New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LOG-2169: Fix Kafka sasl-plaintext/sasl-ssl #1498
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vimalk78 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
1 similar comment
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One concern - username, password and mechanism are all optional, it looks like this may generate bad config when they are missing - e.g. in vector configuration I don't think username=""
is equivalent to having no username. Otherwise looks good.
TLSConf(o, secret), | ||
SASLConf(o, secret), | ||
TlsConf(o, secret), | ||
SaslConf(o, secret), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be TLSConf and SASLConf. Convention is that common "initialisms" like TLS should be all caps or all lowercase (at the start of unexported name) but never mixed. I can't find the relevant style guide right now but you see it in standard package names like net.DNSError or net.IPAddr.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated
if security.HasPassphrase(secret) { | ||
pp := Passphrase{ | ||
PassphrasePath: security.SecretPath(o.Secret.Name, constants.Passphrase), | ||
} | ||
conf = append(conf, pp) | ||
hasTls = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hasTls = true | |
hasTLS = true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated
# {{.Desc}} | ||
[sinks.{{.ComponentID}}.sasl] | ||
{{- end}}` | ||
enabled = true | ||
username = "{{.Username}}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What happens if username/password are missing/empty? Is username = ""
the same as no username?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this configuration is mainly for SASL/PLAIN
, which needs username/password
We could add a verification step to check username/password is always configured in secret, if SASL/PLAIN
is configured
/retest |
/lgtm |
@vimalk78: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Description
Fixes Kafka Sasl for vector.
Tested scenarios
/cc @alanconway @jcantrill
/assign @alanconway
/cherry-pick
Links