In this article, we will explain how to resolve Kafka error while executing ACLs  (Access Control List) commands in multi node Kafka cluster in the Big Data environment.

Here I am trying to give user permission access to Kafka cluster

We have provided read access to new user in Kafka  cluster.

How to give Kafka topics read access for Kafka developers in the Kafka streaming cluster.

kafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:sreekantht --allow-principal --operation Read --topic *

Error: Kafka Error while executing ACL command: expected a string in format

Error while executing ACL command: expected a string in format principalType:principalName but got --operation
java.lang.IllegalArgumentException: expected a string in format principalType:principalName but got --operation
at org.apache.kafka.common.utils.SecurityUtils.parseKafkaPrincipal(SecurityUtils.java:71)
at kafka.admin.AclCommand$.$anonfun$getPrincipals$1(AclCommand.scala:435)
at scala.collection.TraversableLike.$anonfun$map$1(TraversableLike.scala:238)
at scala.collection.Iterator.foreach(Iterator.scala:941)
at scala.collection.Iterator.foreach$(Iterator.scala:941)
at scala.collection.AbstractIterator.foreach(Iterator.scala:1429)
at scala.collection.IterableLike.foreach(IterableLike.scala:74)
at scala.collection.IterableLike.foreach$(IterableLike.scala:73)
at scala.collection.AbstractIterable.foreach(Iterable.scala:56)
at scala.collection.TraversableLike.map(TraversableLike.scala:238)
at scala.collection.TraversableLike.map$(TraversableLike.scala:231)
at scala.collection.AbstractTraversable.map(Traversable.scala:108)
at kafka.admin.AclCommand$.kafka$admin$AclCommand$$getPrincipals(AclCommand.scala:435)
at kafka.admin.AclCommand$.getAcl(AclCommand.scala:390)
at kafka.admin.AclCommand$.getAcl(AclCommand.scala:411)
at kafka.admin.AclCommand$.getCliResourceFilterToAcls(AclCommand.scala:384)
at kafka.admin.AclCommand$.kafka$admin$AclCommand$$getResourceFilterToAcls(AclCommand.scala:335)
at kafka.admin.AclCommand$.kafka$admin$AclCommand$$getResourceToAcls(AclCommand.scala:319)
at kafka.admin.AclCommand$AuthorizerService.addAcls(AclCommand.scala:219)
at kafka.admin.AclCommand$.main(AclCommand.scala:71)
at kafka.admin.AclCommand.main(AclCommand.scala

Solution :

The above error belongs to ACL command string format, here we provided simple solution for that. Run the kafka acls scripts like below command.




Step 1: Go to Kafka bin path then hit the below command.

For Read access :

./kafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:sreekantht --allow-principal --operation Read --topic *

For Write access:

./kafka-acls --authorizer-properties zookeeper.connect=localhost:2181 --add --allow-principal User:sreekantht --allow-principal --operation Write--topic *

Here zookeeper.connect=localhost:2181, Zookeeper connection we gave localhost instead of that will provide your hostname with 2181 port number. Here new user : sreekantht and provide read access for all Kafka topics.




Summary:
The above resolution is very simple to resolve the Kafka alcs issue for read access to new user for all Kafka topics.  Basically, for every cluster we need to give read/write or root access for new users but Kafka cluster we gave access only for Kafka topics with Kakfa ACLs in the Big Data environment.