KAFKA-14236; ListGroups request produces too much Denied logs in authorizer (#12652)

Avoid `is Denied Operation` logs when calling ListGroups api, by adding `logIfDenied = false` to `authorize` calls. Reviewers: Jason Gustafson <jason@confluent.io>
2022-09-22 02:42:30 +02:00 · 2022-09-22 02:42:30 +02:00 · cb9557a990
parent 695424fa9d
commit cb9557a990
1 changed files with 2 additions and 2 deletions
--- a/core/src/main/scala/kafka/server/KafkaApis.scala
+++ b/core/src/main/scala/kafka/server/KafkaApis.scala
@ -1635,12 +1635,12 @@ class KafkaApis(val requestChannel: RequestChannel,
        )
    }
    val (error, groups) = groupCoordinator.handleListGroups(states)
-    if (authHelper.authorize(request.context, DESCRIBE, CLUSTER, CLUSTER_NAME))
+    if (authHelper.authorize(request.context, DESCRIBE, CLUSTER, CLUSTER_NAME, logIfDenied = false))
      // With describe cluster access all groups are returned. We keep this alternative for backward compatibility.
      requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
        createResponse(requestThrottleMs, groups, error))
    else {
-      val filteredGroups = groups.filter(group => authHelper.authorize(request.context, DESCRIBE, GROUP, group.groupId))
+      val filteredGroups = groups.filter(group => authHelper.authorize(request.context, DESCRIBE, GROUP, group.groupId, logIfDenied = false))
      requestHelper.sendResponseMaybeThrottle(request, requestThrottleMs =>
        createResponse(requestThrottleMs, filteredGroups, error))
    }