Symptoms
When executing operations with a Java client connected to Event Streams, the client fails with an error similar to the following message:
[err] [kafka-producer-network-thread | my-client-id] ERROR org.apache.kafka.clients.producer.internals.Sender - [Producer clientId=my-client-id] Aborting producer batches due to fatal error
[err] org.apache.kafka.common.errors.ClusterAuthorizationException: Cluster authorization failed.
Similar messages might also be displayed when using clients written in other languages such as NodeJS.
Causes
The KafkaUser does not have the authorization to perform one of the operations:
- If there is an authorization error with a
topicresource, then aTOPIC_AUTHORIZATION_FAILED (error code: 29)will be returned. - If there is an authorization error with a
groupresource, then aGROUP_AUTHORIZATION_FAILED (error code: 30)will be returned. - If there is an authorization error with a
clusterresource, then aCLUSTER_AUTHORIZATION_FAILED (error code: 31)will be returned. - If there is an authorization error with a
transactionalIdresource, then aTRANSACTIONAL_ID_AUTHORIZATION_FAILED (error code: 32)will be returned.
In Java, the errors are thrown in the format <resource>AuthorizationException. Other clients might return the error directly or translate it into an error with a similar name.
Resolving the problem
Ensure the KafkaUser has the required permissions as described in managing access.