[jira] [Commented] (KAFKA-8536) Error creating ACL Alter Topic in 2.2
[ https://issues.apache.org/jira/browse/KAFKA-8536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868337#comment-16868337 ] Alvaro Peris commented on KAFKA-8536: - Hi @[Evelyn Bayes|https://issues.apache.org/jira/secure/ViewProfile.jspa?name=EeveeB] The error is minor, it affects the Kafka-acls.sh program, if we create the ACL with the Java API Kafka works correctly as indicated in the documentation. kafka-acls.sh problem seems that it is already solved by omkreddy in the link that you sent. Thanks :) > Error creating ACL Alter Topic in 2.2 > - > > Key: KAFKA-8536 > URL: https://issues.apache.org/jira/browse/KAFKA-8536 > Project: Kafka > Issue Type: Bug > Components: security >Affects Versions: 2.2.1 >Reporter: Alvaro Peris >Priority: Critical > Fix For: 2.2.2 > > > When we try to execute the statement to create an Alter Topic ACL in version > 2.2 of > Kafka through the kafka-acls. > """ > kafka-acls --authorizer-properties > zookeeper.connect=fastdata-zk-discovery:2181 \ > --add \ > --allow-principal User:MyUser \ > --operation Alter \ > --topic topic \ > """ > We get the following error: > > ResourceType TOPIC only supports operations > > """ > Read,All,AlterConfigs,DescribeConfigs,Delete,Write,Create,Describe > """ > It should be possible to create an Alter Topic ACL, according to the > documentation. > Thanks -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KAFKA-8536) Error creating ACL Alter Topic in 2.2
[ https://issues.apache.org/jira/browse/KAFKA-8536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16868155#comment-16868155 ] Evelyn Bayes commented on KAFKA-8536: - Talked to a few people looks like the back port was missed. Looks like that'll happen but I'll update this when it does. > Error creating ACL Alter Topic in 2.2 > - > > Key: KAFKA-8536 > URL: https://issues.apache.org/jira/browse/KAFKA-8536 > Project: Kafka > Issue Type: Bug > Components: security >Affects Versions: 2.2.1 >Reporter: Alvaro Peris >Priority: Critical > Fix For: 2.2.2 > > > When we try to execute the statement to create an Alter Topic ACL in version > 2.2 of > Kafka through the kafka-acls. > """ > kafka-acls --authorizer-properties > zookeeper.connect=fastdata-zk-discovery:2181 \ > --add \ > --allow-principal User:MyUser \ > --operation Alter \ > --topic topic \ > """ > We get the following error: > > ResourceType TOPIC only supports operations > > """ > Read,All,AlterConfigs,DescribeConfigs,Delete,Write,Create,Describe > """ > It should be possible to create an Alter Topic ACL, according to the > documentation. > Thanks -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KAFKA-8536) Error creating ACL Alter Topic in 2.2
[ https://issues.apache.org/jira/browse/KAFKA-8536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867480#comment-16867480 ] Alvaro Peris commented on KAFKA-8536: - Thanks [~EeveeB] :) > Error creating ACL Alter Topic in 2.2 > - > > Key: KAFKA-8536 > URL: https://issues.apache.org/jira/browse/KAFKA-8536 > Project: Kafka > Issue Type: Bug > Components: security >Affects Versions: 2.2.1 >Reporter: Alvaro Peris >Priority: Critical > Fix For: 2.2.2 > > > When we try to execute the statement to create an Alter Topic ACL in version > 2.2 of > Kafka through the kafka-acls. > """ > kafka-acls --authorizer-properties > zookeeper.connect=fastdata-zk-discovery:2181 \ > --add \ > --allow-principal User:MyUser \ > --operation Alter \ > --topic topic \ > """ > We get the following error: > > ResourceType TOPIC only supports operations > > """ > Read,All,AlterConfigs,DescribeConfigs,Delete,Write,Create,Describe > """ > It should be possible to create an Alter Topic ACL, according to the > documentation. > Thanks -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KAFKA-8536) Error creating ACL Alter Topic in 2.2
[
