kafka-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "kalyan kumar kalvagadda (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KAFKA-6091) Authorization API is called hundred's of times when there are no privileges
Date Thu, 19 Oct 2017 20:59:00 GMT
kalyan kumar kalvagadda created KAFKA-6091:
----------------------------------------------

             Summary: Authorization API is called hundred's of times when there are no privileges
                 Key: KAFKA-6091
                 URL: https://issues.apache.org/jira/browse/KAFKA-6091
             Project: Kafka
          Issue Type: Bug
          Components: security
    Affects Versions: 0.11.0.0
            Reporter: kalyan kumar kalvagadda


This issue is observed with kafka/sentry integration. When sentry does not have any permissions
for a topic and there is a producer trying to add a message to a topic, sentry returns failure
but Kafka is not able to handle it properly and is ending up invoking sentry Auth API ~564
times. This will choke authorization service.

Here are the list of privileges that are needed for a producer to add a message to a topic
In this example "192.168.0.3" is hostname and topic name is "tOpIc1"
{noformat}
HOST=192.168.0.3->Topic=tOpIc1->action=DESCRIBE
HOST=192.168.0.3->Cluster=kafka-cluster->action=CREATE
HOST=192.168.0.3->Topic=tOpIc1->action=WRITE
{noformat}


This problem is reported in this jira is seen when there are no permissions. Movement a DESCRIBE
permission is added, this issue is not seen. Authorization fails but kafka doesn't bombard
with he more requests.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message