diff --git a/README.md b/README.md index 9ff8400..ba3bcd2 100644 --- a/README.md +++ b/README.md @@ -110,21 +110,24 @@ This can also be combined with given trust and keystore configuration ###### Example with Schema Registry with HTTPS and Basic Auth -The http**s** and 'sslEnabled' is important if you want to use truststore and/or keystore otherwise those attributes are ignored and now sslContext is provided to Schema Registry client - -you can use only Basic Auth if you SR is only protected with basic auth, you can use only keystore+truststore if your SR is protected with mTLS or you can use both settings in parallel. +The http**s** and 'sslEnabled' is important if you want to use truststore and/or keystore otherwise those attributes are ignored and now sslContext is provided to Schema Registry client. +You can use only Basic Auth if youy SR is only protected with basic auth, you can use Token Auth if your SR is protected with an OAUTH Token, you can use only keystore+truststore if your SR is protected with mTLS or you can use both settings in parallel. +schemaRegistryBasicAuthUserInfo is deprecated since token auth is supported in addition to basic auth. +There is a schemaRegistryAuthMode property with possible values NONE, BASIC or TOKEN and schemaRegistryAuthConfig property with either basic auth credentials or OAuthToken. ``` { - .... - "schemaRegistry": "https://myschemaregistry:8081", - "schemaRegistryBasicAuthUserInfo": ":", - ... - "sslEnabled": true, - "keyStoreLocation": "mykeystore.jks", - "keyStorePassword": "mykeystorepw", - "trustStoreLocation": "mytruststore.jks", - "trustStorePassword": "mykeystorepw" + .... + "schemaRegistry": "https://myschemaregistry:8081", +deprecated-> "schemaRegistryBasicAuthUserInfo": ":", + "schemaRegistryAuthMode": "NONE|BASIC|TOKEN", + "schemaRegistryAuthConfig": ":|:", + ... + "sslEnabled": true, + "keyStoreLocation": "mykeystore.jks", + "keyStorePassword": "mykeystorepw", + "trustStoreLocation": "mytruststore.jks", + "trustStorePassword": "mykeystorepw" } ``` diff --git a/src/main/java/at/esque/kafka/cluster/ClusterConfig.java b/src/main/java/at/esque/kafka/cluster/ClusterConfig.java index e866560..0c259be 100644 --- a/src/main/java/at/esque/kafka/cluster/ClusterConfig.java +++ b/src/main/java/at/esque/kafka/cluster/ClusterConfig.java @@ -15,8 +15,8 @@ public class ClusterConfig { private StringProperty schemaRegistry = new SimpleStringProperty(); private StringProperty schemaRegistryBasicAuthUserInfo = new SimpleStringProperty(); private StringProperty schemaRegistryAuthConfig = new SimpleStringProperty(); - private ListProperty schemaRegistryAuthModes = new SimpleListProperty<>( FXCollections.observableArrayList(Arrays.asList(SchemaRegistryAuthMode.NONE,SchemaRegistryAuthMode.BASIC, SchemaRegistryAuthMode.TOKEN))); - private ObjectProperty schemaRegistryAuthMode = new SimpleObjectProperty<>(); + private ListProperty schemaRegistryAuthModes = new SimpleListProperty<>(FXCollections.observableArrayList(Arrays.asList(SchemaRegistryAuthMode.NONE, SchemaRegistryAuthMode.BASIC, SchemaRegistryAuthMode.TOKEN))); + private ObjectProperty schemaRegistryAuthMode = new SimpleObjectProperty<>(SchemaRegistryAuthMode.NONE); private BooleanProperty schemaRegistryUseSsl = new SimpleBooleanProperty(); private BooleanProperty sslEnabled = new SimpleBooleanProperty(); private BooleanProperty certPathValidationSuppressed = new SimpleBooleanProperty(); @@ -36,17 +36,19 @@ public class ClusterConfig { public ClusterConfig() { } + public enum SchemaRegistryAuthMode { NONE, BASIC, TOKEN } + public ClusterConfig(ClusterConfig existingConfig) { update(existingConfig); } public void update(ClusterConfig existingConfig) { - if(existingConfig != null) { + if (existingConfig != null) { this.setIdentifier(existingConfig.getIdentifier()); this.setBootStrapServers(existingConfig.getBootStrapServers()); this.setSchemaRegistry(existingConfig.getSchemaRegistry()); @@ -128,6 +130,7 @@ public void setSslEnabled(boolean sslEnabled) { public boolean isSchemaRegistrySuppressCertPathValidation() { return certPathValidationSuppressed.get(); } + public BooleanProperty suppressCertPathValidation() { return certPathValidationSuppressed; } @@ -241,19 +244,42 @@ public void setSaslJaasConfig(String