Olumide Ajiboye created KAFKA-13362:
---------------------------------------
Summary: KafkaConnect authorization failure using SCRAM-SHA-512
and OPA
Key: KAFKA-13362
URL: https://issues.apache.org/jira/browse/KAFKA-13362
Project: Kafka
Issue Type: Bug
Components: KafkaConnect
Affects Versions: 2.8.0
Environment: Kubernetes, Strimzi Operator
Reporter: Olumide Ajiboye
Using Kafka Strimzi Operator and superuser client credentials to connect to a
KafkaCluster set up to use OPA for authorization, authentication is successful
but authorization fails for connect-offsets Topic.
{code:java}
2021-10-06 21:39:42,593 ERROR [Worker clientId=connect-1, groupId=dev-kafka]
Uncaught exception in herder work thread, exiting:
(org.apache.kafka.connect.runtime.distributed.DistributedHerder)
[DistributedHerder-connect-1-1]org.apache.kafka.common.errors.TopicAuthorizationException:
Not authorized to access topics: [dev-kafka-connect-offsets]
{code}
Expected behavior: No authorization is required.
Superuser account does not require authorization and there is no trace in OPA
Server indicating an attempt at verifying the users permssions.
Note:
Using TLS Authentication, there is no issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
