Giters

kafka-ops / julie

A solution to help you build automation and gitops in your Apache Kafka deployments. The Kafka gitops!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

julieops overloading the ldap server via mds

vishghelani opened this issue · comments

commented

Describe the bug
I've noticed that for each POST request being made to the MDS service via MDSApiClient, the MDS service is making an LDAP query for the configured mds user. Every now and again the login fails for the user returning a 401. This results in some objects not being applied and thus a mismatch in the desired state vs actual.

Small portion of the metadata service log:

[2023-04-24 11:16:54,430] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,539] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,647] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,751] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,868] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,976] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,083] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,172] DEBUG Login failed for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,285] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,397] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,506] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,615] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,727] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,818] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,924] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:56,036] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:56,148] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)

To Reproduce
Steps to reproduce the behavior:

  1. Enable debugging on metadata service logs (In/etc/kafka/log4j.properties):

Set to DEBUG to see user login (MdsLoginService):
log4j.logger.io.confluent.rbacapi=DEBUG, metadataServiceAppender
log4j.additivity.io.confluent.rbacapi=false

  1. Carry out a Julie plan/apply

  2. Observe multiple logins carried out by mds service back to ldap

Expected behavior
Unfortunately I'm not a Java dev so I may be misinterpreting the code but it looks like Julie is sending the basic auth (username and password) as the authorization token for each POST request (in the MDSApiClient) rather than the bearer token obtained via the authenticate() method

Runtime (please complete the following information):

  • OS: [RHEL7]
  • Version [purbon/kafka-topology-builder:4.1]