saslJaasConfig) { this.saslJaasConfig.set(saslJaasConfig); } + /** + * Deprecated use schemaRegistryAuthConfig instead for basic and token auth + */ + @Deprecated @JsonProperty("schemaRegistryBasicAuthUserInfo") public String getSchemaRegistryBasicAuthUserInfo() { return schemaRegistryBasicAuthUserInfo.get(); } + /** + * Deprecated use schemaRegistryAuthConfig instead for basic and token auth + */ public StringProperty schemaRegistryBasicAuthUserInfoProperty() { return schemaRegistryBasicAuthUserInfo; } + /** + * Deprecated use schemaRegistryAuthConfig instead for basic and token auth + */ public void setSchemaRegistryBasicAuthUserInfo(String schemaRegistryBasicAuthUserInfo) { this.schemaRegistryBasicAuthUserInfo.set(schemaRegistryBasicAuthUserInfo); } + @JsonProperty("schemaRegistryAuthMode") + public SchemaRegistryAuthMode getSchemaRegistryAuthMode() { + return schemaRegistryAuthMode.get(); + } + + public ObjectProperty schemaRegistryAuthModeProperty() { + return schemaRegistryAuthMode; + } + + public void setSchemaRegistryAuthMode(SchemaRegistryAuthMode schemaRegistryAuthMode) { + this.schemaRegistryAuthMode.set(schemaRegistryAuthMode); + } + @JsonProperty("schemaRegistryAuthConfig") public String getSchemaRegistryAuthConfig() { return schemaRegistryAuthConfig.get(); @@ -271,19 +297,6 @@ public ListProperty schemaRegistryAuthModesProperty() { return schemaRegistryAuthModes; } - @JsonProperty("schemaRegistryAuthMode") - public SchemaRegistryAuthMode getSchemaRegistryAuthMode() { - return schemaRegistryAuthMode.get(); - } - - public ObjectProperty schemaRegistryAuthModeProperty() { - return schemaRegistryAuthMode; - } - - public void setSchemaRegistryAuthMode(SchemaRegistryAuthMode schemaRegistryAuthMode) { - this.schemaRegistryAuthMode.set(schemaRegistryAuthMode); - } - @JsonProperty("schemaRegistryUseSsl") public boolean isSchemaRegistryUseSsl() { return schemaRegistryUseSsl.get(); diff --git a/src/main/java/at/esque/kafka/dialogs/ClusterConfigDialog.java b/src/main/java/at/esque/kafka/dialogs/ClusterConfigDialog.java index 95dd4e0..c8845db 100644 --- a/src/main/java/at/esque/kafka/dialogs/ClusterConfigDialog.java +++ b/src/main/java/at/esque/kafka/dialogs/ClusterConfigDialog.java @@ -20,8 +20,8 @@ public class ClusterConfigDialog { public static final String LABEL_IDENTIFIER = "Identifier"; public static final String LABEL_BOOTSTRAP_SERVERS = "Bootstrap-Servers"; public static final String LABEL_SCHEMA_REGISTRY_URL = "Schema Registry URL"; - public static final String LABEL_SCHEMA_REGISTRY_BASIC_AUTH_USER_INFO = "LEGACY -Schema Registry Basic Auth User Info"; - public static final String LABEL_SCHEMA_REGISTRY_AUTH_USER_INFO = "Schema Registry Auth User Info"; + public static final String LABEL_SCHEMA_REGISTRY_BASIC_AUTH_USER_INFO = "<>Schema Registry Basic Auth User Info"; + public static final String LABEL_SCHEMA_REGISTRY_AUTH_USER_INFO = "Schema Registry Auth Info"; public static final String LABEL_SCHEMA_REGISTRY_AUTH_MODE = "Schema Registry Auth Mode"; public static final String LABEL_ENABLE_SSL = "Enable SSL"; public static final String LABEL_KEY_STORE_LOCATION = "Key Store Location"; diff --git a/src/main/java/at/esque/kafka/handlers/ConfigHandler.java b/src/main/java/at/esque/kafka/handlers/ConfigHandler.java index a9dae59..b0a58d7 100644 --- a/src/main/java/at/esque/kafka/handlers/ConfigHandler.java +++ b/src/main/java/at/esque/kafka/handlers/ConfigHandler.java @@ -325,8 +325,8 @@ public Map getSaslProperties(ClusterConfig config) { props.put(SchemaRegistryClientConfig.BASIC_AUTH_CREDENTIALS_SOURCE, "USER_INFO"); props.put(SchemaRegistryClientConfig.CLIENT_NAMESPACE + SchemaRegistryClientConfig.USER_INFO_CONFIG, config.getSchemaRegistryAuthConfig()); }else if (ClusterConfig.SchemaRegistryAuthMode.TOKEN.equals(config.getSchemaRegistryAuthMode())){ - props.put(SchemaRegistryClientConfig.BEARER_AUTH_CREDENTIALS_SOURCE, "USER_INFO"); - props.put(SchemaRegistryClientConfig.CLIENT_NAMESPACE + SchemaRegistryClientConfig.BEARER_AUTH_TOKEN_CONFIG, config.getSchemaRegistryAuthConfig()); + props.put(SchemaRegistryClientConfig.BEARER_AUTH_CREDENTIALS_SOURCE, "STATIC_TOKEN"); + props.put(SchemaRegistryClientConfig.BEARER_AUTH_TOKEN_CONFIG, config.getSchemaRegistryAuthConfig()); } return props;