[
https://issues.apache.org/jira/browse/KAFKA-5994?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Manikumar resolved KAFKA-5994.
------------------------------
Resolution: Fixed
Fix Version/s: 2.2.0
Issue resolved by pull request 5021
[https://github.com/apache/kafka/pull/5021]
> Improve transparency of broker user ACL misconfigurations
> ---------------------------------------------------------
>
> Key: KAFKA-5994
> URL: https://issues.apache.org/jira/browse/KAFKA-5994
> Project: Kafka
> Issue Type: Improvement
> Components: security
> Affects Versions: 0.10.2.1
> Reporter: Dustin Cote
> Priority: Major
> Fix For: 2.2.0
>
>
> When the user for inter broker communication is not a super user and ACLs are
> configured with allow.everyone.if.no.acl.found=false, the cluster will not
> serve data. This is extremely confusing to debug because there is no security
> negotiation problem or indication of an error other than no data can make it
> in or out of the broker. If one knew to look in the authorizer log, it would
> be more clear, but that didn't make it into my workflow at least. Here's an
> example of a problematic debugging scenario
> SASL_SSL, SSL, SASL_PLAINTEXT ports on the brokers
> SASL user specified in `super.users`
> SSL specified as the inter broker protocol
> The only way I could figure out ACLs were an issue without gleaning it
> through configuration inspection was that controlled shutdown indicated that
> a cluster action had failed.
> It would be good if we could be more transparent about the failure here.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
