Description

When security.protocol: SASL_SSL is configured on the admin client and invalid credentials are provided, topic creation fails as expected. However, the error that is raised is a KafkaError._TIMED_OUT error which obscures the actual reason for the failure. When this happens librdkafka logs such as the example below appear, so it seems like this error case is just not surfaced to be handled in the client.
%3|1613163735.743|FAIL|8-admin-db7f224adc1948dca45fd45742f965f5#producer-1| [thrd:sasl_ssl://pkc-4nym6.us-east-1.aws.confluent.cloud:9092/bootstr]: sasl_ssl://pkc-4nym6.us-east-1.aws.confluent.cloud:9092/bootstrap: SASL authentication error: Authentication failed (after 1157ms in state AUTH_REQ, 1 identical error(s) suppressed).

How to reproduce

Pass security.protocol: SASL_SSL, sasl.username: {username} and sasl.password: {invalid_password} to the admin client as configuration values. Attempt to create a new topic and handle the error raised in future.exception() from the return value of create_topics().

Checklist

Please provide the following information:

• confluent-kafka-python and librdkafka version: confluent-kafka-python version 1.6.0
• Apache Kafka broker version: docker image- confluentinc/cp-kafka:6.1.0
• Client configuration: { security.protocol: SASL_SSL sasl.mechanisms: PLAIN sasl.username: sasl.username sasl.password: sasl.password}
• Operating system: MacOS 11.2 (however both clients and brokers are running in Docker)
• Provide client logs (with 'debug': '..' as necessary)
• Provide broker log excerpts
• [] Critical issue