Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does it support ACL #7

Closed
cfontes opened this issue Mar 22, 2019 · 5 comments
Closed

Does it support ACL #7

cfontes opened this issue Mar 22, 2019 · 5 comments
Labels
enhancement New feature or request

Comments

@cfontes
Copy link

cfontes commented Mar 22, 2019
edited
Loading

Hello,

first this looks great, thanks for it.

Second, is there a way to add support for Kafka's ACL on the consumer and producer commands ( all would be great too ) in the config file or somewhere we don't need to retype?

Cheers
@cfontes cfontes added the enhancement New feature or request label Mar 22, 2019
@devshawn
Copy link
Owner

Hey @cfontes -- thank you very much!!

So, what support are you looking for? Can you give an example of the stuff you would like to skip typing on kafka-acls? I don't use that command much so I'm fairly unaware of the things that you have to repeatedly type. We can definitely add what you're looking for, though! 😄

@cfontes
Copy link
Author

cfontes commented Mar 25, 2019

Hey @devshawn, basically when you are using kafka-console-consumer or producer in a topic with ACL on it you have to do this:

--consumer-property sasl.mechanism=PLAIN
--consumer-property security.protocol=SASL_SSL
--consumer-property ssl.truststore.location= ....
--consumer-property ssl.truststore.password= .....
--consumer-property ssl.enabled.protocols=TLSv1.2
--consumer-property ssl.cipher.suites=TLS_ECDHE_ECDSA_WITH_AES_256 ....
--consumer-property ssl.truststore.type=JKS
--consumer-property ssl.secure.random.implementation=........
--consumer-property ssl.endpoint.identification.algorithm="" \

But this is not available in all kafka shell commands, so there is also a way to setup a file that you import before running the kafka shell scripts so ACL kicks in and you can talk to the cluster.

@devshawn
Copy link
Owner

Hey @cfontes! Ah, yes! So, right now, kafka-console-consumer and kafka-console-producer (and the avro variants) can take the properties file as a part of the configuration of kafka-shell.

If you put those properties in a properties file, such as config.properties:

security.protocol=SASL_SSL
ssl.enabled.protocols=TLSv1.2 
ssl.truststore.type=JKS

You can then set up your kafka-shell config (in ~/.kafka-shell/config.yaml) to look like this:

...
clusters:
  my-cluster:
    bootstrap_servers: localhost:9092
    zookeeper_connect: localhost:2181
    schema_registry_url: http://localhost:8081
    ksql_server_url: http://localhost:8081
    consumer_settings:
      config: config.properties
    producer_settings:
      config: config.properties

Then, it will automatically add --consumer.config and --producer.config when you use the consumer/producer commands. This is detailed a bit more in CONFIGURATION.md. Note that the paths given above would be relative so wherever you started the shell, so you may want to configure them as absolute paths. Is that what you're looking for? :)

In the next release, I'm planning to add the ability to configure the --command-config (which takes a similar properties file, used in commands like kafka-acls).

@cfontes
Copy link
Author

cfontes commented Mar 25, 2019

Hey, great, RTFM right...

I will give it a try!

@devshawn
Copy link
Owner

Let me know how it goes!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cfontes @devshawn