[ 
https://issues.apache.org/jira/browse/KAFKA-13337?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Katona updated KAFKA-13337:
----------------------------------
    Description: 
During Connect plugin path scan, if an unreadable file/directory is found, 
Connect will fail with an {{AccessDeniedException}}. As the directories/files 
can be unreadable, it is best to skip them in this case. See referenced PR.

 
{noformat}
java.nio.file.AccessDeniedException: 
/tmp/junit8905851398112785578/plugins/.protected
        at 
java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
        at 
java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
        at 
java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
        at 
java.base/sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:432)
        at java.base/java.nio.file.Files.newDirectoryStream(Files.java:604)
        at 
org.apache.kafka.connect.runtime.isolation.PluginUtils.pluginUrls(PluginUtils.java:276)
        at 
org.apache.kafka.connect.runtime.isolation.PluginUtilsTest.testPluginUrlsWithProtectedDirectory(PluginUtilsTest.java:481)
...
{noformat}

Connect server fails with the following exception, (I created an "aaa" 
directory only readable by root
{noformat}
Could not get listing for plugin path: /var/lib/kafka. Ignoring.
java.nio.file.AccessDeniedException: /var/lib/kafka/aaaa
        at 
sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
        at 
sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:427)
        at java.nio.file.Files.newDirectoryStream(Files.java:589)
        at 
org.apache.kafka.connect.runtime.isolation.PluginUtils.pluginUrls(PluginUtils.java:231)
        at 
org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.registerPlugin(DelegatingClassLoader.java:241)
        at 
org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.initPluginLoader(DelegatingClassLoader.java:222)
        at 
org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.initLoaders(DelegatingClassLoader.java:199)
        at 
org.apache.kafka.connect.runtime.isolation.Plugins.<init>(Plugins.java:60)
        at 
org.apache.kafka.connect.cli.ConnectDistributed.startConnect(ConnectDistributed.java:91)
{noformat}

Additional note:
Connect server would not stop normally but an extension couldn't be found 
because of this in my case which killed connect at later point.

  was:
During Connect plugin path scan, if an unreadable file/directory is found, 
Connect will fail with an {{AccessDeniedException}}. As the directories/files 
can be unreadable, it is best to skip them in this case. See referenced PR.

 
{noformat}
java.nio.file.AccessDeniedException: 
/tmp/junit8905851398112785578/plugins/.protected
        at 
java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
        at 
java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
        at 
java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
        at 
java.base/sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:432)
        at java.base/java.nio.file.Files.newDirectoryStream(Files.java:604)
        at 
org.apache.kafka.connect.runtime.isolation.PluginUtils.pluginUrls(PluginUtils.java:276)
        at 
org.apache.kafka.connect.runtime.isolation.PluginUtilsTest.testPluginUrlsWithProtectedDirectory(PluginUtilsTest.java:481)
...
{noformat}

Connect server fails with the following exception, (I created an "aaa" 
directory only readable by root
{noformat}
Could not get listing for plugin path: /var/lib/kafka. Ignoring.
java.nio.file.AccessDeniedException: /var/lib/kafka/aaaa
        at 
sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
        at 
sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:427)
        at java.nio.file.Files.newDirectoryStream(Files.java:589)
        at 
org.apache.kafka.connect.runtime.isolation.PluginUtils.pluginUrls(PluginUtils.java:231)
        at 
org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.registerPlugin(DelegatingClassLoader.java:241)
        at 
org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.initPluginLoader(DelegatingClassLoader.java:222)
        at 
org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.initLoaders(DelegatingClassLoader.java:199)
        at 
org.apache.kafka.connect.runtime.isolation.Plugins.<init>(Plugins.java:60)
        at 
org.apache.kafka.connect.cli.ConnectDistributed.startConnect(ConnectDistributed.java:91)
{noformat}


> Scanning for Connect plugins can fail with AccessDeniedException
> ----------------------------------------------------------------
>
>                 Key: KAFKA-13337
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13337
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>    Affects Versions: 2.7.1, 2.6.2, 3.1.0, 2.8.1
>            Reporter: Tamás Héri
>            Assignee: Tamás Héri
>            Priority: Minor
>
> During Connect plugin path scan, if an unreadable file/directory is found, 
> Connect will fail with an {{AccessDeniedException}}. As the directories/files 
> can be unreadable, it is best to skip them in this case. See referenced PR.
>  
> {noformat}
> java.nio.file.AccessDeniedException: 
> /tmp/junit8905851398112785578/plugins/.protected
>       at 
> java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
>       at 
> java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
>       at 
> java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
>       at 
> java.base/sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:432)
>       at java.base/java.nio.file.Files.newDirectoryStream(Files.java:604)
>       at 
> org.apache.kafka.connect.runtime.isolation.PluginUtils.pluginUrls(PluginUtils.java:276)
>       at 
> org.apache.kafka.connect.runtime.isolation.PluginUtilsTest.testPluginUrlsWithProtectedDirectory(PluginUtilsTest.java:481)
> ...
> {noformat}
> Connect server fails with the following exception, (I created an "aaa" 
> directory only readable by root
> {noformat}
> Could not get listing for plugin path: /var/lib/kafka. Ignoring.
> java.nio.file.AccessDeniedException: /var/lib/kafka/aaaa
>       at 
> sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
>       at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
>       at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
>       at 
> sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:427)
>       at java.nio.file.Files.newDirectoryStream(Files.java:589)
>       at 
> org.apache.kafka.connect.runtime.isolation.PluginUtils.pluginUrls(PluginUtils.java:231)
>       at 
> org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.registerPlugin(DelegatingClassLoader.java:241)
>       at 
> org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.initPluginLoader(DelegatingClassLoader.java:222)
>       at 
> org.apache.kafka.connect.runtime.isolation.DelegatingClassLoader.initLoaders(DelegatingClassLoader.java:199)
>       at 
> org.apache.kafka.connect.runtime.isolation.Plugins.<init>(Plugins.java:60)
>       at 
> org.apache.kafka.connect.cli.ConnectDistributed.startConnect(ConnectDistributed.java:91)
> {noformat}
> Additional note:
> Connect server would not stop normally but an extension couldn't be found 
> because of this in my case which killed connect at later point.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to