[
https://issues.apache.org/jira/browse/SENTRY-2276?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kalyan Kalvagadda updated SENTRY-2276:
--------------------------------------
Fix Version/s: 2.2.0
> Sentry-Kafka integration does not support Kafka's Alter/DescribeConfigs and
> IdempotentWrite operations
> ------------------------------------------------------------------------------------------------------
>
> Key: SENTRY-2276
> URL: https://issues.apache.org/jira/browse/SENTRY-2276
> Project: Sentry
> Issue Type: Bug
> Components: kafka-integration
> Environment: Cloudera's Kafka (CDK 3.1.0) and Sentry Distribution, as
> included with CDH 5.13
> Reporter: Julian Eberius
> Assignee: Gergo Wilder
> Priority: Minor
> Fix For: 2.2.0
>
> Attachments: SENTRY-2276.002.patch, SENTRY-2276.003.patch
>
>
> When sending AlterConfigs or DescribeConfigs requests using Kafka's
> AdminClient class to a Sentry-enabled Kafka broker, I noticed that the
> request would fail on the broker side with a NullPointerException in
> ResourceAuthorizationProvider::buildPermissions, the action being null.
> However, other requests, such as DescribeTopics, would work fine. I
> discovered that these request type are not covered in Sentry's
> [KafkaActionFactory|https://github.com/apache/sentry/blob/branch-2.0/sentry-core/sentry-core-model-kafka/src/main/java/org/apache/sentry/core/model/kafka/KafkaActionFactory.java]
> which leads to null values being returned as Actions, e.g., from
> getActionByName.
> Sentry's Kafka binding does not support the following actions that are
> defined by Kafka's authorization model:
> * AlterConfigs
> * DescribeConfigs
> * IdempotentWrite
> It does not support the TransactionalId authorizable resource either that is
> required for using Kafka's transactional capabilities in combination with
> Sentry authorizer.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
