Strimzi
TOPIC_AUTHORIZATION_FAILED #9299
supermom5280
started this conversation in
General
Replies: 1 comment
-
|
You should check the broker logs and that will tell you exactly what rights ou are missing. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Using mTLS, Strimzi 36, Java 17, Kafka 3.5
kafka-user.yml
metadata:
name: myuser
labels:
strimzi.io/cluster: mycluster
authentication:
type: tls-external
authorization:
type: simple
acls:
-resource:
topic:
name: testExternal
patternType: literal
operations:
- Read
- Describe
- Write
- Create
host: *
for give any mistypings ... The mutual SSL is authenticating perfectly but I get an TOPIC_AUTHORIZATION_FAILED (this is a Producer) when I try to put the message on the topic . When I look into the broker logs I see the user as part of the ACLS for the topic ... the certificate CN= spelled exactly the same way as the user file there are additional pieces in the DN of the cert like OU, O, L, ST, C that are set ... In the strimzi user cert only the CN is set ... does the whole DN need to be the name in the kafka-user.yml?
Beta Was this translation helpful? Give feedback.
All reactions