julieops overloading the ldap server via mds #568
Description
Describe the bug
I've noticed that for each POST request being made to the MDS service via MDSApiClient, the MDS service is making an LDAP query for the configured mds user. Every now and again the login fails for the user returning a 401. This results in some objects not being applied and thus a mismatch in the desired state vs actual.
Small portion of the metadata service log:
[2023-04-24 11:16:54,430] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,539] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,647] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,751] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,868] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:54,976] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,083] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,172] DEBUG Login failed for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,285] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,397] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,506] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,615] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,727] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,818] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:55,924] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:56,036] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
[2023-04-24 11:16:56,148] DEBUG Login succeeded for user1 (io.confluent.rbacapi.login.MdsLoginService)
To Reproduce
Steps to reproduce the behavior:
- Enable debugging on metadata service logs (In/etc/kafka/log4j.properties):
Set to DEBUG to see user login (MdsLoginService):
log4j.logger.io.confluent.rbacapi=DEBUG, metadataServiceAppender
log4j.additivity.io.confluent.rbacapi=false
-
Carry out a Julie plan/apply
-
Observe multiple logins carried out by mds service back to ldap
Expected behavior
Unfortunately I'm not a Java dev so I may be misinterpreting the code but it looks like Julie is sending the basic auth (username and password) as the authorization token for each POST request (in the MDSApiClient) rather than the bearer token obtained via the authenticate() method
Runtime (please complete the following information):
- OS: [RHEL7]
- Version [purbon/kafka-topology-builder:4.1]