I'm using CDH 5.11.2. It has sentry enabled kafka and we would like to use wildcards in topic names which is not available as per the documentation.Do we have any workaround for this?
Unfortunatelly there is no workaround.
We have to wait for
Which will help us to solve this issue.
Great news. I came across the following which is very helpfull to me and thought I should share it.
In few words, Cloudera Kafka 3 supports wildcard in TOPIC and CONSUMERGROUPS with CDH 5.14.1.
@RajeshBodollaunfortunatelly you are correct and I have realized the hard way.
I have upgraded the CDH during the previous week and this week I was trying to configure some wildcard topics only to find out that this is not possible.
When I wrote the previous post, it was clearly mentioned in the release notes, that is supported. I had copied this part which was saying:
* Wildcard usage for Kafka-Sentry components You can specify an asterisk (*) in a Kafa-Sentry command for the TOPIC component of a privilege to refer to any topic in the privilege. Supported with CDH 5.14.1. You can also use an asterisk (*) in a Kafka-Sentry command for the CONSUMERGROUPS component of a privilege to refer to any consumer groups in the privilege. This is useful when used with Spark Streaming, where a generated group.id may be needed. Supported with CDH 5.14.1.
Now, this part is gone from the documentation.
I apologize that I have not tested it before.
But as you can see in http://archive.cloudera.com/cdh5/cdh/5/sentry-1.5.1-cdh5.14.2.CHANGES.txt it is still mentioned as commited:
commit e9efe1b3b38912af8799d37a67679295d98ebe63 Author: amishra <email@example.com> Date: Thu Feb 8 15:16:15 2018 +0530 CDH-57131 CDH-61471: Add consumergroup and topic wildcard for Kafka privilege validation Change-Id: I19cc4b8b047eac668721e85131287f56b6f66fcd Reviewed-on: http://gerrit.sjc.cloudera.com:8080/30142 Tested-by: Jenkins User Reviewed-by: Viktor Somogyi <firstname.lastname@example.org> Reviewed-by: Sergio Pena <email@example.com>
My case is worst, we have upgraded 5 clusters to 5.14.2 in hope of having this feature but its gone!!!! the bug is fixed as per cloudera but is not available in any version yet. The targeted release for this is 5.15.x and CDK3.1.0 .
Just to add to it, you will be able to use * to allow access to all consumer groups and/or topics but you won't be able use the wildcard to specify a subset of either e.g. test_* .