Hi Since weeks we have on one of our environments the following error by creating PREFIXED ACL’s.
Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=xyz1, patternType=PREFIXED)`: (principal=User:xyz, host=*, operation=READ, permissionType=ALLOW) (principal=User:xyz, host=*, operation=DESCRIBE, permissionType=ALLOW) Error while executing ACL command: org.apache.kafka.common.errors.InvalidRequestException: Failed to create ACL java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.InvalidRequestException: Failed to create ACL at org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45) at org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32) at org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89) at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:260) at kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$3(AclCommand.scala:112) at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553) at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551) at scala.collection.AbstractIterable.foreach(Iterable.scala:920) at scala.collection.IterableOps$WithFilter.foreach(Iterable.scala:890) at kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$1(AclCommand.scala:109) at kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:108) at kafka.admin.AclCommand$.main(AclCommand.scala:70) at kafka.admin.AclCommand.main(AclCommand.scala) Caused by: org.apache.kafka.common.errors.InvalidRequestException: Failed to create ACL If I try to run it again with the same TOPIC name it shows, that something already exists. Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz1, patternType=PREFIXED)`: (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) (principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW) Adding ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz1, patternType=PREFIXED)`: (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz1, patternType=PREFIXED)`: (principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW) (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) Current ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz1, patternType=PREFIXED)`: (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) But the ACL wasn’t created correctly. Also a deletion of these is not possible. If we do the same with patternType “LITERAL” it works directly and the ACL is also correct created and useable. Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=xyz2, patternType=LITERAL)`: (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) (principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW) Adding ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz2, patternType=LITERAL)`: (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) Current ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz2, patternType=LITERAL)`: (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz2, patternType=LITERAL)`: (principal=User: xyz, host=*, operation=DESCRIBE, permissionType=ALLOW) (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) This problem we only have on our integration environment, on production we have no problems by creating PREFIXED ACL’s. On both env’s we have the following version installed. OS: RHEL7 Confluent-6.1.2 Kafka-2.7 Zookeeper-3.5.9 We think it is an issue in the zookeeper but aren’t able to find the reason. Thank for help and input Best regards, Daniel Marino