You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently in console when ACL's are modified, we delete the existing ones.. then recreate with existing acls + additions.
We have seen this can cause problems on clients ...
Have been able to reproduce consistently with following steps :
In Console configure acls for a user-A. . give permisions for topic-1, + consumergroup1. (then repeat with topic2, consumer group2 ... up to 5 sets of resources for topic + group) [Save/ok]
Start java consumer. Confirm it's reading from topic1 , Group 1 running.. + no issues with authorisation.
In console Amend ACL's for user-A.. Give additional permissions for topic6 + consumergroup6. [Save/ok]
Java Consumer now fails with auth errors
Java log : [com.redpanda.ConsumerExample.main()] WARN org.apache.kafka.clients.consumer.internals.Fetcher - [Consumer clientId=consumer-firefox-1, groupId=firefox] Not authorized to read from partition topic-1-0. org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized
Currently in console when ACL's are modified, we delete the existing ones.. then recreate with existing acls + additions.
We have seen this can cause problems on clients ...
Have been able to reproduce consistently with following steps :
In Console configure acls for a user-A. . give permisions for topic-1, + consumergroup1. (then repeat with topic2, consumer group2 ... up to 5 sets of resources for topic + group) [Save/ok]
Start java consumer. Confirm it's reading from topic1 , Group 1 running.. + no issues with authorisation.
In console Amend ACL's for user-A.. Give additional permissions for topic6 + consumergroup6. [Save/ok]
Java Consumer now fails with auth errors
Java log :
[com.redpanda.ConsumerExample.main()] WARN org.apache.kafka.clients.consumer.internals.Fetcher - [Consumer clientId=consumer-firefox-1, groupId=firefox] Not authorized to read from partition topic-1-0. org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized
2024-04-16 11:43:10.200REDPANDA redpanda INFO 2024-04-16 11:43:10,200 [shard 0:fetc] kafka - 31.54.228.122:62370 failed authorization - connection_context.cc:179 - proto: kafka rpc protocol, sasl state: complete, acl op: read, principal: type {user} name {redpanda-chat-account}, resource: {topic1}
Restart java consumer no issues with ACLS / authorisation
The ACL's are as expected in consol/rpk acl list...e.g the additional topic/group was added we didnt lose any
Requested Feature change :
Either :
The text was updated successfully, but these errors were encountered: