Piotr created KAFKA-13440:
-----------------------------
Summary: AdminClient.createAcls() fails if principal name is not
prefixed with "PrincipalType:" without proper description
Key: KAFKA-13440
URL: https://issues.apache.org/jira/browse/KAFKA-13440
Project: Kafka
Issue Type: Bug
Components: admin, clients
Affects Versions: 3.0.0
Environment: Admin client runs on Windows 10, Kafka cluster runs on
WSL2 Ubuntu-20.04 LTS
Java 11
POM:
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>3.0.0</version>
</dependency>
Reporter: Piotr
AdminClient.createAcls() call without "User:" prefix for principal fails with
"{color:#172b4d}org.apache.kafka.common.errors.UnknownServerException: The
server experienced an unexpected error when processing the request." error,
that says nothing about what is wrong{color}
*AdminClient properties:*
String host = "172.17.157.212:9092";
adminClientProperties = new Properties();
adminClientProperties.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, host);
adminClientProperties.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG,
"SASL_SSL");
// SSL configuration
adminClientProperties.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG,
Paths.get(getClass().getResource("/client.keystore.jks").toURI()).toString());
adminClientProperties.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "123456");
adminClientProperties.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "123456");
adminClientProperties.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG,
Paths.get(getClass().getResource("/client.truststore.jks").toURI()).toString());
adminClientProperties.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "123456");
// SASL configuration
adminClientProperties.put(SaslConfigs.SASL_MECHANISM, "SCRAM-SHA-512");
adminClientProperties.put(SaslConfigs.SASL_JAAS_CONFIG,
"org.apache.kafka.common.security.scram.ScramLoginModule required
username=\"admin\" password=\"admin-secret\";");
*Create ACLs call without "User:" prefix for principal:*
try (Admin adminClient = Admin.create(adminClientProperties)) {
ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC,
pTopicName, PatternType.LITERAL);
AccessControlEntry accessControlEntry = new AccessControlEntry(pPrincipal_name,
host, AclOperation.READ, AclPermissionType.ALLOW);
AclBinding aclBinding = new AclBinding(resourcePattern, accessControlEntry);
CreateAclsResult createAclsResult =
adminClient.createAcls(Arrays.asList(aclBinding));
KafkaFuture<Void> future = createAclsResult.all();
future.get();
}catch (Exception e){
System.out.println(e.getMessage());
throw new Exception();
}
*fails:*
{color:#FF0000}org.apache.kafka.common.errors.UnknownServerException: The
server experienced an unexpected error when processing the request.{color}
*Create ACLs call with "User:" prefix for principal works fine:*
try (Admin adminClient = Admin.create(adminClientProperties)) {
ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC,
pTopicName, PatternType.LITERAL);
AccessControlEntry accessControlEntry = new
AccessControlEntry({*}{color:#FF0000}"User:"{color}{*} + pPrincipal_name,
host, AclOperation.READ, AclPermissionType.ALLOW);
AclBinding aclBinding = new AclBinding(resourcePattern, accessControlEntry);
CreateAclsResult createAclsResult =
adminClient.createAcls(Arrays.asList(aclBinding));
KafkaFuture<Void> future = createAclsResult.all();
future.get();
}catch (Exception e){
System.out.println(e.getMessage());
throw new Exception();
}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
