I'm working through a kafka implementation. I'm having issues with the ssl.principal.mapping.rules configuration.
I've successfully started up Kafka with the SSL encrypt/authenticate in place and I've successfully set up the super user using the full principal name. The issue arises when I flip on the ssl.principal.mapping rules. As soon as I implement this I can no longer access my topics as a super-user. When I disable the ssl.principal.mapping.rules and go back to the full principal name I cannot view my topics. Below is my config and error I'm seeing. This was working fine until I added the ssl.principal.mapping.rules=RULE:^CN=(.*?)$/$1/U,DEFAULT section. Yes, the cert cn is 'CN=TESTINSTANCE' #CONFIG broker.id=1 # SOCKET SERVER SETTINGS num.network.threads=3 num.io.threads=8 socket.send.buffer.bytes=102400 socket.receive.buffer.bytes=102400 socket.request.max.bytes=104857600 # TLS listeners=INTERNAL://0.0.0.0:9092,EXTERNAL://0.0.0.0:9093 advertised.listeners=INTERNAL://kaf1:9092,EXTERNAL://kaf1pub:9093 listener.security.protocol.map=INTERNAL:SSL,EXTERNAL:SSL inter.broker.listener.name=INTERNAL ssl.endpoint.identification.algorithm= ssl.client.auth=required ssl.keystore.location=/directory/to/key.jks ssl.keystore.password= ssl.key.password= ssl.truststore.location=/directory/to/trust.jks ssl.truststore.password= # LOG BASICS log.dirs=/directory/to/log num.partitions=1 num.recovery.threads.per.data.dir=1 # INTERNAL TOPIC SETTINGS offsets.topic.replication.factor=1 transaction.state.log.replication.factor=1 transaction.state.log.min.isr=1 auto.create.topics.enable=false delete.topic.enable=true # LOG RETENTION POLICY log.retention.hours=168 log.segment.bytes=1073741824 log.retention.check.interval.ms=300000 # TLS KAFKA to ZOOKEEPER zookeeper.connect=testzoo:2182/chroot zookeeper.connection.timeout.ms=6000 zookeeper.ssl.client.enable=true zookeeper.clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty zookeeper.ssl.keystore.location=/directory/to/key.jks zookeeper.ssl.keystore.password= zookeeper.ssl.truststore.location=/directory/to/trust.jks zookeeper.ssl.truststore.password= # GROUP COORDINATOR SETTINGS group.initial.rebalance.delay.ms=0 # ACL SETTINGS authorizer.class.name=kafka.security.authorizer.AclAuthorizer # For name mapping on principal super.users=User:TESTINSTANCE allow.everyone.if.no.acl.found=false ssl.principal.mapping.rules=RULE:^CN=(.*?)$/$1/U,DEFAULT Error Msg: Error while executing topic command : org.apache.kafka.common.errors.TimeoutException: Call(callName=listTopics, deadlineMs=1589471487877) timed out at 1589471487878 after 1 attempt(s) [2020-05-14 15:51:27,882] ERROR java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.TimeoutException: Call(callName=listTopics, deadlineMs=1589471487877) timed out at 1589471487878 after 1 attempt(s) at org.apache.kafka.common.internals.KafkaFutureImpl.wrapAndThrow(KafkaFutureImpl.java:45) at org.apache.kafka.common.internals.KafkaFutureImpl.access$000(KafkaFutureImpl.java:32) at org.apache.kafka.common.internals.KafkaFutureImpl$SingleWaiter.await(KafkaFutureImpl.java:89) at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:260) at kafka.admin.TopicCommand$AdminClientTopicService.getTopics(TopicCommand.scala:333) at kafka.admin.TopicCommand$AdminClientTopicService.listTopics(TopicCommand.scala:252) at kafka.admin.TopicCommand$.main(TopicCommand.scala:66) at kafka.admin.TopicCommand.main(TopicCommand.scala) Caused by: org.apache.kafka.common.errors.TimeoutException: Call(callName=listTopics, deadlineMs=1589471487877) timed out at 1589471487878 after 1 attempt(s) Caused by: org.apache.kafka.common.errors.TimeoutException: Timed out waiting for a node assignment. (kafka.admin.TopicCommand$) Jonathan Goings | Database Administrator, Adv NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies.