Closed rh-dford closed 2 years ago
Not sure if this matters but looking at the services created there is a port 9091 but I don't have a listener defined for it.
Today I spun up a new openshift cluster in OpenTLC and ran through the AuthN and AuthZ demos and had the same experience
Today I spun up a new openshift cluster in OpenTLC and ran through the AuthN and AuthZ demos and had the same experience
Thanks Dave. Are those the same versions of amq streams btw? What are the exact versions for both clusters.
The client's version is 1.8.2 of AMQ streams. I already shut down the OpenTLC one so I didn't see what exact version but I think it was 1.8.4 Do you want me to spin up another cluster to get the version? If you wanted to test it out you could spin up an OpenTLC or RHPDS cluster
I guess this had been an issue with the relevant version. I tried out and saw no issues. Sorry for the latency in the response; I am the only contributor for now so🤷♂️
I am using the tutorials and following the TLS AUth using CLI and Simple ACL Authorization using CLI. CLI Version: 0.1.0a59 Strimzi Version: 0.25.0 Kubectl Version: v1.22.0
I set up the cluster with CLI :kfk clusters --create --cluster my-cluster -n kafka I set up the topic: kfk topics --create --topic my-topic --partitions 12 --replication-factor 3 -n kafka -c my-cluster I run console consumer and producer and messages work.
I then alter to add the authorization: kfk clusters --alter --cluster my-cluster -n kafka
I then run the console producer and get the failed authentication error.
I create an user - my-user kfk users --create --user my-user --authentication-type tls -n kafka -c my-cluster
Then I run the get_keys.sh script to create the two files trustore.jks and user.p12 I create the client config file:
I then run the producer and consumer including client.properties file: kfk console-producer --topic my-topic -n kafka -c my-cluster --producer.config client.properties
Messages flow fine.
I then alter the kafka cluster to include authorization type: simple
I then try to run the producer and get the expected errors
I then alter the user: kfk users --alter --user my-user --authorization-type simple --add-acl --resource-type topic --resource-name my-topic -n kafka -c my-cluster
I get the following warning:
Looking at the user via kfk users --describe --user my-user -n kafka -c my-cluster -o yaml
I can see the ACL included.
I then start the producer: kfk console-producer --topic my-topic -n kafka -c my-cluster --producer.config client.properties and when I send a message on the CLI :
When I look at the logs in the kafka cluster pod I see:
So why does my console producer and consumer get authorized but in the authorization the user is ANONYMOUS?