[jira] [Commented] (KAFKA-6972) Kafka ACL does not work expected with wildcard

Sun, 03 Jun 2018 01:45:07 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-6972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16499338#comment-16499338
 ] 

Soyee Deng commented on KAFKA-6972:
-----------------------------------

Hi [~sliebau],

Sorry, my fault. It works as you mentioned. Thanks for helping me out.

> Kafka ACL does not work expected with wildcard
> ----------------------------------------------
>
>                 Key: KAFKA-6972
>                 URL: https://issues.apache.org/jira/browse/KAFKA-6972
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.11.0.0
>         Environment: OS : CentOS 7, 64bit.
> Confluent : 3.3, Kafka 0.11.
>            Reporter: Soyee Deng
>            Assignee: Sönke Liebau
>            Priority: Major
>
> Just started with Confluent 3.3 platform and Kafka 0.11 having SSL as 
> transportation security and Kerberos to restrict the access control based on 
> the holding principals. In order to make life easier, wildcard is extensively 
> used in my environment. But it turned out that is not working as expected. 
> My issue is that when I run the command _kafka-acls_ under one directory with 
> some files, this command would pick up the name of first file as the topic 
> name or group name. e.g. In my case, abcd.txt would be chosen while giving my 
> principal connect-consumer the permissions of consuming message from any 
> topic with any group Id.
> [quality@data-pipeline-1 test_dir]$ 
> KAFKA_OPTS=-Djava.security.auth.login.config='/etc/security/jaas/broker-jaas.conf'
>  kafka-acls --authorizer-properties 
> zookeeper.connect=data-pipeline-1.orion.com:2181 --add --allow-principal 
> User:connect-consumer --consumer --topic * --group *
>  Adding ACLs for resource `Topic:abcd.txt`:
>  User:connect-consumer has Allow permission for operations: Describe from 
> hosts: *
>  User:connect-consumer has Allow permission for operations: Read from hosts: *
> Adding ACLs for resource `Group:abcd.txt`:
>  User:connect-consumer has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:abcd.txt`:
>  User:connect-consumer has Allow permission for operations: Describe from 
> hosts: *
>  User:connect-consumer has Allow permission for operations: Read from hosts: *
>  User:connect-consumer has Allow permission for operations: Write from hosts: 
> *
> Current ACLs for resource `Group:abcd.txt`:
>  User:connect-consumer has Allow permission for operations: Read from hosts: *
>  
> My current work around solution is changing command context to an empty 
> directory and run above command, it works as expected. 
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to