Stevo Slavic created KAFKA-4867:
-----------------------------------
Summary: zookeeper-security-migration.sh does not clear ACLs from
all nodes
Key: KAFKA-4867
URL: https://issues.apache.org/jira/browse/KAFKA-4867
Project: Kafka
Issue Type: Bug
Affects Versions: 0.10.1.1
Reporter: Stevo Slavic
Priority: Minor
zookeeper-security-migration.sh help for --zookeeper.acl switch with
'secure'/'unsecure' as possible values suggests that command should apply the
change to all Kafka znodes. That doesn't seem to be the case at least for
'unsecure', so clearing ACLs use case.
With ACLs set on Kafka znodes, I ran
{noformat}
bin/zookeeper-security-migration.sh --zookeeper.acl 'unsecure'
--zookeeper.connect x.y.z.w:2181
{noformat}
and with zookeeper-shell.sh getAcl checked ACLs set on few nodes. Node
_/brokers/topics_ had ACL cleared (only default one that world can do anything
remained). On the other hand node _/brokers_ still had secure ACLs set that
world can read and owner can do everything. Nodes and respective sub trees of
_/cluster_ and _/controller_ also had secure ACLs still set.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