https://issues.apache.org/jira/browse/KAFKA-8536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16867346#comment-16867346
]
Evelyn Bayes commented on KAFKA-8536:
-
Notes:
[https://github.com/apache/kafka/pull/6263]
Looks like it was fixed in trunk and intended for 2.2 but I'm not sure if it
ever made it in there
Reproduce
kafka-acls --bootstrap-server <> --add --allow-principal <> --topic <>
--operation "Alter"
h2. Error
ResourceType TOPIC only supports operations
Read,All,AlterConfigs,DescribeConfigs,Delete,Write,Create,Describe
h2. Code 2.2 (and other versions) showing it broken
*./core/src/main/scala/kafka/admin/AclCommand.scala*
_private def validateOperation(opts: AclCommandOptions, resourceToAcls:
Map[ResourcePatternFilter, Set[Acl]]): Unit = {_
_for ((resource, acls) <- resourceToAcls) {_
_val validOps = ResourceTypeToValidOperations(resource.resourceType)_
_if ((acls.map(_.operation) -- validOps).nonEmpty)_
_CommandLineUtils.printUsageAndDie(opts.parser, s"ResourceType
${resource.resourceType} only supports operations ${validOps.mkString(",")}")_
_}_
_}_
_val ResourceTypeToValidOperations: Map[JResourceType, Set[Operation]] =
Map[JResourceType, Set[Operation]](_
_JResourceType.TOPIC -> Set(Read, Write, Create, Describe, Delete,
DescribeConfigs, AlterConfigs, All),_
_JResourceType.GROUP -> Set(Read, Describe, Delete, All),_
_JResourceType.CLUSTER -> Set(Create, ClusterAction, DescribeConfigs,
AlterConfigs, IdempotentWrite, Alter, Describe, All),_
_JResourceType.TRANSACTIONAL_ID -> Set(Describe, Write, All),_
_JResourceType.DELEGATION_TOKEN -> Set(Describe, All)_
_)_
h2. Code 2.3 where it was fixed coincidentally
*./core/src/main/scala/kafka/admin/AclCommand.scala*
_private def validateOperation(opts: AclCommandOptions, resourceToAcls:
Map[ResourcePatternFilter, Set[Acl]]): Unit = {_
_for ((resource, acls) <- resourceToAcls) {_
_val validOps =
ResourceType.fromJava(resource.resourceType).supportedOperations + All_
_if ((acls.map(_.operation) -- validOps).nonEmpty)_
_CommandLineUtils.printUsageAndDie(opts.parser, s"ResourceType
${resource.resourceType} only supports operations ${validOps.mkString(",")}")_
_}_
_}_
*./core/src/main/scala/kafka/security/auth/ResourceType.scala*
_case object Topic extends ResourceType {_
_val name = "Topic"_
_val error = Errors.TOPIC_AUTHORIZATION_FAILED_
_val toJava = JResourceType.TOPIC_
_val supportedOperations = Set(Read, Write, Create, Describe, Delete, Alter,
DescribeConfigs, AlterConfigs)_
_}_
h2. Suggested Patch
*./core/src/main/scala/kafka/admin/AclCommand.scala*
_val ResourceTypeToValidOperations: Map[JResourceType, Set[Operation]] =
Map[JResourceType, Set[Operation]](_
_JResourceType.TOPIC -> Set(Read, Write, Create, Describe, Delete, Alter,
DescribeConfigs, AlterConfigs, All),_
_JResourceType.GROUP -> Set(Read, Describe, Delete, All),_
_JResourceType.CLUSTER -> Set(Create, ClusterAction, DescribeConfigs,
AlterConfigs, IdempotentWrite, Alter, Describe, All),_
_JResourceType.TRANSACTIONAL_ID -> Set(Describe, Write, All),_
_JResourceType.DELEGATION_TOKEN -> Set(Describe, All)_
_)_
> Error creating ACL Alter Topic in 2.2
> -
>
> Key: KAFKA-8536
> URL: https://issues.apache.org/jira/browse/KAFKA-8536
> Project: Kafka
> Issue Type: Bug
> Components: security
>Affects Versions: 2.2.1
>Reporter: Alvaro Peris
>Priority: Critical
> Fix For: 2.2.2
>
>
> When we try to execute the statement to create an Alter Topic ACL in version
> 2.2 of
> Kafka through the kafka-acls.
> """
> kafka-acls --authorizer-properties
> zookeeper.connect=fastdata-zk-discovery:2181 \
> --add \
> --allow-principal User:MyUser \
> --operation Alter \
> --topic topic \
> """
> We get the following error:
>
> ResourceType TOPIC only supports operations
>
> """
> Read,All,AlterConfigs,DescribeConfigs,Delete,Write,Create,Describe
> """
> It should be possible to create an Alter Topic ACL, according to the
> documentation.
> Thanks
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
