Hi Daniel, Did you see any error from the server log or zookeeper log while getting the `InvalidRequestException: Failed to create ACL` response?
Thank you. Luke On Mon, Mar 14, 2022 at 9:13 PM <daniel.mar...@post.ch.invalid> wrote: > Hi > > Since weeks we have on one of our environments the following error by > creating PREFIXED ACL’s. > > > Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=xyz1, > patternType=PREFIXED)`: > > (principal=User:xyz, host=*, operation=READ, permissionType=ALLOW) > > (principal=User:xyz, host=*, operation=DESCRIBE, > permissionType=ALLOW) > > > > Error while executing ACL command: > org.apache.kafka.common.errors.InvalidRequestException: Failed to create ACL > > java.util.concurrent.ExecutionException: > org.apache.kafka.common.errors.InvalidRequestException: Failed to create ACL > > at > org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45) > > at > org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32) > > at > org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89) > > at > org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:260) > > at > kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$3(AclCommand.scala:112) > > at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553) > > at > scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551) > > at scala.collection.AbstractIterable.foreach(Iterable.scala:920) > > at > scala.collection.IterableOps$WithFilter.foreach(Iterable.scala:890) > > at > kafka.admin.AclCommand$AdminClientService.$anonfun$addAcls$1(AclCommand.scala:109) > > at > kafka.admin.AclCommand$AdminClientService.addAcls(AclCommand.scala:108) > > at kafka.admin.AclCommand$.main(AclCommand.scala:70) > > at kafka.admin.AclCommand.main(AclCommand.scala) > > Caused by: org.apache.kafka.common.errors.InvalidRequestException: Failed > to create ACL > > If I try to run it again with the same TOPIC name it shows, that something > already exists. > > Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz1, > patternType=PREFIXED)`: > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > (principal=User: xyz, host=*, operation=DESCRIBE, > permissionType=ALLOW) > > Adding ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz1, > patternType=PREFIXED)`: > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > > Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz1, > patternType=PREFIXED)`: > (principal=User: xyz, host=*, operation=DESCRIBE, > permissionType=ALLOW) > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > > Current ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz1, > patternType=PREFIXED)`: > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > > But the ACL wasn’t created correctly. Also a deletion of these is not > possible. > > If we do the same with patternType “LITERAL” it works directly and the ACL > is also correct created and useable. > > > Adding ACLs for resource `ResourcePattern(resourceType=TOPIC, name=xyz2, > patternType=LITERAL)`: > > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > > (principal=User: xyz, host=*, operation=DESCRIBE, > permissionType=ALLOW) > > > > Adding ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz2, > patternType=LITERAL)`: > > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > > > > Current ACLs for resource `ResourcePattern(resourceType=GROUP, name= xyz2, > patternType=LITERAL)`: > > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > > > > Current ACLs for resource `ResourcePattern(resourceType=TOPIC, name= xyz2, > patternType=LITERAL)`: > > (principal=User: xyz, host=*, operation=DESCRIBE, > permissionType=ALLOW) > > (principal=User: xyz, host=*, operation=READ, permissionType=ALLOW) > > This problem we only have on our integration environment, on production we > have no problems by creating PREFIXED ACL’s. > > On both env’s we have the following version installed. > > OS: RHEL7 > Confluent-6.1.2 > Kafka-2.7 > Zookeeper-3.5.9 > > We think it is an issue in the zookeeper but aren’t able to find the > reason. > > Thank for help and input > Best regards, > Daniel Marino >
