[
https://issues.apache.org/jira/browse/KAFKA-8114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16794217#comment-16794217
]
ASF GitHub Bot commented on KAFKA-8114:
---------------------------------------
rajinisivaram commented on pull request #6452: KAFKA-8114: Wait for SCRAM
credential propagation in DelegationTokenEdToEndAuthorizationTest
URL: https://github.com/apache/kafka/pull/6452
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Flaky Test DelegationTokenEndToEndAuthorizationTest#testNoGroupAcl
> ------------------------------------------------------------------
>
> Key: KAFKA-8114
> URL: https://issues.apache.org/jira/browse/KAFKA-8114
> Project: Kafka
> Issue Type: Bug
> Components: core, unit tests
> Affects Versions: 2.3.0
> Reporter: Matthias J. Sax
> Priority: Critical
> Labels: flaky-test
> Fix For: 2.3.0
>
>
> [https://builds.apache.org/job/kafka-pr-jdk11-scala2.12/3254/testReport/junit/kafka.api/DelegationTokenEndToEndAuthorizationTest/testNoGroupAcl/]
> {quote}java.util.concurrent.ExecutionException:
> org.apache.kafka.common.errors.SaslAuthenticationException: Authentication
> failed during authentication due to invalid credentials with SASL mechanism
> SCRAM-SHA-256 at
> org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45)
> at
> org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32)
> at
> org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89)
> at
> org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:260)
> at
> kafka.api.DelegationTokenEndToEndAuthorizationTest.createDelegationToken(DelegationTokenEndToEndAuthorizationTest.scala:88)
> at
> kafka.api.DelegationTokenEndToEndAuthorizationTest.configureSecurityAfterServersStart(DelegationTokenEndToEndAuthorizationTest.scala:63)
> at
> kafka.integration.KafkaServerTestHarness.setUp(KafkaServerTestHarness.scala:107)
> at kafka.api.IntegrationTestHarness.doSetup(IntegrationTestHarness.scala:81)
> at kafka.api.IntegrationTestHarness.setUp(IntegrationTestHarness.scala:73) at
> kafka.api.EndToEndAuthorizationTest.setUp(EndToEndAuthorizationTest.scala:183)
> at
> kafka.api.DelegationTokenEndToEndAuthorizationTest.setUp(DelegationTokenEndToEndAuthorizationTest.scala:74){quote}
> STDOUT
> {quote}Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has
> Allow permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Completed Updating config for entity: user-principal
> 'scram-admin'. Completed Updating config for entity: user-principal
> 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Create from hosts: * [2019-03-15 09:58:16,481] ERROR [Consumer
> clientId=consumer-99, groupId=group] Topic authorization failed for topics
> [e2etopic] (org.apache.kafka.clients.Metadata:297) [2019-03-15 09:58:17,527]
> WARN Unable to read additional data from client sessionid 0x104549c2b88000a,
> likely client has closed socket
> (org.apache.zookeeper.server.NIOServerCnxn:376) Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:PREFIXED:e2e`: User:scram-user has Allow permission for operations:
> Read from hosts: * User:scram-user has Allow permission for operations:
> Describe from hosts: * User:scram-user has Allow permission for operations:
> Write from hosts: * User:scram-user has Allow permission for operations:
> Create from hosts: * Adding ACLs for resource `Group:PREFIXED:gr`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:PREFIXED:e2e`: User:scram-user has Allow
> permission for operations: Read from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * Current ACLs for resource
> `Group:PREFIXED:gr`: User:scram-user has Allow permission for operations:
> Read from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has
> Allow permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Completed Updating config for entity: user-principal
> 'scram-admin'. Completed Updating config for entity: user-principal
> 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Read from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow
> permission for operations: Read from hosts: * Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin
> has Allow permission for operations: ClusterAction from hosts: * Current ACLs
> for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for
> operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`:
> User:scram-admin has Allow permission for operations: Read from hosts: *
> Completed Updating config for entity: user-principal 'scram-admin'. Completed
> Updating config for entity: user-principal 'scram-user'. Adding ACLs for
> resource `Topic:LITERAL:topic2`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations:
> Write from hosts: * User:scram-user has Allow permission for operations:
> Create from hosts: * User:scram-user has Allow permission for operations:
> Describe from hosts: * Adding ACLs for resource `Topic:LITERAL:topic2`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Adding ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow
> permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:topic2`: User:scram-user has Allow permission for operations:
> Write from hosts: * User:scram-user has Allow permission for operations:
> Create from hosts: * User:scram-user has Allow permission for operations:
> Describe from hosts: * User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin
> has Allow permission for operations: ClusterAction from hosts: * Current ACLs
> for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for
> operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`:
> User:scram-admin has Allow permission for operations: Read from hosts: *
> Completed Updating config for entity: user-principal 'scram-admin'. Completed
> Updating config for entity: user-principal 'scram-user'. Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-user has Allow permission for
> operations: Read from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * Adding ACLs for resource `Group:LITERAL:*`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin has Allow
> permission for operations: Read from hosts: * User:scram-user has Allow
> permission for operations: Read from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * User:scram-user has Allow
> permission for operations: Write from hosts: * Current ACLs for resource
> `Group:LITERAL:*`: User:scram-user has Allow permission for operations: Read
> from hosts: * Adding ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Current ACLs for resource `Cluster:LITERAL:kafka-cluster`:
> User:scram-admin has Allow permission for operations: ClusterAction from
> hosts: * Adding ACLs for resource `Topic:LITERAL:*`: User:scram-admin has
> Allow permission for operations: Read from hosts: * Current ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Completed Updating config for entity: user-principal
> 'scram-admin'. Completed Updating config for entity: user-principal
> 'scram-user'. Adding ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * User:scram-user has Allow
> permission for operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> [2019-03-15 09:59:00,313] ERROR [Consumer clientId=consumer-105,
> groupId=group] Offset commit failed on partition e2etopic-0 at offset 0: Not
> authorized to access topics: [Topic authorization failed.]
> (org.apache.kafka.clients.consumer.internals.ConsumerCoordinator:815)
> [2019-03-15 09:59:00,325] ERROR [Consumer clientId=consumer-105,
> groupId=group] Not authorized to commit to topics [e2etopic]
> (org.apache.kafka.clients.consumer.internals.ConsumerCoordinator:853) Adding
> ACLs for resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Current ACLs for
> resource `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow
> permission for operations: ClusterAction from hosts: * Adding ACLs for
> resource `Topic:LITERAL:*`: User:scram-admin has Allow permission for
> operations: Read from hosts: * Current ACLs for resource `Topic:LITERAL:*`:
> User:scram-admin has Allow permission for operations: Read from hosts: *
> Completed Updating config for entity: user-principal 'scram-admin'. Completed
> Updating config for entity: user-principal 'scram-user'. Adding ACLs for
> resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Group:LITERAL:group`:
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Topic:LITERAL:e2etopic`: User:scram-user has Allow
> permission for operations: Write from hosts: * User:scram-user has Allow
> permission for operations: Create from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Create from hosts: * [2019-03-15 09:59:09,398] ERROR [Consumer
> clientId=consumer-106, groupId=group] Topic authorization failed for topics
> [e2etopic] (org.apache.kafka.clients.Metadata:297) Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. [2019-03-15 09:59:16,272] ERROR
> [AdminClient clientId=adminclient-93] Connection to node -2
> (localhost/127.0.0.1:42859) failed authentication due to: Authentication
> failed during authentication due to invalid credentials with SASL mechanism
> SCRAM-SHA-256 (org.apache.kafka.clients.NetworkClient:714) [2019-03-15
> 09:59:16,392] WARN Unable to read additional data from client sessionid
> 0x104549d1e9f0009, likely client has closed socket
> (org.apache.zookeeper.server.NIOServerCnxn:376) Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Current ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Write from hosts: * User:scram-user has Allow permission for
> operations: Create from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Topic:LITERAL:e2etopic`: User:scram-user has Allow permission for
> operations: Read from hosts: * User:scram-user has Allow permission for
> operations: Describe from hosts: * Adding ACLs for resource
> `Group:LITERAL:group`: User:scram-user has Allow permission for operations:
> Read from hosts: * Current ACLs for resource `Topic:LITERAL:e2etopic`:
> User:scram-user has Allow permission for operations: Write from hosts: *
> User:scram-user has Allow permission for operations: Create from hosts: *
> User:scram-user has Allow permission for operations: Describe from hosts: *
> User:scram-user has Allow permission for operations: Read from hosts: *
> Current ACLs for resource `Group:LITERAL:group`: User:scram-user has Allow
> permission for operations: Read from hosts: * Adding ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Current ACLs for resource
> `Cluster:LITERAL:kafka-cluster`: User:scram-admin has Allow permission for
> operations: ClusterAction from hosts: * Adding ACLs for resource
> `Topic:LITERAL:*`: User:scram-admin has Allow permission for operations: Read
> from hosts: * Current ACLs for resource `Topic:LITERAL:*`: User:scram-admin
> has Allow permission for operations: Read from hosts: * Completed Updating
> config for entity: user-principal 'scram-admin'. Completed Updating config
> for entity: user-principal 'scram-user'. [2019-03-15 09:59:35,692] ERROR
> [Producer clientId=producer-215] Topic authorization failed for topics
> [e2etopic] (org.apache.kafka.clients.Metadata:297){quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
