Closed vperi1730 closed 4 years ago
The strimzi.properties
file in /tmp
is only a temporary file used to start the broker and for nothing else. If you wanna manage the ACLs, you can do it either using the User Operator and KafkaUser resources. Or you can do it your self using kafka-acls.sh
. In that case you should disable the User Operator and use the Kafka listeners as you would from any other application to for example consume or produce messages.
All - I have a question on the strimzi.properties file as part of the Kafka ACL authorization use case.
As part of super. users property if I am trying to add localhost and root as one of the SU, will these changes automatically get applied to all the Kafka broker nodes. I have attempted it for adding a new user and I see ClusterAuthorizationException as below.
User Addition Command: ./bin/kafka-acls.sh \ --bootstrap-server ip:port \ --add \ --allow-principal User:CN=producer \ --operation Write \ --topic '*' \ --command-config /tmp/root.properties
Error: org.apache.kafka.common.errors.ClusterAuthorizationException: Request Request(processor=0, connectionId=127.0.0.1:9093-127.0.0.1:62402-0, session=Session(User:CN=localhost,/127.0.0.1), listenerName=ListenerName(SSL), securityProtocol=SSL, buffer=null) is not authorized.