Svyatoslav created KAFKA-14182: ---------------------------------- Summary: KRaft and ACL + GSSAPI Key: KAFKA-14182 URL: https://issues.apache.org/jira/browse/KAFKA-14182 Project: Kafka Issue Type: Bug Components: kraft Affects Versions: 3.2.1 Reporter: Svyatoslav
In KRaft mode with GSSAPI and ACL when i am adding any new ACL in log file i am always have some information like this: {code:java} [2022-08-24 18:04:41,830] ERROR [StandardAuthorizer 1] addAcl error (org.apache.kafka.metadata.authorizer.StandardAuthorizerData) java.lang.RuntimeException: An ACL with ID Gk-Hx0tvQIS8B1RT8R-odw already exists. at org.apache.kafka.metadata.authorizer.StandardAuthorizerData.addAcl(StandardAuthorizerData.java:169) at org.apache.kafka.metadata.authorizer.StandardAuthorizer.addAcl(StandardAuthorizer.java:83) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$19(BrokerMetadataPublisher.scala:234) at java.util.LinkedHashMap$LinkedEntrySet.forEach(LinkedHashMap.java:671) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18(BrokerMetadataPublisher.scala:232) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18$adapted(BrokerMetadataPublisher.scala:221) at scala.Option.foreach(Option.scala:437) at kafka.server.metadata.BrokerMetadataPublisher.publish(BrokerMetadataPublisher.scala:221) at kafka.server.metadata.BrokerMetadataListener.kafka$server$metadata$BrokerMetadataListener$$publish(BrokerMetadataListener.scala:258) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2(BrokerMetadataListener.scala:119) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2$adapted(BrokerMetadataListener.scala:119) at scala.Option.foreach(Option.scala:437) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.run(BrokerMetadataListener.scala:119) at org.apache.kafka.queue.KafkaEventQueue$EventContext.run(KafkaEventQueue.java:121) at org.apache.kafka.queue.KafkaEventQueue$EventHandler.handleEvents(KafkaEventQueue.java:200) at org.apache.kafka.queue.KafkaEventQueue$EventHandler.run(KafkaEventQueue.java:173) at java.lang.Thread.run(Thread.java:750) [2022-08-24 18:04:41,858] ERROR [BrokerMetadataPublisher id=1] Error publishing broker metadata at OffsetAndEpoch(offset=500, epoch=4) (kafka.server.metadata.BrokerMetadataPublisher) java.lang.RuntimeException: An ACL with ID Gk-Hx0tvQIS8B1RT8R-odw already exists. at org.apache.kafka.metadata.authorizer.StandardAuthorizerData.addAcl(StandardAuthorizerData.java:169) at org.apache.kafka.metadata.authorizer.StandardAuthorizer.addAcl(StandardAuthorizer.java:83) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$19(BrokerMetadataPublisher.scala:234) at java.util.LinkedHashMap$LinkedEntrySet.forEach(LinkedHashMap.java:671) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18(BrokerMetadataPublisher.scala:232) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18$adapted(BrokerMetadataPublisher.scala:221) at scala.Option.foreach(Option.scala:437) at kafka.server.metadata.BrokerMetadataPublisher.publish(BrokerMetadataPublisher.scala:221) at kafka.server.metadata.BrokerMetadataListener.kafka$server$metadata$BrokerMetadataListener$$publish(BrokerMetadataListener.scala:258) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2(BrokerMetadataListener.scala:119) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2$adapted(BrokerMetadataListener.scala:119) at scala.Option.foreach(Option.scala:437) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.run(BrokerMetadataListener.scala:119) at org.apache.kafka.queue.KafkaEventQueue$EventContext.run(KafkaEventQueue.java:121) at org.apache.kafka.queue.KafkaEventQueue$EventHandler.handleEvents(KafkaEventQueue.java:200) at org.apache.kafka.queue.KafkaEventQueue$EventHandler.run(KafkaEventQueue.java:173) at java.lang.Thread.run(Thread.java:750) [2022-08-24 18:04:41,859] ERROR [BrokerMetadataListener id=1] Unexpected error handling HandleCommitsEvent (kafka.server.metadata.BrokerMetadataListener) java.lang.RuntimeException: An ACL with ID Gk-Hx0tvQIS8B1RT8R-odw already exists. at org.apache.kafka.metadata.authorizer.StandardAuthorizerData.addAcl(StandardAuthorizerData.java:169) at org.apache.kafka.metadata.authorizer.StandardAuthorizer.addAcl(StandardAuthorizer.java:83) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$19(BrokerMetadataPublisher.scala:234) at java.util.LinkedHashMap$LinkedEntrySet.forEach(LinkedHashMap.java:671) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18(BrokerMetadataPublisher.scala:232) at kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18$adapted(BrokerMetadataPublisher.scala:221) at scala.Option.foreach(Option.scala:437) at kafka.server.metadata.BrokerMetadataPublisher.publish(BrokerMetadataPublisher.scala:221) at kafka.server.metadata.BrokerMetadataListener.kafka$server$metadata$BrokerMetadataListener$$publish(BrokerMetadataListener.scala:258) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2(BrokerMetadataListener.scala:119) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2$adapted(BrokerMetadataListener.scala:119) at scala.Option.foreach(Option.scala:437) at kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.run(BrokerMetadataListener.scala:119) at org.apache.kafka.queue.KafkaEventQueue$EventContext.run(KafkaEventQueue.java:121) at org.apache.kafka.queue.KafkaEventQueue$EventHandler.handleEvents(KafkaEventQueue.java:200) at org.apache.kafka.queue.KafkaEventQueue$EventHandler.run(KafkaEventQueue.java:173) at java.lang.Thread.run(Thread.java:750) {code} The main problem is here: https://github.com/apache/kafka/blob/4878653016c32e55d6e829ea1b4f80a825459706/metadata/src/main/java/org/apache/kafka/metadata/authorizer/StandardAuthorizerData.java if (prevAcl != null) { throw new RuntimeException("An ACL with ID " + id + " already exists."); } Do we need an exeption or may be just change it to: if (prevAcl != null) { log.trace("An ACL with ID " + id + " already exists."); } ? -- This message was sent by Atlassian Jira (v8.20.10#820010)