When producing Avro messages through Karapace REST Proxy with name_strategy_validation=true, schema-to-subject validation can be bypassed in a real user flow.
If I first produce to topic A using a schema (so the proxy has already resolved that schema), then produce to topic B with the same schema, the second produce can succeed even though topic B has no corresponding subject in Schema Registry and should be rejected.
Expected behavior: with name_strategy_validation=true, producing to topic B should fail unless the schema is registered under topic B’s subject.
Actual behavior: after a prior successful produce on another topic, producing to topic B may still succeed, which looks like a cache-related validation gap.
Example
Schema Registry ACL: the REST user can register subjects only for topic.v1.
The request body is the same in all three cases:
{
"key_schema": "\"string\"",
"value_schema": "..."
"records": [...]
POST http://localhost:8082/topics/topic.v2 -> Error
{
"error_code": 40801,
"message": "Error when registering schema.format = AVRO, subject = topic.v2-value"
}
POST http://localhost:8082/topics/topic.v1 -> Success
{
"key_schema_id": 1,
"offsets": [
{
"offset": 5,
"partition": 0
}
],
"value_schema_id": 2
}
POST http://localhost:8082/topics/topic.v2 -> Unexpected success (should have failed)
{
"key_schema_id": 1,
"offsets": [
{
"offset": 3,
"partition": 0
}
],
"value_schema_id": 2
}Also:
curl -u admin:pass localhost:8081/subjects
["topic.v1-key","topic.v1-value"]
So no new subjects were registered.
When producing Avro messages through Karapace REST Proxy with
name_strategy_validation=true, schema-to-subject validation can be bypassed in a real user flow.If I first produce to topic A using a schema (so the proxy has already resolved that schema), then produce to topic B with the same schema, the second produce can succeed even though topic B has no corresponding subject in Schema Registry and should be rejected.
Expected behavior: with
name_strategy_validation=true, producing to topic B should fail unless the schema is registered under topic B’s subject.Actual behavior: after a prior successful produce on another topic, producing to topic B may still succeed, which looks like a cache-related validation gap.
Example
Schema Registry ACL: the REST user can register subjects only for
topic.v1.The request body is the same in all three cases:
{ "key_schema": "\"string\"", "value_schema": "..." "records": [...]POST http://localhost:8082/topics/topic.v2-> Error{ "error_code": 40801, "message": "Error when registering schema.format = AVRO, subject = topic.v2-value" }POST http://localhost:8082/topics/topic.v1-> Success{ "key_schema_id": 1, "offsets": [ { "offset": 5, "partition": 0 } ], "value_schema_id": 2 }POST http://localhost:8082/topics/topic.v2-> Unexpected success (should have failed){ "key_schema_id": 1, "offsets": [ { "offset": 3, "partition": 0 } ], "value_schema_id": 2 }Also:
So no new subjects were registered.