I don't know any details about it, the command "IdempotentWrite" also > seems unsupported on the Sentry side. -- This message was sent by Atlassian JIRA (v7.6.3#76005)