Ewen, that's right and that is being handled in https://github.com/apache/kafka/pull/1428.
On Sun, Jul 24, 2016 at 1:41 AM, Ewen Cheslack-Postava <e...@confluent.io> wrote: > Manikumar, > > Yeah, that seems bad. Seems like maybe instead of moving to server-side > processing we should make the metadata request limit results to topics the > principal is authorized for? I suspect this is important anyway since > generally it seems we don't want to reveal errors when there's unauthorized > resources, but instead mask that error as something else or not return an > error at all? > > -Ewen > > On Fri, Jul 8, 2016 at 10:24 AM, Manikumar Reddy < > manikumar.re...@gmail.com> > wrote: > > > Hi, > > > > consumer.subscribe(Pattern p , ..) method implementation tries to get > > metadata of all the topics. > > This will throw TopicAuthorizationException on internal topics and other > > unauthorized topics. > > We may need to move the pattern matching to sever side. > > Is this know issue?. If not, I will raise JIRA. > > > > logs: > > [2016-07-07 22:48:06,317] WARN Error while fetching metadata with > > correlation id 1 : {__consumer_offsets=TOPIC_AUTHORIZATION_FAILED} > > (org.apache.kafka.clients.NetworkClient) > > [2016-07-07 22:48:06,318] ERROR Unknown error when running consumer: > > (kafka.tools.ConsoleConsumer$) > > org.apache.kafka.common.errors.TopicAuthorizationException: Not > authorized > > to access topics: [__consumer_offsets] > > > > > > Thanks, > > Manikumar > > > > > > -- > Thanks, > Ewen >