[
https://issues.apache.org/jira/browse/KAFKA-8719?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sathish updated KAFKA-8719:
---------------------------
Description:
While specifying --partition option on kafka-console-consumer, it is bypassing
the sentry evaluations and making the users to consume messages freely. Even
though a consumer group does not have access to consume messages from topics
--partition option bypassing the evaluation
Example command used:
#kafka-console-consumer --topic booktopic1 --consumer.config
consumer.properties --bootstrap-server <broker-host>:9092 --from-beginning
--consumer-property group.id=spark-kafka-111 --partition 0
This succeeds even though, if spark-kafka-111 does not have any access on topic
booktopic1
whereas
#kafka-console-consumer --topic booktopic1 --consumer.config
consumer.properties --bootstrap-server <broker-host>:9092 --from-beginning
--consumer-property group.id=spark-kafka-111
Fails with topic authorisation issues
was:
While specifying --partition option on kafka-console-consumer, it is bypassing
the sentry evaluations and making the users to consume messages freely. Even
though a consumer group does not have access to consume messages from topics
--partition option bypassing the evaluation
Example command used:
#kafka-console-consumer --topic booktopic1 --consumer.config
consumer.properties --bootstrap-server <broker-host>:9092 --from-beginning
--consumer-property group.id=spark-kafka-111 --partition 0
This succeeds even though, if spark-kafka-111 does not have any access on topic
booktopic1
whereas
#kafka-console-consumer --topic booktopic1 --consumer.config
consumer.properties --bootstrap-server host-10-17-101-200.coe.cloudera.com:9092
--from-beginning --consumer-property group.id=spark-kafka-111
Fails with topic authorisation issues
> kafka-console-consumer bypassing sentry evaluations while specifying
> --partition option
> ---------------------------------------------------------------------------------------
>
> Key: KAFKA-8719
> URL: https://issues.apache.org/jira/browse/KAFKA-8719
> Project: Kafka
> Issue Type: Bug
> Components: consumer, tools
> Reporter: Sathish
> Priority: Major
> Labels: kafka-console-cons
>
> While specifying --partition option on kafka-console-consumer, it is
> bypassing the sentry evaluations and making the users to consume messages
> freely. Even though a consumer group does not have access to consume messages
> from topics --partition option bypassing the evaluation
> Example command used:
> #kafka-console-consumer --topic booktopic1 --consumer.config
> consumer.properties --bootstrap-server <broker-host>:9092 --from-beginning
> --consumer-property group.id=spark-kafka-111 --partition 0
> This succeeds even though, if spark-kafka-111 does not have any access on
> topic booktopic1
> whereas
> #kafka-console-consumer --topic booktopic1 --consumer.config
> consumer.properties --bootstrap-server <broker-host>:9092 --from-beginning
> --consumer-property group.id=spark-kafka-111
> Fails with topic authorisation issues
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
