I’m experiencing issues when setting ACLs for my users in Kafka 2.7.0. Specifically, the kafka-acls.sh command fails when using operations that contain underscores. However, similar commands for operations without underscores seem to work correctly.
Here’s an example of a working command with an operation without an underscore:
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --deny-principal User:kafkaConsole --cluster --operation ALTER
Adding ACLs for resource `ResourcePattern(resourceType=CLUSTER, name=kafka-cluster, patternType=LITERAL)`:
(principal=User:kafkaConsole, host=*, operation=ALTER, permissionType=DENY)
Current ACLs for resource `ResourcePattern(resourceType=CLUSTER, name=kafka-cluster, patternType=LITERAL)`:
(principal=User:kafkaConsole, host=*, operation=ALTER, permissionType=DENY)
kafka-acls.sh --authorizer-properties zookeeper.connect=localhost:2181 --add --deny-principal User:kafkaConsole --cluster --operation ALTER_CONFIGS
ResourceType TOPIC only supports operations ALTER_CONFIGS, DESCRIBE_CONFIGS, DESCRIBE, WRITE, ALL, DELETE, CREATE, ALTER, READ
I tried to set ACLs using the kafka-acls.sh command for both operations with and without underscores. For operations without underscores (e.g., ALTER), the command executed successfully and the ACL was correctly applied. However, for operations with underscores (e.g., ALTER_CONFIGS), the command failed with an error indicating that the operation is not supported. I expected the command to work similarly for both types of operations, as ALTER_CONFIGS is listed as a valid operation in the documentation.
if we just use two part commands without underscore like ALTERCONFIG or other operations without their underscore it will work correctly.