[
https://issues.apache.org/jira/browse/KAFKA-7216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16628111#comment-16628111
]
ASF GitHub Bot commented on KAFKA-7216:
---------------------------------------
junrao closed pull request #5680: KAFKA-7216: Ignore unknown ResourceTypes
while loading acl cache
URL: https://github.com/apache/kafka/pull/5680
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
index da85b009c89..979f7f6ab1f 100644
--- a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
+++ b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
@@ -23,7 +23,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock
import com.typesafe.scalalogging.Logger
import kafka.common.{NotificationHandler, ZkNodeChangeNotificationListener}
import kafka.network.RequestChannel.Session
-import kafka.security.auth.SimpleAclAuthorizer.{VersionedAcls, NoAcls}
+import kafka.security.auth.SimpleAclAuthorizer.{NoAcls, VersionedAcls}
import kafka.server.KafkaConfig
import kafka.utils.CoreUtils.{inReadLock, inWriteLock}
import kafka.utils._
@@ -32,7 +32,7 @@ import org.apache.kafka.common.security.auth.KafkaPrincipal
import org.apache.kafka.common.utils.{SecurityUtils, Time}
import scala.collection.JavaConverters._
-import scala.util.Random
+import scala.util.{Failure, Random, Success, Try}
object SimpleAclAuthorizer {
//optional override zookeeper cluster configuration where acls will be
stored, if not specified acls will be stored in
@@ -216,11 +216,16 @@ class SimpleAclAuthorizer extends Authorizer with Logging
{
inWriteLock(lock) {
val resourceTypes = zkClient.getResourceTypes()
for (rType <- resourceTypes) {
- val resourceType = ResourceType.fromString(rType)
- val resourceNames = zkClient.getResourceNames(resourceType.name)
- for (resourceName <- resourceNames) {
- val versionedAcls = getAclsFromZk(Resource(resourceType,
resourceName))
- updateCache(new Resource(resourceType, resourceName), versionedAcls)
+ val resourceType = Try(ResourceType.fromString(rType))
+ resourceType match {
+ case Success(resourceTypeObj) => {
+ val resourceNames = zkClient.getResourceNames(resourceTypeObj.name)
+ for (resourceName <- resourceNames) {
+ val versionedAcls = getAclsFromZk(Resource(resourceTypeObj,
resourceName))
+ updateCache(new Resource(resourceTypeObj, resourceName),
versionedAcls)
+ }
+ }
+ case Failure(f) => warn(s"Ignoring unknown ResourceType: $rType")
}
}
}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Exception while running kafka-acls.sh from 1.0 env on target Kafka env with
> 1.1.1
> ---------------------------------------------------------------------------------
>
> Key: KAFKA-7216
> URL: https://issues.apache.org/jira/browse/KAFKA-7216
> Project: Kafka
> Issue Type: Bug
> Components: admin
> Affects Versions: 1.1.0, 1.1.1, 2.0.0
> Reporter: Satish Duggana
> Assignee: Manikumar
> Priority: Major
>
> When `kafka-acls.sh` with SimpleAclAuthorizer on target Kafka cluster with
> 1.1.1 version, it throws the below error.
> {code:java}
> kafka.common.KafkaException: DelegationToken not a valid resourceType name.
> The valid names are Topic,Group,Cluster,TransactionalId
> at
> kafka.security.auth.ResourceType$$anonfun$fromString$1.apply(ResourceType.scala:56)
> at
> kafka.security.auth.ResourceType$$anonfun$fromString$1.apply(ResourceType.scala:56)
> at scala.Option.getOrElse(Option.scala:121)
> at kafka.security.auth.ResourceType$.fromString(ResourceType.scala:56)
> at
> kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1$$anonfun$apply$mcV$sp$1.apply(SimpleAclAuthorizer.scala:233)
> at
> kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1$$anonfun$apply$mcV$sp$1.apply(SimpleAclAuthorizer.scala:232)
> at scala.collection.Iterator$class.foreach(Iterator.scala:891)
> at scala.collection.AbstractIterator.foreach(Iterator.scala:1334)
> at scala.collection.IterableLike$class.foreach(IterableLike.scala:72)
> at scala.collection.AbstractIterable.foreach(Iterable.scala:54)
> at
> kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1.apply$mcV$sp(SimpleAclAuthorizer.scala:232)
> at
> kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1.apply(SimpleAclAuthorizer.scala:230)
> at
> kafka.security.auth.SimpleAclAuthorizer$$anonfun$loadCache$1.apply(SimpleAclAuthorizer.scala:230)
> at kafka.utils.CoreUtils$.inLock(CoreUtils.scala:216)
> at kafka.utils.CoreUtils$.inWriteLock(CoreUtils.scala:224)
> at
> kafka.security.auth.SimpleAclAuthorizer.loadCache(SimpleAclAuthorizer.scala:230)
> at
> kafka.security.auth.SimpleAclAuthorizer.configure(SimpleAclAuthorizer.scala:114)
> at kafka.admin.AclCommand$.withAuthorizer(AclCommand.scala:83)
> at kafka.admin.AclCommand$.addAcl(AclCommand.scala:93)
> at kafka.admin.AclCommand$.main(AclCommand.scala:53)
> at kafka.admin.AclCommand.main(AclCommand.scala)
> {code}
>
> This is because it tries to get all the resource types registered from ZK
> path and it throws error when `DelegationToken` resource is not defined in
> `ResourceType` of client's Kafka version(which is earlier than 1.1.x)
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
