New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KAFKA-15053: Use case insensitive validator for security.protocol config #13831
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For consistency, we should allow case insensitive option at all configuration places for security protocol. e.g. at AdminClientConfig at
kafka/clients/src/main/java/org/apache/kafka/clients/admin/AdminClientConfig.java
Line 226 in 7eea2a3
in(Utils.enumOptions(SecurityProtocol.class)), |
We should also change the documentation to make it clear that this configuration is case insensitive.
streams/src/main/java/org/apache/kafka/streams/StreamsConfig.java
Outdated
Show resolved
Hide resolved
Updated other places by comparing with the original PR, please help to take another look. Thanks! Also, what's the common process to update the documentation? |
As part of this PR, please modify the documentation at: Line 69 in 044d058
|
@divijvaidya Added the doc changes, do you mind taking another look? Also, are we able to include this change to the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a minor nit. Yes, I will backport it to 3.3, 3.4 and 3.5 branches. This will be released with any new patch version release (if any) that we perform for these versions.
Also, we require a change at https://kafka.apache.org/documentation.html#adminclientconfigs_security.protocol, https://kafka.apache.org/documentation.html#brokerconfigs_security.inter.broker.protocol,
https://kafka.apache.org/documentation.html#streamsconfigs_security.protocol and all other configs that you have changed in this file. The change could mention case sensitivity similar to https://kafka.apache.org/documentation.html#connectconfigs_exactly.once.source.support
docs/security.html
Outdated
@@ -72,6 +72,10 @@ <h3 class="anchor-heading"><a id="listener_configuration" class="anchor-link"></ | |||
<li>SSL</li> | |||
<li>SASL_PLAINTEXT</li> | |||
<li>SASL_SSL</li> | |||
<li>plaintext</li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of adding all values, please consider the following:
Possible options (case insensitive) for the security protocol are given below:
@divijvaidya we have logic to automatically generate these docs and populate our docs page with them during release; see here and here. I don't think we need to do anything beyond what's present in this PR to ensure that the docs are updated in the next release. The case-insensitive validator will also automatically note that the accepted values are case insensitive (which is what's done for the |
No additional comments from me! Agree with the suggested change to the |
Thanks @divijvaidya , I've updated the security doc, could you help take another look? Also, it seems that my previous CI build failed with error |
@bogao007 you can click on the "tests" tab on the top right to see the test failures. In the latest run(number 7) all test failures are unrelated and known to be flaky.
|
Merged to trunk. I am backporting this to 3.3, 3.4 and 3.5 branches. Will update the JIRA when backport is complete. |
…fig (#13831) Fixed a regression described in KAFKA-15053 that security.protocol only allows uppercase values like PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL. With this fix, both lower case and upper case values will be supported (e.g. PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL, plaintext, ssl, sasl_plaintext, sasl_ssl) Reviewers: Chris Egerton <chrise@aiven.io>, Divij Vaidya <diviv@amazon.com>
…fig (#13831) Fixed a regression described in KAFKA-15053 that security.protocol only allows uppercase values like PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL. With this fix, both lower case and upper case values will be supported (e.g. PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL, plaintext, ssl, sasl_plaintext, sasl_ssl) Reviewers: Chris Egerton <chrise@aiven.io>, Divij Vaidya <diviv@amazon.com>
…fig (#13831) Fixed a regression described in KAFKA-15053 that security.protocol only allows uppercase values like PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL. With this fix, both lower case and upper case values will be supported (e.g. PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL, plaintext, ssl, sasl_plaintext, sasl_ssl) Reviewers: Chris Egerton <chrise@aiven.io>, Divij Vaidya <diviv@amazon.com>
Thanks @divijvaidya! |
Fixed a regression described in KAFKA-15053 that security.protocol only allows uppercase values like PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL. With this fix, both lower case and upper case values will be supported (e.g. PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL, plaintext, ssl, sasl_plaintext, sasl_ssl)
Added new unit test to cover the case insensitive test case.
Committer Checklist (excluded from commit message)