Ewen, that's right and that is being handled in
https://github.com/apache/kafka/pull/1428.
On Sun, Jul 24, 2016 at 1:41 AM, Ewen Cheslack-Postava <e...@confluent.io>
wrote:
> Manikumar,
>
> Yeah, that seems bad. Seems like maybe instead of moving to server-side
> processing we should make the metadata request limit results to topics the
> principal is authorized for? I suspect this is important anyway since
> generally it seems we don't want to reveal errors when there's unauthorized
> resources, but instead mask that error as something else or not return an
> error at all?
>
> -Ewen
>
> On Fri, Jul 8, 2016 at 10:24 AM, Manikumar Reddy <
> manikumar.re...@gmail.com>
> wrote:
>
> > Hi,
> >
> > consumer.subscribe(Pattern p , ..) method implementation tries to get
> > metadata of all the topics.
> > This will throw TopicAuthorizationException on internal topics and other
> > unauthorized topics.
> > We may need to move the pattern matching to sever side.
> > Is this know issue?. If not, I will raise JIRA.
> >
> > logs:
> > [2016-07-07 22:48:06,317] WARN Error while fetching metadata with
> > correlation id 1 : {__consumer_offsets=TOPIC_AUTHORIZATION_FAILED}
> > (org.apache.kafka.clients.NetworkClient)
> > [2016-07-07 22:48:06,318] ERROR Unknown error when running consumer:
> > (kafka.tools.ConsoleConsumer$)
> > org.apache.kafka.common.errors.TopicAuthorizationException: Not
> authorized
> > to access topics: [__consumer_offsets]
> >
> >
> > Thanks,
> > Manikumar
> >
>
>
>
> --
> Thanks,
> Ewen
>
