Re: Retrieve Kafka Principal from Client

Tue, 21 Apr 2020 06:42:28 -0700 

Hi Dave,

Thank you for the quick reply! I do set the sasl.jaas.config property to 
`org.apache.kafka.common.security.plain.PlainLoginModule   required 
username="{{ CLUSTER_API_KEY }}"   password="{{ CLUSTER_API_SECRET }}";` 
Perhaps I'm not using the correct terms here but I know CLUSTER_API_KEY and 
CLUSTER_API_SECRET and am able to use that to authenticate with the server. 

Is it possible to find the associated principal or user id that belongs to that 
api key/secret pair? The only way I've been able to get it is to trigger an 
unauthorized exception (see first email).

Perhaps this is a problem specific to Confluent Cloud, which is managing my 
cluster?

Thanks,
Brandt

On 4/20/20, 5:56 PM, "Dave Canton" <[email protected]> wrote:

    Hi Brandt,
    
    The username is used as the principal for SALS/PLAIN. Check
    *sals.jaas.config* value at the client's configuration file.
    
    Let me know if I haven't understood you correctly.
    
    Best regards
    Dave
    Newton, Brandt (CAI - Burlington) <[email protected]> schrieb am
    Mo., 20. Apr. 2020, 21:30:
    
    > Hi All,
    >
    > I’d like to determine the principal of the credentials that were used to
    > authenticate so I can check that the principal’s ACLs.
    >
    > I’m using the Kafka client libraries (NetworkClient specifically but
    > that’s not a requirement) to connect to a Kafka cluster using the SASL_SSL
    > security protocol and PLAIN mechanism. I only provide the password in
    > sasl.jaas.config and I’m able to successfully authenticate with Kafka and
    > make requests.
    >
    > Is there a way to get the principal? I can see the principal if I perform
    > an unauthorized action*, but I believe this comes from the server.
    >
    > Thanks,
    > Brandt
    >
    >
    > *Principal is visible in TentantMetaData user=principal of the not
    > authorized message:
    >
    >  Request Request(processor=8, connectionId=XXXX,
    > 
session=Session(MultiTenantPrincipal(tenantMetadata=TenantMetadata(tenantName='XXXX',
    > clusterId='XXX', allowDescribeBrokerConfigs=false, isSuperUser=false),
    > user=12345),ip-XXXX), listenerName=ListenerName(EXTERNAL),
    > securityProtocol=SASL_SSL, buffer=null) is not authorized.
    >
    >
    >

Reply via email to