Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: incorrect SR authorization message is displayed #3186

Merged
merged 3 commits into from
Aug 8, 2019
Merged

fix: incorrect SR authorization message is displayed #3186

merged 3 commits into from
Aug 8, 2019

Conversation

spena
Copy link
Member

@spena spena commented Aug 7, 2019

Description

Fixes a few error messages caused by SchemaRegistry authorization errors.
For instance, this error was displayed when attempting to create an AVRO stream without SR schem access:

ksql> create stream avro with (kafka_topic='avro', value_format='avro');
Schema registry fetch for topic avro request failed.
Caused by: Unrecognized token 'User': was expecting ('true', 'false' or 'null')

	at [Source: (sun.net.www.protocol.http.HttpURLConnection$HttpInputStream); line:
	1, column: 6]; error code: 50005

The new fixed error just adds a new line at the end of an old SR access error. In a secured SR environment, SR returns an authorization error even if the Subject does not exist.

ksql> create stream avro with (kafka_topic='avro', value_format='avro');
Avro schema for message values on topic avro does not exist or you do not have permissions in the Schema Registry.Subject: avro-value
Possible causes include:
- The topic itself does not exist	-> Use SHOW TOPICS; to check
- Messages on the topic are not Avro serialized	-> Use PRINT 'avro' FROM BEGINNING; to verify
- Messages on the topic have not been serialized using the Confluent Schema Registry Avro serializer	-> See https://docs.confluent.io/current/schema-registry/docs/serializer-formatter.html
- The schema is registered on a different instance of the Schema Registry	-> Use the REST API to list available subjects	https://docs.confluent.io/current/schema-registry/docs/api.html#get--subjects
- You do not have permissions to access the Schema Registry.Subject: avro-value	-> See https://docs.confluent.io/current/schema-registry/docs/security.html

Same error fix when attempting to insert data:

ksql> insert into avro(id) values(1);
Failed to insert values into stream/table: AVRO
Caused by: Not authorized to write Schema Registry subject: [avro-value]

This is similar to the current authorization error thrown by Kafka:

ksql> insert into avro(id) values(1);
Failed to insert values into stream/table: AVRO
Caused by: Not authorized to access topics: [avro]

Testing done

Manual verification.

Reviewer checklist

  • Ensure docs are updated if necessary. (eg. if a user visible feature is being added or changed).
  • Ensure relevant issues are linked (description should include text like "Fixes #")

@spena spena added this to the 5.4 milestone Aug 7, 2019
@spena spena requested a review from a team August 7, 2019 21:38
@spena spena self-assigned this Aug 7, 2019
agavra
agavra approved these changes Aug 7, 2019
View reviewed changes
Copy link
Contributor

@agavra agavra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

ksql-engine/src/main/java/io/confluent/ksql/engine/InsertValuesExecutor.java Outdated
topicName + KsqlConstants.SCHEMA_REGISTRY_VALUE_SUFFIX
));
default:
throw new KsqlException("Could not serialize row: " + row, e);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
throw new KsqlException("Could not serialize row: " + row, e);
break;

@agavra agavra requested a review from a team August 7, 2019 22:05
@spena spena force-pushed the fix_sr_auth_error_message branch from 831d3a6 to 0e851a5 Compare August 8, 2019 14:58
@spena spena merged commit b3b6c82 into confluentinc:master Aug 8, 2019
@spena spena deleted the fix_sr_auth_error_message branch August 8, 2019 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agavra agavra agavra approved these changes

Assignees

@spena spena

Labels
bug user-experience
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.
2 participants
@spena @agavra