New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Authentication #17
Comments
I would love to see this! |
Same, same :) So far, no one has found the bandwidth for implementing it. It'd be a very valuable contribution. |
I'm taking this up as time permits.
Fwiw, I'm not a Java dev, so will likely want someone more experienced to look it over closely.
Sent from ProtonMail mobile
…-------- Original Message --------
On Sep 4, 2021, 1:31 PM, Gunnar Morling wrote:
Same, same :) So far, no one has found the bandwidth for implementing it. It'd be a very valuable contribution.
—
You are receiving this because you commented.
Reply to this email directly, [view it on GitHub](#17 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AMHHZOTMDNFK23ZFS2N6AVTUAJJXFANCNFSM5APMFIAQ).
Triage notifications on the go with GitHub Mobile for [iOS](https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675) or [Android](https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub).
|
No worries, I'm sure we'll get it sorted out one way or another. As a first step, I'm curious how a solution should look like. There's the concept of "contexts" in kcctl, which lets you switch between different named Kafka Connect environments, e.g. "local", "staging", "prod". Details of the contexts are stored in a file ~/.kcctl (KC URL, but also Kafka bootstrap servers for the upcoming offset display/reset feature). Using this file for storing auth information per context would be an obvious choice, but of course there are security implications to consider. Ideally, the auth information should be stored encrypted, and decrypted upon usage. Which would be cumbersome to do for each usage, so doing something similar to SSH Agent may be interesting. It would be interesting to see how other CLI tools handle this sort of requirement. |
My naive first run at this is putting it in .kcctl in plain text, or possibly in files in a vendor folder.
Quarkus has a CredentialManager we can build on, and that would make it easier to support many methods from there.
Sent from ProtonMail mobile
…-------- Original Message --------
On Sep 4, 2021, 2:50 PM, Gunnar Morling wrote:
No worries, I'm sure we'll get it sorted out one way or another.
As a first step, I'm curious how a solution should look like. There's the concept of "contexts" in kcctl, which lets you switch between different named Kafka Connect environments, e.g. "local", "staging", "prod". Details of the contexts are stored in a file ~/.kcctl (KC URL, but also Kafka bootstrap servers for the upcoming offset display/reset feature).
Using this file for storing auth information per context would be an obvious choice, but of course there are security implications to consider. Ideally, the auth information should be stored encrypted, and decrypted upon usage. Which would be cumbersome to do for each usage, so doing something similar to SSH Agent may be interesting. It would be interesting to see how other CLI tools handle this sort of requirement.
—
You are receiving this because you commented.
Reply to this email directly, [view it on GitHub](#17 (comment)), or [unsubscribe](https://github.com/notifications/unsubscribe-auth/AMHHZOQ2G5A4D7D7A4IJ6RDUAJTATANCNFSM5APMFIAQ).
Triage notifications on the go with GitHub Mobile for [iOS](https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675) or [Android](https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub).
|
I dug into how kubectl used basic auth. This page lays it out well: https://unofficial-kubernetes.readthedocs.io/en/latest/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/#example-kubeconfig-file The credentials are stored plaintext. It may be nice, down the road, to use a cred store that is native to the OS, but that would require a few implementations. |
PR for this is here for review: #68 |
* Showing more meaningful error message * Avoiding Commons Lang dependency * Updating versions
…nnectExceptions
* Showing more meaningful error message * Avoiding Commons Lang dependency * Updating versions
@jmcristobal I believe you should be all set now. This PR is merged. |
Indeed, thanks again. Will close this one. |
Allow to configure authentication method for the Kafka Connect cluster. I've done a quick test (clumpsy, I know) and works adding the ClientHeaderParam anotation at interface level. The values should be obtained from the configuration, obviously.
I'm not an expert in this REST Client library, and probably there is a better way to implement this solution.
Also, this is only covering BasicAuth and other authentication methods could be included as well.
If this is out of scope, don't hesitate to close this one ;)
The text was updated successfully, but these errors were encountered: