Hi
Since weeks we have on one of our environments the following error by creating
PREFIXED ACL’s.
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=xyz1,
patternType=PREFIXED)`:
(principal=User:xyz, host=*, operation=READ, permissionType=ALLOW)
(principal=User:xyz, host=*, operation=DESCRIBE, permissionType=ALLOW)
Error while executing ACL command:
org.apache.kafka.common.errors.InvalidRequestException: Failed to create ACL
java.util.concurrent.ExecutionException:
org.apache.kafka.common.errors.InvalidRequestException: Failed to create ACL
at
org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45)
at
org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32)
at
org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89)
at
org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:260)
at
kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$3(AclCommand.scala:112)
at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553)
at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551)
at scala.collection.AbstractIterable.foreach(Iterable.scala:920)
at scala.collection.IterableOps$WithFilter.foreach(Iterable.scala:890)
at
kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$1(AclCommand.scala:109)
at
kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:108)
at kafka.admin.AclCommand$.main(AclCommand.scala:70)
at kafka.admin.AclCommand.main(AclCommand.scala)
Caused by: org.apache.kafka.common.errors.InvalidRequestException: Failed to
create ACL
If I try to run it again with the same TOPIC name it shows, that something
already exists.
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz1,
patternType=PREFIXED)`:
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
(principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz1,
patternType=PREFIXED)`:
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz1,
patternType=PREFIXED)`:
(principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz1,
patternType=PREFIXED)`:
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
But the ACL wasn’t created correctly. Also a deletion of these is not possible.
If we do the same with patternType “LITERAL” it works directly and the ACL is
also correct created and useable.
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=xyz2,
patternType=LITERAL)`:
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
(principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW)
Adding ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz2,
patternType=LITERAL)`:
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz2,
patternType=LITERAL)`:
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz2,
patternType=LITERAL)`:
(principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW)
(principal=User: xyz, host=*, operation=READ, permissionType=ALLOW)
This problem we only have on our integration environment, on production we have
no problems by creating PREFIXED ACL’s.
On both env’s we have the following version installed.
OS: RHEL7
Confluent-6.1.2
Kafka-2.7
Zookeeper-3.5.9
We think it is an issue in the zookeeper but aren’t able to find the reason.
Thank for help and input
Best regards,
Daniel Marino
