Hi Nanda,
It's great you figured it out.
"KIP-1157
<https://cwiki.apache.org/confluence/display/KAFKA/KIP-1157%3A+Enforce+KafkaPrincipalSerde+Implementation+for+KafkaPrincipalBuilder>:
Enforce KafkaPrincipalSerde Implementation for KafkaPrincipalBuilder" is
proposed to fix this issue.
Thank you.
Luke
On Wed, Jun 11, 2025 at 12:39 AM Nanda Naga <nandanaga@microsoft.com.invalid>
wrote:
> I figured this out issue - it is due to missing
> serialization/deserialization logic for the custom principal
>
> Regards,
> Nanda
>
> -----Original Message-----
> From: Nanda Naga <nandanaga@microsoft.com.INVALID>
> Sent: Friday, June 6, 2025 1:19 PM
> To: users@kafka.apache.org
> Subject: [EXTERNAL] Kraft mode - Authz errors while doing alterconfig via
> admin client
>
> [You don't often get email from nandanaga@microsoft.com.invalid. Learn
> why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> In broker server properties and controller server properties, I have setup
> the custom principal builder class name and custom acl authorizer (extends
> standard authorizer) class name properly
>
> The normal produce/ consumes that the topic has acls works fine though
> using the custom principal and custom acl authorizer. It works when it is
> inter controller auth calls
>
> But when requests sent via admin client (using command prompt calls) or
> via code that uses admin client, I see default principal being passed
> (KafkaPrincipal) instead of my custom principal from broker to controller.
>
> Anything I miss here?
>
> If you need any more details, I can share
>
> Regards,
> Nanda
>
>
It's great you figured it out.
"KIP-1157
<https://cwiki.apache.org/confluence/display/KAFKA/KIP-1157%3A+Enforce+KafkaPrincipalSerde+Implementation+for+KafkaPrincipalBuilder>:
Enforce KafkaPrincipalSerde Implementation for KafkaPrincipalBuilder" is
proposed to fix this issue.
Thank you.
Luke
On Wed, Jun 11, 2025 at 12:39 AM Nanda Naga <nandanaga@microsoft.com.invalid>
wrote:
> I figured this out issue - it is due to missing
> serialization/deserialization logic for the custom principal
>
> Regards,
> Nanda
>
> -----Original Message-----
> From: Nanda Naga <nandanaga@microsoft.com.INVALID>
> Sent: Friday, June 6, 2025 1:19 PM
> To: users@kafka.apache.org
> Subject: [EXTERNAL] Kraft mode - Authz errors while doing alterconfig via
> admin client
>
> [You don't often get email from nandanaga@microsoft.com.invalid. Learn
> why this is important at https://aka.ms/LearnAboutSenderIdentification ]
>
> In broker server properties and controller server properties, I have setup
> the custom principal builder class name and custom acl authorizer (extends
> standard authorizer) class name properly
>
> The normal produce/ consumes that the topic has acls works fine though
> using the custom principal and custom acl authorizer. It works when it is
> inter controller auth calls
>
> But when requests sent via admin client (using command prompt calls) or
> via code that uses admin client, I see default principal being passed
> (KafkaPrincipal) instead of my custom principal from broker to controller.
>
> Anything I miss here?
>
> If you need any more details, I can share
>
> Regards,
> Nanda
>
>
Comments
Post a Comment