[KAFKA-13440] AdminClient.createAcls() fails if principal name is not prefixed with "PrincipalType:" without proper description - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Trivial
Resolution: Unresolved
Affects Version/s: 3.0.0
Fix Version/s: None
Component/s: admin, clients
Labels:
None
Environment:

Hide
Admin client runs on Windows 10, Kafka cluster runs on WSL2 Ubuntu-20.04 LTS

Java 11

POM:
<dependency>
<groupId>org.apache.kafka</groupId>
<artifactId>kafka-clients</artifactId>
<version>3.0.0</version>
</dependency>

Show
Admin client runs on Windows 10, Kafka cluster runs on WSL2 Ubuntu-20.04 LTS Java 11 POM: <dependency> <groupId>org.apache.kafka</groupId> <artifactId>kafka-clients</artifactId> <version>3.0.0</version> </dependency>

Description

AdminClient.createAcls() call without "User:" prefix for principal fails with "org.apache.kafka.common.errors.UnknownServerException: The server experienced an unexpected error when processing the request." error, that says nothing about what is wrong

AdminClient properties:

String host = "172.17.157.212:9092";
adminClientProperties = new Properties();
adminClientProperties.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, host);
adminClientProperties.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG, "SASL_SSL");
// SSL configuration
adminClientProperties.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG,
Paths.get(getClass().getResource("/client.keystore.jks").toURI()).toString());
adminClientProperties.put(SslConfigs.SSL_KEYSTORE_PASSWORD_CONFIG, "123456");
adminClientProperties.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "123456");
adminClientProperties.put(SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG,
Paths.get(getClass().getResource("/client.truststore.jks").toURI()).toString());
adminClientProperties.put(SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, "123456");
// SASL configuration
adminClientProperties.put(SaslConfigs.SASL_MECHANISM, "SCRAM-SHA-512");
adminClientProperties.put(SaslConfigs.SASL_JAAS_CONFIG,
"org.apache.kafka.common.security.scram.ScramLoginModule required username=\"admin\" password=\"admin-secret\";");

Create ACLs call without "User:" prefix for principal:

try (Admin adminClient = Admin.create(adminClientProperties))

{ ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC, pTopicName, PatternType.LITERAL); AccessControlEntry accessControlEntry = new AccessControlEntry(pPrincipal_name, host, AclOperation.READ, AclPermissionType.ALLOW); AclBinding aclBinding = new AclBinding(resourcePattern, accessControlEntry); CreateAclsResult createAclsResult = adminClient.createAcls(Arrays.asList(aclBinding)); KafkaFuture<Void> future = createAclsResult.all(); future.get(); }

catch (Exception e)

{ System.out.println(e.getMessage()); throw new Exception(); }

fails:

org.apache.kafka.common.errors.UnknownServerException: The server experienced an unexpected error when processing the request.

Create ACLs call with "User:" prefix for principal works fine:

try (Admin adminClient = Admin.create(adminClientProperties)) {
ResourcePattern resourcePattern = new ResourcePattern(ResourceType.TOPIC, pTopicName, PatternType.LITERAL);
AccessControlEntry accessControlEntry = new AccessControlEntry("User:" + pPrincipal_name,
host, AclOperation.READ, AclPermissionType.ALLOW);
AclBinding aclBinding = new AclBinding(resourcePattern, accessControlEntry);
CreateAclsResult createAclsResult = adminClient.createAcls(Arrays.asList(aclBinding));

KafkaFuture<Void> future = createAclsResult.all();

future.get();
}catch (Exception e){ System.out.println(e.getMessage()); throw new Exception(); }

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Piotr

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Nov/21 13:10

Updated:: 10/Nov/21 13:10