[jira] [Commented] (KAFKA-14182) KRaft and ACL + GSSAPI

Luke Chen (Jira) Mon, 29 Aug 2022 00:42:07 -0700


    [ 
https://issues.apache.org/jira/browse/KAFKA-14182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17597020#comment-17597020
 ]


Luke Chen commented on KAFKA-14182:
-----------------------------------

[~rykovsi] , thanks for reporting the issue. I'm not quite sure if KAFKA-13909 
fixed this issue. Could you try it with the latest trunk branch? To me, if you 
confirmed the ACL is the new one, we should not find any existing record, no 
matter it throws exception or log info, right?

> KRaft and ACL + GSSAPI
> ----------------------
>
>                 Key: KAFKA-14182
>                 URL: https://issues.apache.org/jira/browse/KAFKA-14182
>             Project: Kafka
>          Issue Type: Bug
>          Components: kraft
>    Affects Versions: 3.2.1
>            Reporter: Svyatoslav
>            Priority: Trivial
>
> In KRaft mode with GSSAPI and ACL when i am adding any new ACL in log file i 
> am always have some information like this:
> {code:java}
> [2022-08-24 18:04:41,830] ERROR [StandardAuthorizer 1] addAcl error 
> (org.apache.kafka.metadata.authorizer.StandardAuthorizerData)
> java.lang.RuntimeException: An ACL with ID Gk-Hx0tvQIS8B1RT8R-odw already 
> exists.
>     at 
> org.apache.kafka.metadata.authorizer.StandardAuthorizerData.addAcl(StandardAuthorizerData.java:169)
>     at 
> org.apache.kafka.metadata.authorizer.StandardAuthorizer.addAcl(StandardAuthorizer.java:83)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$19(BrokerMetadataPublisher.scala:234)
>     at java.util.LinkedHashMap$LinkedEntrySet.forEach(LinkedHashMap.java:671)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18(BrokerMetadataPublisher.scala:232)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18$adapted(BrokerMetadataPublisher.scala:221)
>     at scala.Option.foreach(Option.scala:437)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.publish(BrokerMetadataPublisher.scala:221)
>     at 
> kafka.server.metadata.BrokerMetadataListener.kafka$server$metadata$BrokerMetadataListener$$publish(BrokerMetadataListener.scala:258)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2(BrokerMetadataListener.scala:119)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2$adapted(BrokerMetadataListener.scala:119)
>     at scala.Option.foreach(Option.scala:437)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.run(BrokerMetadataListener.scala:119)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventContext.run(KafkaEventQueue.java:121)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventHandler.handleEvents(KafkaEventQueue.java:200)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventHandler.run(KafkaEventQueue.java:173)
>     at java.lang.Thread.run(Thread.java:750)
> [2022-08-24 18:04:41,858] ERROR [BrokerMetadataPublisher id=1] Error 
> publishing broker metadata at OffsetAndEpoch(offset=500, epoch=4) 
> (kafka.server.metadata.BrokerMetadataPublisher)
> java.lang.RuntimeException: An ACL with ID Gk-Hx0tvQIS8B1RT8R-odw already 
> exists.
>     at 
> org.apache.kafka.metadata.authorizer.StandardAuthorizerData.addAcl(StandardAuthorizerData.java:169)
>     at 
> org.apache.kafka.metadata.authorizer.StandardAuthorizer.addAcl(StandardAuthorizer.java:83)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$19(BrokerMetadataPublisher.scala:234)
>     at java.util.LinkedHashMap$LinkedEntrySet.forEach(LinkedHashMap.java:671)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18(BrokerMetadataPublisher.scala:232)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18$adapted(BrokerMetadataPublisher.scala:221)
>     at scala.Option.foreach(Option.scala:437)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.publish(BrokerMetadataPublisher.scala:221)
>     at 
> kafka.server.metadata.BrokerMetadataListener.kafka$server$metadata$BrokerMetadataListener$$publish(BrokerMetadataListener.scala:258)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2(BrokerMetadataListener.scala:119)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2$adapted(BrokerMetadataListener.scala:119)
>     at scala.Option.foreach(Option.scala:437)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.run(BrokerMetadataListener.scala:119)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventContext.run(KafkaEventQueue.java:121)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventHandler.handleEvents(KafkaEventQueue.java:200)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventHandler.run(KafkaEventQueue.java:173)
>     at java.lang.Thread.run(Thread.java:750)
> [2022-08-24 18:04:41,859] ERROR [BrokerMetadataListener id=1] Unexpected 
> error handling HandleCommitsEvent 
> (kafka.server.metadata.BrokerMetadataListener)
> java.lang.RuntimeException: An ACL with ID Gk-Hx0tvQIS8B1RT8R-odw already 
> exists.
>     at 
> org.apache.kafka.metadata.authorizer.StandardAuthorizerData.addAcl(StandardAuthorizerData.java:169)
>     at 
> org.apache.kafka.metadata.authorizer.StandardAuthorizer.addAcl(StandardAuthorizer.java:83)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$19(BrokerMetadataPublisher.scala:234)
>     at java.util.LinkedHashMap$LinkedEntrySet.forEach(LinkedHashMap.java:671)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18(BrokerMetadataPublisher.scala:232)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.$anonfun$publish$18$adapted(BrokerMetadataPublisher.scala:221)
>     at scala.Option.foreach(Option.scala:437)
>     at 
> kafka.server.metadata.BrokerMetadataPublisher.publish(BrokerMetadataPublisher.scala:221)
>     at 
> kafka.server.metadata.BrokerMetadataListener.kafka$server$metadata$BrokerMetadataListener$$publish(BrokerMetadataListener.scala:258)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2(BrokerMetadataListener.scala:119)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.$anonfun$run$2$adapted(BrokerMetadataListener.scala:119)
>     at scala.Option.foreach(Option.scala:437)
>     at 
> kafka.server.metadata.BrokerMetadataListener$HandleCommitsEvent.run(BrokerMetadataListener.scala:119)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventContext.run(KafkaEventQueue.java:121)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventHandler.handleEvents(KafkaEventQueue.java:200)
>     at 
> org.apache.kafka.queue.KafkaEventQueue$EventHandler.run(KafkaEventQueue.java:173)
>     at java.lang.Thread.run(Thread.java:750)
>  {code}
> The main problem is here:
> https://github.com/apache/kafka/blob/4878653016c32e55d6e829ea1b4f80a825459706/metadata/src/main/java/org/apache/kafka/metadata/authorizer/StandardAuthorizerData.java
> {code:java}
>             if (prevAcl != null) {
>                 throw new RuntimeException("An ACL with ID " + id + " already 
> exists.");
>             }
> {code}
> Do we need an exeption or may be just change it to:
> {code:java}
>             if (prevAcl != null) {
>                 log.info("An ACL with ID " + id + " already exists.");
>             }
>             if (!aclsByResource.add(acl)) {
>                 //aclsById.remove(id);
>                 log.info("Unable to add the ACL with ID " + id + " to 
> aclsByResource");
>             }
> ...
> {code}
> ?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-14182) KRaft and ACL + GSSAPI

Reply via email to