Alexandre GRIFFAUT created KAFKA-14236:
------------------------------------------
Summary: ListGroups request produces too much Denied logs in
authorizer
Key: KAFKA-14236
URL: https://issues.apache.org/jira/browse/KAFKA-14236
Project: Kafka
Issue Type: Bug
Components: core
Affects Versions: 3.2.1, 3.1.1, 3.0.1, 2.8.1, 2.7.2, 2.6.3, 2.5.1, 2.4.1,
2.3.1, 2.2.2, 2.1.1, 2.0.1
Reporter: Alexandre GRIFFAUT
Context
On a multi-tenant secured cluster, with many consumers, a call to ListGroups
api will log an authorization error for each consumer group of other tenant.
Reason
The handleListGroupsRequest function first tries to authorize a DESCRIBE
CLUSTER, and if it fails it will then try to authorize a DESCRIBE GROUP on each
consumer group.
Fix
In that case neither the DESCRIBE CLUSTER, nor the DESCRIBE GROUP of other
tenant were intended, and should be specified in the Action using logIfDenied:
false
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
