ACLFilter broken after updating from 2.2.10 to 2.3

[novegit]

I am using this function, to check if the application has write permission to different "consumer" topics. Write access to consumer topics is granted by adding the "logging certificate" to topic ACL on the kafka cluster. The same "logging certificate" is used by the python app to create an KafkaConsumer and KafkaAdminClient instance, in the init function of the python class.

    def _check_kafka_acl_permission(self, topic):
        """
           check, if we have WRITE Permission for topic with our kafka principal
           kafka principal: self.config['kafka_principal']

        :param topic   kafka topic name
        :return: True | False
        """

        # if write check disabled, always return True
        if not self.conf['kafka_acl_write_check']:
            return True

        topic_filter = ACLFilter(principal=self.conf['kafka_principal'],
                                 host='*',
                                 operation=ACLOperation.WRITE,
                                 permission_type=ACLPermissionType.ALLOW,
                                 resource_pattern=ResourcePattern(resource_type=ResourceType.TOPIC,
                                                                  resource_name=topic))
        try:
            acl_result = self.k_admin.describe_acls(topic_filter)
            self.log.debug(f"{topic} acl result: {acl_result}")
        except Exception as e:
            self.log.warning(f" couldn't get acls for topic {topic} - {e}")
            return False
       ....

It worked for years as expected, latest (working) version was 2.2.10. After rebuilding the application image (rhel9/python3.9.20) with only updating python-kafka to 2.3, the function is broken.
log output with version 2.3:

_check_kafka_acl_permission|Thread-1 (__background_updater)|WARN|20251217-14:30:31|  couldn't get acls for topic abc1_topic - KafkaConnectionError: Connection to 302 failed.
_check_kafka_acl_permission|Thread-1 (__background_updater)|WARN|20251217-14:30:31|  couldn't get acls for topic abc1_topic - KafkaConnectionError: Connection to 301 failed.
_check_kafka_acl_permission|Thread-1 (__background_updater)|WARN|20251217-14:30:31|  couldn't get acls for topic test2_topic - KafkaConnectionError: Connection to 301 failed.
_check_kafka_acl_permission|Thread-1 (__background_updater)|WARN|20251217-14:30:31|  couldn't get acls for topic test2_topic - KafkaConnectionError: Connection to 202 failed.

[dpkp]

The errors reported are connection errors ("Connection to 302 failed."). Can you checked the kafka logs to see what is causing connections to fail?

[novegit]

I dont have a chance to get the kafka logs. Its hosted in another country.

[novegit]

the connection is initialized with this:

 self.k_admin = KafkaAdminClient(bootstrap_servers=self.conf['kafka_url'],
                                                        security_protocol=self.security_proto,
                                                        ssl_check_hostname=True,
                                                        ssl_cafile=self.conf['kafka_ca'],
                                                        ssl_certfile=self.conf['kafka_cert'],
                                                        ssl_keyfile=self.conf['kafka_key'])

with:
self.security_proto="SSL"