Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KAFKA-18440: Admin does not convert the AuthorizationException to fatal error in using bootstrap controllers #18435

Open
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Open

KAFKA-18440: Admin does not convert the AuthorizationException to fatal error in using bootstrap controllers #18435

wants to merge 1 commit into from
+111 −24

Conversation

FrankYang0529
Copy link
Member

Admin use DescribeClusterRequest to build metadata when using bootstrap controllers, and controller APIs may return ClusterAuthorizationException when users have no "ALTER" permission (see #14306 (comment)).

However, admin does not convert the authorized exception to fatal exception (https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/clients/admin/internals/AdminMetadataManager.java#L276), so it keeps sending the request to controller until timeout.

  • unit test: AdminMetadataManagerTest#testAuthorizationFailure
  • integration test: ClusterTestExtensionsTest#testSaslPlaintext

Committer Checklist (excluded from commit message)

  • Verify design and implementation
  • Verify test coverage and CI build status
  • Verify documentation (including upgrade notes)

@github-actions github-actions bot added clients small Small PRs labels Jan 8, 2025
divijvaidya
divijvaidya requested changes Jan 8, 2025
View reviewed changes
clients/src/main/java/org/apache/kafka/clients/admin/internals/AdminMetadataManager.java Outdated
@@ -280,6 +281,9 @@ public void updateFailed(Throwable exception) {
if (exception instanceof AuthenticationException) {
log.warn("Metadata update failed due to authentication error", exception);
this.fatalException = (ApiException) exception;
} else if (exception instanceof ClusterAuthorizationException) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be AuthorizationException here since all authZ exceptions are non-retriable?

clients/src/main/java/org/apache/kafka/clients/admin/internals/AdminMetadataManager.java Outdated
@@ -280,6 +281,9 @@ public void updateFailed(Throwable exception) {
if (exception instanceof AuthenticationException) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a function isFatalException and add AuthenticationException, AuthorizationException, SecurityDisabledException, UnsupportedEndpointTypeException, UnsupportedForMessageFormatException, UnsupportedVersionException etc.

You can add this function in RequestUtils class.

Copy link
Member Author

@FrankYang0529 FrankYang0529 Jan 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review. This Jira would like to focus on fatal exception for metadata call in Admin.

IIRC, The SecurityDisabledException is used in create / delete ACLs and UnsupportedForMessageFormatException is used in produce request, so I don't add them.

Also, in UnsupportedVersionException, it logs different message for bootstrap and controller node, but other exceptions logs same message for different node type, so I don't encapsulate all exceptions in a utility function.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand that this is increasing the scope of the JIRA. What I am trying to suggest here will help us prevent such problems in future for cases where a client retries on a fatal exception. If we have a utility method, we can consolidate the logic of what is considered fatal at one place and existing/future calls to server APIs can use that utility to handle exceptions. It will prevent bugs in future if new authors can use the utility method.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comment. Yeah, it's good to have a utility function for it. I add it to RequestUtils#isFatalException.

@FrankYang0529
KAFKA-18440: Admin does not convert the AuthorizationException to fat…
e9d5260 
…al error in using bootstrap controllers

Signed-off-by: PoAn Yang <payang@apache.org>
@github-actions github-actions bot removed the small Small PRs label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@divijvaidya divijvaidya divijvaidya approved these changes

Assignees
No one assigned
Labels
clients
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@FrankYang0529 @divijvaidya