showuon commented on PR #12105: URL: https://github.com/apache/kafka/pull/12105#issuecomment-1111878830
@dengziming , thanks for the quick investigation! Nice finding! Yes, once idempotent producer is enabled, the transactionManager will be created. And in Sender run loop [here](https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/clients/producer/internals/Sender.java#L314), we'll try to create the producer ID with `null` transaction ID. In the server side, we always check the transaction-ID write permission, which causes the authorization error. But my question will be, could we, on the other hand, fix the issue in the server side, to skip the transaction ID permission check if transaction ID is `null`? Also, we might test cases for it. You could refer to the test: `AuthorizerIntegrationTest#testAuthorizeByResourceTypeMultipleAddAndRemove`. Great find again! Thank you! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
