julieops overloading the ldap server via mds #568
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I've noticed that for each POST request being made to the MDS service via MDSApiClient, the MDS service is making an LDAP query for the configured mds user. Every now and again the login fails for the user returning a 401. This results in some objects not being applied and thus a mismatch in the desired state vs actual.
Small portion of the metadata service log:
[2023-04-24 11:16:54,430] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,539] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,647] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,751] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,868] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,976] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,083] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,172] DEBUG Login failed for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,285] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,397] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,506] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,615] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,727] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,818] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,924] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:56,036] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:56,148] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
To Reproduce
Steps to reproduce the behavior:
Set to DEBUG to see user login (MdsLoginService):
log4j.logger.io.confluent.rbacapi=DEBUG, metadataServiceAppender
log4j.additivity.io.confluent.rbacapi=false
Carry out a Julie plan/apply
Observe multiple logins carried out by mds service back to ldap
Expected behavior
Unfortunately I'm not a Java dev so I may be misinterpreting the code but it looks like Julie is sending the basic auth (username and password) as the authorization token for each POST request (in the MDSApiClient) rather than the bearer token obtained via the authenticate() method
Runtime (please complete the following information):
The text was updated successfully, but these errors were encountered: