-
-
Notifications
You must be signed in to change notification settings - Fork 521
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False [Topic authorization failed] error for topic #1346
Comments
I was able to reproduce this here: kafkajs/src/admin/__tests__/createAcls.spec.js Lines 255 to 304 in 8cbfb1b
Sharing the results of my debugging: What's happening is that the topic gets added to the cluster's list of "target topics", which is the list of topics it'll fetch metadata for when needed. So on the first produce, the allowed topic would be added to the list, and everything is fine. On the second produce, the not allowed topic is added to the list and we get an error back. On the third produce, we still try to fetch metadata for the not allowed topic, because it's still in the list of target topics, so we get an error. There are two solutions:
|
Since my report I found an additional use case which leads to the same issue. Regardless of ACLs on your topics publishing to an existing topic after an attempt to publish to a non-existing one has the same effect, except that the error message will be "This server does not host this topic-partition", presumably because of the very same beheviour on metadata fetching as described above. |
I have a similar issue here: #1377 |
That PR requires quite a lot of refactoring, since we've restructured a huge chunk of the consumer since that one was last touched. I spent my afternoon trying to bring it up to date, and I plan on going through it again properly tomorrow. I'd like to get it merged because it will make #1040 much more doable, as well as solve this issue and #1185. |
Sorry to disappoint, but the direction in #667 isn't going to work, as I realized once I spent a few days on it and the cracks started to show. I've elaborated in #667 (comment) In the meantime, I think this specific issue can probably be solved with a bit of a quick-fix by just removing the topic from |
@Nevon no worries, thank you for letting me know. I will prepare a PR with the recommended fix. |
Fixed by #1385 |
Describe the bug
Broker reports [Topic authorization failed] for a topic that KafkaJS could publish to before in the same Producer instance.
Broker provider: Confluent
To Reproduce
Expected behavior
Messages that matches the ACL will pass even if there were failing attempts before
Environment:
Additional context
During debugging I found that the Metadata protocol message buffer contains the forbidden topic name after encoding, even at step 5. send() gets only one topic (that matches the ACL) as a parameter, still the buffer contains the topic name from my previous send attempt.
The text was updated successfully, but these errors were encountered: