[jira] [Created] (KAFKA-6972) Kafka ACL does not work expected with wildcard

Wed, 30 May 2018 16:50:25 -0700 

Soyee Deng created KAFKA-6972:
---------------------------------

             Summary: Kafka ACL does not work expected with wildcard
                 Key: KAFKA-6972
                 URL: https://issues.apache.org/jira/browse/KAFKA-6972
             Project: Kafka
          Issue Type: Bug
          Components: security
    Affects Versions: 0.11.0.0
         Environment: OS : CentOS 7, 64bit.

Confluent : 3.3, Kafka 0.11.
            Reporter: Soyee Deng


Just started with Confluent 3.3 platform and Kafka 0.11 with SSL as 
transportation security and Kerberos to restrict the access control based on 
the holding principals. In order to make life easier, wildcard is extensively 
used in my environment. But it turned out that is not working as expected. 

 

My issue is that when I run the command _kafka-acls_ under one directory with 
some files, this command would pick up the name of first file name as the topic 
name or group name. e.g. In my case, abcd.txt would be chosen while giving my 
principal the permissions of consuming message from any topic with any group Id.

[quality@data-pipeline-1 test_dir]$ 
KAFKA_OPTS=-Djava.security.auth.login.config='/etc/security/jaas/broker-jaas.conf'
 kafka-acls --authorizer-properties 
zookeeper.connect=data-pipeline-1.orion.com:2181 --add --allow-principal 
User:connect-consumer --consumer --topic * --group *
Adding ACLs for resource `Topic:abcd.txt`:
 User:connect-consumer has Allow permission for operations: Describe from 
hosts: *
 User:connect-consumer has Allow permission for operations: Read from hosts: *

Adding ACLs for resource `Group:abcd.txt`:
 User:connect-consumer has Allow permission for operations: Read from hosts: *

Current ACLs for resource `Topic:abcd.txt`:
 User:connect-consumer has Allow permission for operations: Describe from 
hosts: *
 User:connect-consumer has Allow permission for operations: Read from hosts: *
 User:connect-consumer has Allow permission for operations: Write from hosts: *

Current ACLs for resource `Group:abcd.txt`:
 User:connect-consumer has Allow permission for operations: Read from hosts: *

 

My current work around solution is to go another empty directory and run above 
command, it works as expected. 

 

 

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to