devshawn / kafka-gitops

🚀Manage Apache Kafka topics and generate ACLs through a desired state file.
https://devshawn.github.io/kafka-gitops
Apache License 2.0
320 stars 71 forks source link

Feature request: possibility to manage topics only #51

Closed mhbrk closed 3 years ago

mhbrk commented 3 years ago

Hi, It's a great tool. It would be nice to have possibility to manage only kafka topics, without ACLs.

When I tried to plan config file with topics configuration I get this error:

[ERROR] Error thrown when attempting to list Kafka ACLs: org.apache.kafka.common.errors.SecurityDisabledException: No Authorizer is configured on the broker [ERROR] An error has occurred during the planning process. No plan was created.

devshawn commented 3 years ago

Hmm, I will take a look into this. I've used it on clusters for only topic management but never had this exception come up.

Cinetik commented 3 years ago

This PR quickly fixes it. I noticed that if you have security enabled, you won't be able to list ACLs using bootstrap servers. However another possibility would be to add a way to connect using Zookeeper and therefore not have this security error. this works like be using the authorizer-properties and giving zookeeper host e.g. $ /usr/local/bin/kafka-acls --list --authorizer-properties zookeeper.connect=zookeeper:2181

jrevillard commented 3 years ago

Hi @Cinetik I think this depends on the Kafka version that you use. At least it's possible now because I do it actually. ie:

kafka-acls --command-config /etc/kafka/secrets/ssl.properties --bootstrap-server server1:6667 --list

Best, Jerome

Cinetik commented 3 years ago

@jrevillard I don't know your version but I'm on 2.6.0

jrevillard commented 3 years ago

I'm using kafka packaged by confluent (6.0.X) so 2.6.X also.

Cinetik commented 3 years ago

Sadly still doesn't fix the problem that kafka-gitops will fail without any of those :/

Cinetik commented 3 years ago

This PR quickly fixes it. I noticed that if you have security enabled, you won't be able to list ACLs using bootstrap servers. However another possibility would be to add a way to connect using Zookeeper and therefore not have this security error. this works like be using the authorizer-properties and giving zookeeper host e.g. $ /usr/local/bin/kafka-acls --list --authorizer-properties zookeeper.connect=zookeeper:2181

Actually closed the PR as it would remove the delete feature.

devshawn commented 3 years ago

Released in 0.2.14! Thanks @Cinetik!