[
https://issues.apache.org/jira/browse/KAFKA-8114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rajini Sivaram resolved KAFKA-8114.
-----------------------------------
Resolution: Fixed
Assignee: Manikumar
Reviewer: Rajini Sivaram
Fix Version/s: 2.2.1
> Flaky Test DelegationTokenEndToEndAuthorizationTest#testNoGroupAcl
> ------------------------------------------------------------------
>
> Key: KAFKA-8114
> URL: https://issues.apache.org/jira/browse/KAFKA-8114
> Project: Kafka
> Issue Type: Bug
> Components: core, unit tests
> Affects Versions: 2.3.0
> Reporter: Matthias J. Sax
> Assignee: Manikumar
> Priority: Critical
> Labels: flaky-test
> Fix For: 2.3.0, 2.2.1
>
>
> [https://builds.apache.org/job/kafka-pr-jdk11-scala2.12/3254/testReport/junit/kafka.api/DelegationTokenEndToEndAuthorizationTest/testNoGroupAcl/]
> {quote}java.util.concurrent.ExecutionException:
> org.apache.kafka.common.errors.SaslAuthenticationException: Authentication
> failed during authentication due to invalid credentials with SASL mechanism
> SCRAM-SHA-256 at
> org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45)
> at
> org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32)
> at
> org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89)
> at
> org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:260)
> at
> kafka.api.DelegationTokenEndToEndAuthorizationTest.createDelegationToken(DelegationTokenEndToEndAuthorizationTest.scala:88)
> at
> kafka.api.DelegationTokenEndToEndAuthorizationTest.configureSecurityAfterServersStart(DelegationTokenEndToEndAuthorizationTest.scala:63)
> at
> kafka.integration.KafkaServerTestHarness.setUp(KafkaServerTestHarness.scala:107)
> at kafka.api.IntegrationTestHarness.doSetup(IntegrationTestHarness.scala:81)
> at kafka.api.IntegrationTestHarness.setUp(IntegrationTestHarness.scala:73) at
> kafka.api.EndToEndAuthorizationTest.setUp(EndToEndAuthorizationTest.scala:183)
> at
> kafka.api.DelegationTokenEndToEndAuthorizationTest.setUp(DelegationTokenEndToEndAuthorizationTest.scala:74){quote}
> STDOUT
> {quote}Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has
> Allow permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Completed Updating config for entity: user-principal
> 'scram-admin'. Completed Updating config for entity: user-principal
> 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Create from hosts: * [2019-03-15 09:58:16,481] ERROR [Consumer
> clientId=consumer-99, groupId=group] Topic authorization failed for topics
> [e2etopic] (org.apache.kafka.clients.Metadata:297) [2019-03-15 09:58:17,527]
> WARN Unable to read additional data from client sessionid 0x104549c2b88000a,
> likely client has closed socket
> (org.apache.zookeeper.server.NIOServerCnxn:376) Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:PREFIXED:e2e`: User:scram-user has Allow permission for operations:
> Read from hosts: * User:scram-user has Allow permission for operations:
> Describe from hosts: * User:scram-user has Allow permission for operations:
> Write from hosts: * User:scram-user has Allow permission for operations:
> Create from hosts: * Adding ACLs for resource `Group:PREFIXED:gr`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:PREFIXED:e2e`: User:scram-user has Allow
> permission for operations: Read from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * Current ACLs for resource
> `Group:PREFIXED:gr`: User:scram-user has Allow permission for operations:
> Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has
> Allow permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Completed Updating config for entity: user-principal
> 'scram-admin'. Completed Updating config for entity: user-principal
> 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Read from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow
> permission for operations: Read from hosts: * Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin
> has Allow permission for operations: ClusterAction from hosts: * Current ACLs
> for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for
> operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`:
> User:scram-admin has Allow permission for operations: Read from hosts: *
> Completed Updating config for entity: user-principal 'scram-admin'. Completed
> Updating config for entity: user-principal 'scram-user'. Adding ACLs for
> resource `Topic:LITERAL:topic2`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations:
> Write from hosts: * User:scram-user has Allow permission for operations:
> Create from hosts: * User:scram-user has Allow permission for operations:
> Describe from hosts: * Adding ACLs for resource `Topic:LITERAL:topic2`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow
> permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations:
> Write from hosts: * User:scram-user has Allow permission for operations:
> Create from hosts: * User:scram-user has Allow permission for operations:
> Describe from hosts: * User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin
> has Allow permission for operations: ClusterAction from hosts: * Current ACLs
> for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for
> operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`:
> User:scram-admin has Allow permission for operations: Read from hosts: *
> Completed Updating config for entity: user-principal 'scram-admin'. Completed
> Updating config for entity: user-principal 'scram-user'. Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-user has Allow permission for
> operations: Read from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * Adding ACLs for resource `Group:LITERAL:*`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow
> permission for operations: Read from hosts: * User:scram-user has Allow
> permission for operations: Read from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * User:scram-user has Allow
> permission for operations: Write from hosts: * Current ACLs for resource
> `Group:LITERAL:*`: User:scram-user has Allow permission for operations: Read
> from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has
> Allow permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Completed Updating config for entity: user-principal
> 'scram-admin'. Completed Updating config for entity: user-principal
> 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> [2019-03-15 09:59:00,313] ERROR [Consumer clientId=consumer-105,
> groupId=group] Offset commit failed on partition e2etopic-0 at offset 0: Not
> authorized to access topics: [Topic authorization failed.]
> (org.apache.kafka.clients.consumer.internals.ConsumerCoordinator:815)
> [2019-03-15 09:59:00,325] ERROR [Consumer clientId=consumer-105,
> groupId=group] Not authorized to commit to topics [e2etopic]
> (org.apache.kafka.clients.consumer.internals.ConsumerCoordinator:853) Adding
> ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Current ACLs for
> resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for
> operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`:
> User:scram-admin has Allow permission for operations: Read from hosts: *
> Completed Updating config for entity: user-principal 'scram-admin'. Completed
> Updating config for entity: user-principal 'scram-user'. Adding ACLs for
> resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Create from hosts: * [2019-03-15 09:59:09,398] ERROR [Consumer
> clientId=consumer-106, groupId=group] Topic authorization failed for topics
> [e2etopic] (org.apache.kafka.clients.Metadata:297) Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. [2019-03-15 09:59:16,272] ERROR
> [AdminClient clientId=adminclient-93] Connection to node -2
> (localhost/127.0.0.1:42859) failed authentication due to: Authentication
> failed during authentication due to invalid credentials with SASL mechanism
> SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient:714) [2019-03-15
> 09:59:16,392] WARN Unable to read additional data from client sessionid
> 0x104549d1e9f0009, likely client has closed socket
> (org.apache.zookeeper.server.NIOServerCnxn:376) Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Read from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow
> permission for operations: Read from hosts: * Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. [2019-03-15 09:59:35,692] ERROR
> [Producer clientId=producer-215] Topic authorization failed for topics
> [e2etopic] (org.apache.kafka.clients.Metadata:297){quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
