Skip to content

KAFKA-20183: Share consumer group fails when group ID contains colon character#21471

Merged
mimaison merged 6 commits intoapache:trunkfrom
fvaleri:sg-invalid-id
Feb 16, 2026
Merged

KAFKA-20183: Share consumer group fails when group ID contains colon character#21471
mimaison merged 6 commits intoapache:trunkfrom
fvaleri:sg-invalid-id

Conversation

@fvaleri
Copy link
Contributor

@fvaleri fvaleri commented Feb 13, 2026
edited by github-actions bot
Loading

This patch rejects share consumer group IDs containing ':' to prevent
SharePartitionKey parsing failure.

The SharePartitionKey format (groupId:topicId:partition) breaks when
the group ID itself contains ':', causing silent consumption failure. We
apply a minimal targeted fix (colon-only restriction) to avoid breaking
existing group naming conventions. This is validated on both client and
broker to cover old clients without the check.

EDIT:

The original approach restricted group IDs containing colon, which would
require a KIP. Instead, we now fix the issue in SharePartitionKey
parsing the key from the right since partition (int) and topicId (base64
UUID) have known formats and are always the last two segments, while
groupId (everything before) may contain colons.

Reviewers: Mickael Maison mickael.maison@gmail.com, Andrew Schofield
aschofield@confluent.io, Sushant Mahajan smahajan@confluent.io

@fvaleri
KAFKA-20183: Share consumer group fails when group ID contains colon …
529f979 
…character

This patch rejects share consumer group IDs containing ':' to prevent SharePartitionKey parsing failure.

The SharePartitionKey format (groupId:topicId:partition) breaks when the group ID itself contains ':',
causing silent consumption failure. We apply a minimal targeted fix (colon-only restriction) to avoid
breaking existing group naming conventions. This is validated on both client and broker to cover old
clients without the check.

Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@showuon
Copy link
Member

showuon commented Feb 13, 2026

@fvaleri , please help add tests. Thanks.

@smjn
Copy link
Collaborator

smjn commented Feb 13, 2026
edited
Loading

@fvaleri While the problem exists, there is no need to restrict the groupId name. The fix should be in SharePartitionKey (in both cases if you plan to use the restriction or fix the split logic).

@AndrewJSchofield
Copy link
Member

AndrewJSchofield commented Feb 13, 2026
edited
Loading

This seems like the most practical fix to me. Topic IDs already cannot contain : so the problem is restricted to group IDs only.

smjn
smjn suggested changes Feb 13, 2026
View reviewed changes
Copy link
Collaborator

@smjn smjn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR, however restriction to group name is not required.

mimaison
mimaison reviewed Feb 13, 2026
View reviewed changes
clients/src/main/java/org/apache/kafka/clients/consumer/internals/ShareConsumerImpl.java Outdated
Comment on lines 1117 to 1119
if (groupId.contains(":")) {
throw new InvalidGroupIdException("Group ID must not contain ':' for share consumers.");
}
Copy link
Member

@mimaison mimaison Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While this is the easy fix, I'm not sure it's the best option. Changing the allowed characters in a group name would typically require a KIP. Can't we adjust the split logic to start from the end? The topic name cannot contain a colon.

Copy link
Collaborator

@smjn smjn Feb 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The change should be in https://github.com/apache/kafka/blob/trunk/server-common/src/main/java/org/apache/kafka/server/share/SharePartitionKey.java#L75

something like:

public static SharePartitionKey getInstance(String key) {
        validate(key);
        String[] tokens = key.split(":");
        int last =  tokens.length - 1;
        //String groupId = String.join(":", Arrays.copyOfRange(tokens, 0, last-1));
       // OR
      // String groupId = key.substring(0, key.lastIndexOf(":", key.lastIndexOf(":")-1));
        return new SharePartitionKey(
                groupId,
                Uuid.fromString(tokens[last-1]),
                Integer.parseInt(tokens[last])
        );
    }

as well as update in validate in same class

Copy link
Member

@mimaison mimaison Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to update validate() as well as it checks for exactly 3 tokens and then does further checks based on this wrong assumption

Copy link
Contributor Author

@fvaleri fvaleri Feb 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right. Let me try this approach. Thanks.

@fvaleri
Parse the key from the right
8e7bf1b 
Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@github-actions github-actions bot added core Kafka Broker and removed small Small PRs labels Feb 13, 2026
@fvaleri
Revert unnecessary change
8c09c58 
Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@fvaleri fvaleri requested review from mimaison and smjn February 13, 2026 10:27
@fvaleri
Remove helper method
917c5d1 
Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@fvaleri
Add test for GID starting with colon
b2974ad 
Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@fvaleri
Add test for GID ending with colon
e169c8e 
Signed-off-by: Federico Valeri <fedevaleri@gmail.com>
@fvaleri fvaleri requested review from mimaison and smjn February 13, 2026 11:54
@github-actions github-actions bot removed the triage PRs from the community label Feb 14, 2026
smjn
smjn approved these changes Feb 16, 2026
View reviewed changes
Copy link
Collaborator

@smjn smjn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the changes, LGTM

AndrewJSchofield
AndrewJSchofield approved these changes Feb 16, 2026
View reviewed changes
Copy link
Member

@AndrewJSchofield AndrewJSchofield left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR. Looks good to me.

mimaison
mimaison approved these changes Feb 16, 2026
View reviewed changes
Copy link
Member

@mimaison mimaison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mimaison mimaison merged commit e678b4b into apache:trunk Feb 16, 2026
27 checks passed
@fvaleri fvaleri deleted the sg-invalid-id branch February 16, 2026 11:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mimaison mimaison mimaison approved these changes

@AndrewJSchofield AndrewJSchofield AndrewJSchofield approved these changes

+1 more reviewer

@smjn smjn smjn approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ci-approved clients consumer core Kafka Broker group-coordinator

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@fvaleri @showuon @smjn @AndrewJSchofield @mimaison