Ok I get it: SASL must be enabled on controllers listener too. Not only the brokers. ACL works perfectly now. Seems to be a lack of documentation (?)
Le mer. 30 août 2023 à 11:10, charlie vuillemez <charlie.vuille...@gmail.com> a écrit : > Hi all, > > Maybe a bug... but I'm facing an issue when trying to add a Kafka ACL > (Kafka is confluent version 7.5.0-ccs). > > First, I can list ACLs (so that's why I think my client and broker > configuration is ok). > Result is empty, cause I have no ACLs: > > $ kafka-acls --bootstrap-server broker01:9093 --command-config > /etc/kafka/client-ssl.properties --list > > Here is the /etc/kafka/client-ssl.properties: > > sasl.mechanism=PLAIN > security.protocol=SASL_SSL > ssl.truststore.type=PEM > ssl.truststore.location=/etc/kafka/ssl/truststore.pem > sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule > required \ > username="admin" \ > password="xxxxxxxx"; > > > When adding the first ACL, I get the following exception: > > kafka-acls --bootstrap-server broker01:9093 --command-config > /etc/kafka/client-ssl.properties --add --allow-principal "User:test" > --topic "test" --operation Read > Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=test, > patternType=LITERAL)`: > (principal=User:test, host=*, operation=READ, permissionType=ALLOW) > > Error while executing ACL command: > org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is > configured. > java.util.concurrent.ExecutionException: > org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is > configured. > at > java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) > at > java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2073) > at > org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:165) > at > kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$3(AclCommand.scala:115) > at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:575) > at > scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:573) > at scala.collection.AbstractIterable.foreach(Iterable.scala:933) > at > scala.collection.IterableOps$WithFilter.foreach(Iterable.scala:903) > at > kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$1(AclCommand.scala:112) > at > kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:111) > at kafka.admin.AclCommand$.main(AclCommand.scala:73) > at kafka.admin.AclCommand.main(AclCommand.scala) > Caused by: org.apache.kafka.common.errors.SecurityDisabledException: No > Authorizer is configured. > > > If anyone can help. > Thanks ! > > > >