After enabling simple authorization, listeners that have not enabled authentication don't work

Solution Verified - Updated -

Issue

  • After enabling simple authorization, listeners that have not enabled authentication don't work.
    • Because authorization is a cluster-wide configuration for AMQ Streams, so if authorization is enabled, all the operations via all the listeners should also be authorized. Then, this is the expected behavior.
# Kafka consumer authorization failed log example
[2023-09-06 06:27:26,297] WARN [Consumer clientId=console-consumer, groupId=console-consumer-54599] Error while fetching metadata with correlation id 2 : {my-topic=TOPIC_AUTHORIZATION_FAILED} (org.apache.kafka.clients.NetworkClient)
[2023-09-06 06:27:26,299] ERROR [Consumer clientId=console-consumer, groupId=console-consumer-54599] Topic authorization failed for topics [my-topic] (org.apache.kafka.clients.Metadata)
[2023-09-06 06:27:26,303] ERROR Error processing message, terminating consumer process:  (kafka.tools.ConsoleConsumer$)
kafka-consumer kafka-consumer org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [my-topic]

# Kafka broker authorization failed log example
kafka 2023-09-06 06:27:26,287 INFO Principal = User:ANONYMOUS is Denied Operation = Describe from host = 10.131.0.79 on resource = Group:LITERAL:console-consumer-54599 for request = FindCoordinator with resourceRefCount = 1 (kafka.authorizer.logger) [data-plane-kafka-request-handler-6]

Environment

  • Red Hat AMQ Streams on OpenShift 2.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content