Create ACL for MSK return unknown err

[shiyuhang0]

Description

user admin client to create acl for msk return unknown err

code

type MSKAccessTokenProvider struct {
}

func (t *MSKAccessTokenProvider) Token() (*sarama.AccessToken, error) {
	token, _, err := signer.GenerateAuthTokenFromCredentialsProvider(context.TODO(), "ap-southeast-1", credentials.NewStaticCredentialsProvider("xxx", "xxx", ""))
	return &sarama.AccessToken{Token: token}, err
}

func IamAuth() *sarama.Config {
	signer.AwsDebugCreds = true
	config := sarama.NewConfig()

	config.Net.SASL.Enable = true
	config.Net.SASL.Mechanism = sarama.SASLTypeOAuth
	config.Net.SASL.TokenProvider = &MSKAccessTokenProvider{}
	config.Producer.Return.Successes = true

	config.Net.TLS.Enable = true

	return config
}

func setACL(brokers []string, config *sarama.Config) error {
	config.Admin.Timeout = 5 * time.Minute
	admin, err := sarama.NewClusterAdmin(brokers, config)
	if err != nil {
		return err
	}
	defer admin.Close()

	acls := &sarama.ResourceAcls{
		Resource: sarama.Resource{
			ResourceType:        sarama.AclResourceAny,
			ResourceName:        "*",
			ResourcePatternType: sarama.AclPatternAny,
		},
		Acls: []*sarama.Acl{
			{
				Principal:      "User:cdc",
				Host:           "*",
				Operation:      sarama.AclOperationAny,
				PermissionType: sarama.AclPermissionAllow,
			},
		},
	}

	st := time.Now()
	err = admin.CreateACLs([]*sarama.ResourceAcls{acls})
	fmt.Println("CreateACL took:", time.Since(st))
	if err != nil {
		return fmt.Errorf("create ACL fail: %v", err)
	}

	log.Println("create ACL success")
	return nil
}


setACL(<endpoints>, IamAuth())

the following dependence is used:
"github.com/IBM/sarama"
"github.com/aws/aws-msk-iam-sasl-signer-go/signer"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/xdg-go/scram"

result

Versions

Sarama	Kafka	Go
v1.46.2	msk 3.8.x	1.24.9

Configuration

Logs

logs: CLICK ME

Additional Context

As this SDK creates ACL fail and does not show any err msg. I changes to kafka cli to create ACL and success with the following command

/opt/homebrew/opt/kafka/bin/kafka-acls --bootstrap-server xxx --command-config iam-client.properties --add --allow-principal User:cdc --operation All --topic '*'

[puellanivis]

Nothing in sarama can generate this ErrUnknown. It would have to be coming explicitly from the Kafka server? 🤔 Odd there might be some sort of a subtle incompatibility?

Was this working just previously? 🤔 We have refactored some of the en/de-coding.

[furiousassault]

Good day.
+1 to the issue, downgrade doesn't help so broken for a long time. Could anyone take a look? This stops us from using Sarama in our project, which is grim.

[github-actions]

Thank you for taking the time to raise this issue. However, it has not had any activity on it in the past 90 days and will be closed in 30 days if no updates occur.
Please check if the main branch has already resolved the issue since it was raised. If you believe the issue is still valid and you would like input from the maintainers then please comment to ask for it to be reviewed.