kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stevo Slavic (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (KAFKA-4867) zookeeper-security-migration.sh does not clear ACLs from all nodes
Date Thu, 09 Mar 2017 08:43:38 GMT

     [ https://issues.apache.org/jira/browse/KAFKA-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Stevo Slavic resolved KAFKA-4867.
---------------------------------
    Resolution: Duplicate

> zookeeper-security-migration.sh does not clear ACLs from all nodes
> ------------------------------------------------------------------
>
>                 Key: KAFKA-4867
>                 URL: https://issues.apache.org/jira/browse/KAFKA-4867
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.10.1.1
>            Reporter: Stevo Slavic
>            Priority: Minor
>
> zookeeper-security-migration.sh help for --zookeeper.acl switch with 'secure'/'unsecure'
as possible values suggests that command should apply the change to all Kafka znodes. That
doesn't seem to be the case at least for 'unsecure', so clearing ACLs use case.
> With ACLs set on Kafka znodes, I ran
> {noformat}
> bin/zookeeper-security-migration.sh --zookeeper.acl 'unsecure' --zookeeper.connect x.y.z.w:2181
> {noformat}
> and with zookeeper-shell.sh getAcl checked ACLs set on few nodes. Node _/brokers/topics_
had ACL cleared (only default one that world can do anything remained). On the other hand
node _/brokers_ still had secure ACLs set that world can read and owner can do everything.
Nodes and respective sub trees of _/cluster_ and _/controller_ also had secure ACLs still
set.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message