AWS MSK公共集群用SASL/SCRAM确保
我配置了一个具有公共访问权限的AWS MSK群集。我通过Secrets Manager创建了一个AWS Secret,并将其分配给集群。
基于这个秘密,我设法向MSK发布了消息(我认为)。但是,当我尝试阅读主题中的消息时,我会发现未经授权的错误。
我跟随 this 我最终发布了使用以下设置:
user_jaas.conf
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="<username>"
password="<password>";
};
config.properties
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-512
export kafka_opts = -djava.security.auth.login.config =/ 。
./kafka-console-consumer.sh --bootstrap-server <urls> --topic <topicName> --from-beginning --consumer.config client.properties
[2022-06-21 13:34:17,566]警告[消费者clientId =消费者 - 消费者 - 消费者 - 消费者-13840-1,groupId = consumid = consumer-consumer-13840]错误,同时使用相关ID 2:{users = topic_authorization_failed}(org.apache.kafka.clients.networkclient) [2022-06-21 13:34:17,568]错误[消费者clientId =消费者 - console-consumer-13840-1,groupId = console-consumer-13840]主题授权失败了主题[topicname](topicname](org.apache.kafka)。 clients.metadata) [2022-06-21 13:34:17,571]错误处理消息,终止消费者流程:( kafka.tools.consoleconsumer $) org.apache.kafka.common.errors.topicauthorization exception:无授权访问主题:[topic name] 总共处理了0个消息
我错过了文档的重要方面?
I configured an AWS MSK cluster with public access. I created an AWS Secret via Secrets Manager and assigned it to the cluster.
Based on that secret, I managed to publish messages to MSK (I think). However, when I try to read messages from the topic, I get unauthorized errors.
I followed this documentation page, and I ended up with the following settings:
user_jaas.conf
KafkaClient {
org.apache.kafka.common.security.scram.ScramLoginModule required
username="<username>"
password="<password>";
};
config.properties
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-512
export KAFKA_OPTS=-Djava.security.auth.login.config=/home/ec2-user/user_jaas.conf
Then, I'm using the consumer shell script as follows:
./kafka-console-consumer.sh --bootstrap-server <urls> --topic <topicName> --from-beginning --consumer.config client.properties
And I'm getting the following error:
[2022-06-21 13:34:17,566] WARN [Consumer clientId=consumer-console-consumer-13840-1, groupId=console-consumer-13840] Error while fetching metadata with correlation id 2 : {users=TOPIC_AUTHORIZATION_FAILED} (org.apache.kafka.clients.NetworkClient)
[2022-06-21 13:34:17,568] ERROR [Consumer clientId=consumer-console-consumer-13840-1, groupId=console-consumer-13840] Topic authorization failed for topics [topicName] (org.apache.kafka.clients.Metadata)
[2022-06-21 13:34:17,571] ERROR Error processing message, terminating consumer process: (kafka.tools.ConsoleConsumer$)
org.apache.kafka.common.errors.TopicAuthorizationException: Not authorized to access topics: [topicName]
Processed a total of 0 messages
Am I missing an important aspect of the documentation?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要创建ACL才能从此主题中阅读。
请记住,为了做到这一点,由于AWS MSK的限制,您应该向Zookkeeper解决。
例如:
You need to create acls to read from this topic.
Keep in mind that in order to do that you should Address to the zookkeeper due to limitations in aws msk.
For example: