[GitHub] [kafka] sciclon2 opened a new pull request, #14094: KAFKA-15243: Desanitizing(AKA: decoding) User before listing them

Tue, 25 Jul 2023 10:20:48 -0700 


sciclon2 opened a new pull request, #14094:
URL: https://github.com/apache/kafka/pull/14094

   This PR aims to fix a bug, basically there is a mismatch between the Kafka 
users and the list tool output.
   
   
   Kafka allows to create users with special characters that are encoded before 
storing them to ZK.
   Later they are decoded when they are requested by Kafka.
   
   In our company we rely in the list users feature to check if the Kafka users 
exists, the problem is the users listed by kafa-configs.sh were not decoding 
the users and showing them with the string encoded.
   
   For example if I want to create `myu...@myuser.com`
   
   COMMAND
   ```bash
   /etc/new_kafka/bin/kafka-configs.sh  --bootstrap-server localhost:9092 
--alter --add-config 
'SCRAM-SHA-256=[iterations=4096,password=blabla],SCRAM-SHA-256=[password=blabla]'
 --entity-type users --entity-name myu...@myuser.com
   ```
   
   OUTPUT
   ```bash
   Completed updating config for user myu...@myuser.com
   ```
   
   As we can see the user is properly created but when we list it we see this:
   ```bash
   kafka-configs.sh --bootstrap-server localhost:9092 --describe --entity-type 
users|grep myuser 
   ```
   
   OUTPUT
   ```bash
   SCRAM credential configs for user-principal 'myuser%40myuser.com' are 
SCRAM-SHA-256=iterations=8192, SCRAM-SHA-512=iterations=4096 
   ```
   
   So the problem is the describe is not decoding the users, in our case this 
is a problem as after creating the user we use this command to make sure the 
user exists fro future operations, for example password change.
   
   more information in the 
[ticket](https://issues.apache.org/jira/browse/KAFKA-15243)
   
   
   
   TEST: After adding the patch users are properly listed:
   ```bash
   kafka-configs.sh  --bootstrap-server localhost:9092 --alter --add-config 
'SCRAM-SHA-256=[iterations=4096,password=blabla],SCRAM-SHA-256=[password=blabla]'
 --entity-type users --entity-name myu...@myuser.com
   
   Completed updating config for user myu...@myuser.com.
   ```
   
   
   NOW THE USER IS LISTED WITH THE REAL NAME
   ```bash
   kafka-configs.sh --bootstrap-server localhost:9092 --describe --entity-type 
users|grep myu...@myuser.com
   
   SCRAM credential configs for user-principal 'myu...@myuser.com' are 
SCRAM-SHA-256=iterations=4096
   ```
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to