Right, the problem in this case is that restoring ACLs to a correct
configuration does not fix the problem, because the internal topics remains in
a bad state. For instance:
1) user sets insufficient cluster level ACLs (now brokers are not able to
communicate)
2) user consumes for the first time
On Thu, Apr 9, 2020, at 09:36, Paolo Moriello wrote:
> Hi Colin,
>
> Thanks again for checking this out.
>
> Indeed you are right, a configuration problem is what leads to
> authorization failure (and consequently to the internal topics bug): i.e.
> incorrect ACLs configuration. In particular, in
Hi Colin,
Thanks again for checking this out.
Indeed you are right, a configuration problem is what leads to
authorization failure (and consequently to the internal topics bug): i.e.
incorrect ACLs configuration. In particular, in case of insufficient
cluster-level ACLs, so if one does not includ
On Tue, Apr 7, 2020, at 08:08, Paolo Moriello wrote:
> Hi Colin,
>
> Thanks for your interest in this. I agree with you, this change could break
> compatibility. However, changing the source principal is non trivial in
> this case. In fact, here the problem is not in the internal topic creation
>
Hi Colin,
Thanks for your interest in this. I agree with you, this change could break
compatibility. However, changing the source principal is non trivial in
this case. In fact, here the problem is not in the internal topic creation
- which succeeds - but in the two subsequent LeaderAndIsr and
Upd
Hi Paolo,
Thanks for finding this issue.
Unfortunately, you certainly can't add a new permission requirement to an
existing RPC without breaking compatibility. So the current solution in the PR
will not work. However, you should be able to have the broker create the topic
using its own princ
Hello everybody,
I've opened a Jira to fix a bug on creation of internal topics. This
happens when the topics are created under insufficient ACLs: eg.
__consumer_offset is created but subsequent updateMetadata and leaderIsr
requests fail; the topic is than in an inconsistent state and it is
imposs
