[jira] [Commented] (KAFKA-8530) Consumer should handle authorization errors in OffsetFetch

Fri, 14 Jun 2019 08:17:10 -0700 


    [ 
https://issues.apache.org/jira/browse/KAFKA-8530?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16864181#comment-16864181
 ] 

ASF GitHub Bot commented on KAFKA-8530:
---------------------------------------

hachikuji commented on pull request #6928: KAFKA-8530; Check for topic 
authorization errors in OffsetFetch response
URL: https://github.com/apache/kafka/pull/6928
 
 
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Consumer should handle authorization errors in OffsetFetch
> ----------------------------------------------------------
>
>                 Key: KAFKA-8530
>                 URL: https://issues.apache.org/jira/browse/KAFKA-8530
>             Project: Kafka
>          Issue Type: Bug
>          Components: consumer
>            Reporter: Jason Gustafson
>            Assignee: Jason Gustafson
>            Priority: Major
>
> Found this in a test failure:
> {code:java}
> 10:40:43 kafka.api.PlaintextEndToEndAuthorizationTest > 
> testNoConsumeWithoutDescribeAclViaSubscribe FAILED
> 10:40:43 java.lang.Exception: Unexpected exception, 
> expected<org.apache.kafka.common.errors.TopicAuthorizationException> but 
> was<org.apache.kafka.common.KafkaException>
> 10:40:43
> 10:40:43 Caused by:
> 10:40:43 org.apache.kafka.common.KafkaException: Unexpected error in fetch 
> offset response for partition e2etopic-0: Not authorized to access topics: 
> [Topic authorization failed.]{code}
> The problem is that we are not checking for authorization errors in the 
> offset fetch response. Rather than throwing {{TopicAuthorizationException}}, 
> we currently raise a plain {{KafkaException}}. The test case works most of 
> the time because we usually see the authorization error when the first 
> Metadata request is sent. It's unclear why that didn't happen here. Possibly 
> there is a race condition setting the initial ACLs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to