rondagostino commented on a change in pull request #9378:
URL: https://github.com/apache/kafka/pull/9378#discussion_r500460487
##########
File path: tests/kafkatest/services/security/kafka_acls.py
##########
@@ -93,11 +97,13 @@ def add_cluster_acl(self, kafka, principal,
force_use_zk_connection=False):
force_use_zk_connection = force_use_zk_connection or not
kafka.all_nodes_acl_command_supports_bootstrap_server()
- cmd = "%(cmd_prefix)s --add --cluster --operation=ClusterAction
--allow-principal=%(principal)s" % {
- 'cmd_prefix': self._acl_cmd_prefix(kafka, node,
force_use_zk_connection),
- 'principal': principal
- }
- kafka.run_cli_tool(node, cmd)
+ for operation in ['ClusterAction', 'Alter', 'Create']:
Review comment:
Yes, Alter is needed to create user SCRAM credentials, and Create is
needed to create topics. When we start up a cluster we create the
`__consumer_offsets` topic and a `test_topic` (typically). If the test is
using SCRAM we also create the SCRAM credentials at this point. We now use
`--bootstrap-server` instead of `--zookeeper` for these CLI operations, and
without these ACLs a system test will not be able to perform these necessary
actions if security is enabled.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
