[
https://issues.apache.org/jira/browse/KAFKA-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15902683#comment-15902683
]
Stevo Slavic commented on KAFKA-4867:
-------------------------------------
Duplicate of KAFKA-4864. Sorry.
> zookeeper-security-migration.sh does not clear ACLs from all nodes
> ------------------------------------------------------------------
>
> Key: KAFKA-4867
> URL: https://issues.apache.org/jira/browse/KAFKA-4867
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 0.10.1.1
> Reporter: Stevo Slavic
> Priority: Minor
>
> zookeeper-security-migration.sh help for --zookeeper.acl switch with
> 'secure'/'unsecure' as possible values suggests that command should apply the
> change to all Kafka znodes. That doesn't seem to be the case at least for
> 'unsecure', so clearing ACLs use case.
> With ACLs set on Kafka znodes, I ran
> {noformat}
> bin/zookeeper-security-migration.sh --zookeeper.acl 'unsecure'
> --zookeeper.connect x.y.z.w:2181
> {noformat}
> and with zookeeper-shell.sh getAcl checked ACLs set on few nodes. Node
> _/brokers/topics_ had ACL cleared (only default one that world can do
> anything remained). On the other hand node _/brokers_ still had secure ACLs
> set that world can read and owner can do everything. Nodes and respective sub
> trees of _/cluster_ and _/controller_ also had secure ACLs still set.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
