Skip to content

ACCESS_DENIED when accessing the message in __kui-audit-log with an admin role. #856

New issue
New issue
Closed as not planned
Closed as not planned
ACCESS_DENIED when accessing the message in __kui-audit-log with an admin role.#856
Labels
status/duplicateThis issue or pull request already existsstatus/triage/completedAutomatic triage completedtype/bugSomething isn't working
@uncelvel

Description

@uncelvel
uncelvel
opened on Feb 22, 2025

Issue submitter TODO list

  • I've looked up my issue in FAQ
  • I've searched for an already existing issues here
  • I've tried running main-labeled docker image and the issue still persists there
  • I'm running a supported version of the application which is listed here

Describe the bug (actual behavior)

Environemt

  • Kafka : 2.5.0 (Commit:66563e712b0b9f84)
  • KafbatUI: v1.1.0 (Commit:4cf17a0)
  • LDAP authen

Current config KUI

kafka:
  clusters:
  - name: kafka-testing
    bootstrapServers: 10.10.10.1:9092,10.10.10.3:9092,10.10.10.3:9092
    kafkaConnect: []
    masking: []
    properties: {}
    serde: []
    audit:
      topic-audit-enabled: true
      console-audit-enabled: true
      topic: '__kui-audit-log' # default name
      audit-topics-partitions: 1 # how many partitions, default is 1
      level: all # either ALL or ALTER_ONLY (default). ALL will log all read operations.

rbac:
  roles:
    - name: "admins"
      clusters:
        - kafka-testing
      subjects:
        - provider: ldap
          type: user
          value: "admin01"
      permissions:
        - resource: applicationconfig
          actions: all
        - resource: clusterconfig
          actions: all
        - resource: topic
          value: ".*"
          actions: all
        - resource: consumer
          value: ".*"
          actions: all
        - resource: schema
          value: ".*"
          actions: all
        - resource: connect
          value: ".*"
          actions: all
        - resource: ksql
          actions: all
        - resource: acl
          actions: [ view ]

Isssue

403 code when view message on __kui-audit-log

Image

The ACCESS_DENIED log keeps appearing every second, even when I switch to another page.
It only stops when I refresh the page.

{"timestamp":"2025-02-22T09:02:35.659586234Z","username":"admin01","clusterName":"kafka-testing","resources":[{"type":"TOPIC","id":"__kui-audit-log","alter":false,"accessType":["MESSAGES_READ"]},{"type":"AUDIT","alter":false,"accessType":["VIEW"]}],"operation":"getTopicMessages","result":{"success":false,"error":"ACCESS_DENIED"}}

Expected behavior

Admin can be read message of topic __kui-audit-log

Your installation details

Kafka : 2.5.0 (Commit:66563e712b0b9f84)
KafbatUI: v1.1.0 (Commit:4cf17a0)
LDAP authen

Steps to reproduce

Just enable audit logs and view message on __kui-audit-log with admin role

Screenshots

Attach in body

Logs

Attach in body

Additional context

Attach in body

Metadata

Metadata

Assignees

No one assigned

    Labels

    status/duplicateThis issue or pull request already existsstatus/triage/completedAutomatic triage completedtype/bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions