[ https://issues.apache.org/jira/browse/KAFKA-7216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16628111#comment-16628111 ]
ASF GitHub Bot commented on KAFKA-7216: --------------------------------------- junrao closed pull request #5680: KAFKA-7216: Ignore unknown ResourceTypes while loading acl cache URL: https://github.com/apache/kafka/pull/5680 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala index da85b009c89..979f7f6ab1f 100644 --- a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala +++ b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala @@ -23,7 +23,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock import com.typesafe.scalalogging.Logger import kafka.common.{NotificationHandler, ZkNodeChangeNotificationListener} import kafka.network.RequestChannel.Session -import kafka.security.auth.SimpleAclAuthorizer.{VersionedAcls, NoAcls} +import kafka.security.auth.SimpleAclAuthorizer.{NoAcls, VersionedAcls} import kafka.server.KafkaConfig import kafka.utils.CoreUtils.{inReadLock, inWriteLock} import kafka.utils._ @@ -32,7 +32,7 @@ import org.apache.kafka.common.security.auth.KafkaPrincipal import org.apache.kafka.common.utils.{SecurityUtils, Time} import scala.collection.JavaConverters._ -import scala.util.Random +import scala.util.{Failure, Random, Success, Try} object SimpleAclAuthorizer { //optional override zookeeper cluster configuration where acls will be stored, if not specified acls will be stored in @@ -216,11 +216,16 @@ class SimpleAclAuthorizer extends Authorizer with Logging { inWriteLock(lock) { val resourceTypes = zkClient.getResourceTypes() for (rType <- resourceTypes) { - val resourceType = ResourceType.fromString(rType) - val resourceNames = zkClient.getResourceNames(resourceType.name) - for (resourceName <- resourceNames) { - val versionedAcls = getAclsFromZk(Resource(resourceType, resourceName)) - updateCache(new Resource(resourceType, resourceName), versionedAcls) + val resourceType = Try(ResourceType.fromString(rType)) + resourceType match { + case Success(resourceTypeObj) => { + val resourceNames = zkClient.getResourceNames(resourceTypeObj.name) + for (resourceName <- resourceNames) { + val versionedAcls = getAclsFromZk(Resource(resourceTypeObj, resourceName)) + updateCache(new Resource(resourceTypeObj, resourceName), versionedAcls) + } + } + case Failure(f) => warn(s"Ignoring unknown ResourceType: $rType") } } } ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Exception while running kafka-acls.sh from 1.0 env on target Kafka env with > 1.1.1 > --------------------------------------------------------------------------------- > > Key: KAFKA-7216 > URL: https://issues.apache.org/jira/browse/KAFKA-7216 > Project: Kafka > Issue Type: Bug > Components: admin > Affects Versions: 1.1.0, 1.1.1, 2.0.0 > Reporter: Satish Duggana > Assignee: Manikumar > Priority: Major > > When `kafka-acls.sh` with SimpleAclAuthorizer on target Kafka cluster with > 1.1.1 version, it throws the below error. > {code:java} > kafka.common.KafkaException: DelegationToken not a valid resourceType name. > The valid names are Topic,Group,Cluster,TransactionalId > at > kafka.security.auth.ResourceType$$anonfun$fromString$1.apply(ResourceType.scala:56) > at > kafka.security.auth.ResourceType$$anonfun$fromString$1.apply(ResourceType.scala:56) > at scala.Option.getOrElse(Option.scala:121) > at kafka.security.auth.ResourceType$.fromString(ResourceType.scala:56) > at > kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1$$anonfun$apply$mcV$sp$1.apply(SimpleAclAuthorizer.scala:233) > at > kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1$$anonfun$apply$mcV$sp$1.apply(SimpleAclAuthorizer.scala:232) > at scala.collection.Iterator$class.foreach(Iterator.scala:891) > at scala.collection.AbstractIterator.foreach(Iterator.scala:1334) > at scala.collection.IterableLike$class.foreach(IterableLike.scala:72) > at scala.collection.AbstractIterable.foreach(Iterable.scala:54) > at > kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1.apply$mcV$sp(SimpleAclAuthorizer.scala:232) > at > kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1.apply(SimpleAclAuthorizer.scala:230) > at > kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1.apply(SimpleAclAuthorizer.scala:230) > at kafka.utils.CoreUtils$.inLock(CoreUtils.scala:216) > at kafka.utils.CoreUtils$.inWriteLock(CoreUtils.scala:224) > at > kafka.security.auth.SimpleAclAuthorizer.loadCache(SimpleAclAuthorizer.scala:230) > at > kafka.security.auth.SimpleAclAuthorizer.configure(SimpleAclAuthorizer.scala:114) > at kafka.admin.AclCommand$.withAuthorizer(AclCommand.scala:83) > at kafka.admin.AclCommand$.addAcl(AclCommand.scala:93) > at kafka.admin.AclCommand$.main(AclCommand.scala:53) > at kafka.admin.AclCommand.main(AclCommand.scala) > {code} > > This is because it tries to get all the resource types registered from ZK > path and it throws error when `DelegationToken` resource is not defined in > `ResourceType` of client's Kafka version(which is earlier than 1.1.x) > -- This message was sent by Atlassian JIRA (v7.6.3#76005)