Description of problem

Hi, we are currently running CFK (confluent for kubernetes) with both TLS and RBAC turned on. This means we are using the CRD kind: ConfluentRolebinding to provide users access to the required topics and other resources they require. In relation to a project we are assisting with, one team requires fetching data from an Azure Eventhub, therefore our team proposed using the Azure Eventhub Source Connector to create this dataflow. The issue is however that when we try to start the connector from our Conflunet Control Center (C3), the connector fails and comments the error: Topic Authorization Failed.

After researching the error for a few hours, it seems that the kafka brokers are the ones denying the connector access, and it seems to specifically deny the connector access to the “Configure” operation, while allowing access to other operations such as “Delete”, “Create”, “Resume” and “Pause”. The RBAC currently given to the user trying to start the connector is “ResourceOwner” for the specified topic which should allow the configure operation, but it still fails. Anyone know what the “Configure” operation is for the Azure Eventhub Source Connector or anything related to the required RBAC roles for the Connector?

Images of the issue

The operation the connector attemps, but gets denied by the Kafka Broker:

image1450×55 2.4 KB

The error which occurs in the connect worker when trying to start the connector:

image2452×301 26.9 KB

Found the errors:

1. The self-managed connector requires read access on the topic “_confluent-command” as this topic contains the licensing information
2. The one that submits the connector requires resourceOwner on the name of the connector that is submitted.
   This document contains all information you need to configure RBAC for self-managed confluent connectors: Role-Based Access Control (RBAC) for Kafka Connect | Confluent

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.