-
Notifications
You must be signed in to change notification settings - Fork 1.3k
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add per-listener connections.max.reauth.ms support #5639
Comments
hey, I'd like to work on this, may I be assigned, please? |
@ppatierno What is the plan for this? Do you have any idea how should the API look like? |
What if there was a config section like listenerOverrides:
name: SASL_SSL # optional: validate this exists as a configured listener
sasl_mechanism: OAUTHBEARER
config:
connections.max.reauth.ms: 3600000 When templated will add
|
@ppatierno ^^^ ??? I think it applies in general to all SASL listeners. So, I wonder if it should be just a property of the authentication? E.g. listeners:
#...
- name: external
port: 9094
type: nodeport
tls: false
authentication:
type: scram-sha-512
maxReauthMs: 3600000 |
(For |
Any listener's port connection properties, including auth, should be able to be overridden. Look at |
The way we went with this so far is that you have the selected authentication types which enforce some properties. And then you have the
We already support this through specific fields. Look for |
I think the API proposed by Jakub makes more sense. |
The |
Triaged on 26.5.2022: There seem to be a different opinions on how the API should look like. So maybe we sould have a proposal to clarify all the concerns and alternatives. |
What is the state of this issue. Does it need someone to take it ? |
I think it is waiting for someone to work on it. Given the API changes needed for this, there should be a proposal of how would it be done first (https://github.com/strimzi/proposals). |
Apache Kafka provides the
connections.max.reauth.ms
[1] configuration parameter which can be set at broker level so applied on all listeners or even on a specific listener only.Currently, Strimzi doesn't have support for specifying such a parameter at listener level because the
listener.
prefix is part of the list of the forbidden ones for thespec.kafka.config
section.The
connections.max.reauth.ms
would make sense for OAuth and SCRAM authentications enabled on a specific listener so we should add support in the authentication section of listeners via theKafkaListenerAuthenticationOAuth
andKafkaListenerAuthenticationScramSha512
classes adding a new field for it.[1] https://kafka.apache.org/documentation/#brokerconfigs_connections.max.reauth.ms
The text was updated successfully, but these errors were encountered: