Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Kafka SASL_SSL/SSL security protocol for self signed certificate in Kafka Consumer #4181

Merged
merged 5 commits into from
Feb 23, 2024
Merged

Support Kafka SASL_SSL/SSL security protocol for self signed certificate in Kafka Consumer #4181

merged 5 commits into from
Feb 23, 2024

Conversation

dinujoh
Copy link
Member

@dinujoh dinujoh commented Feb 23, 2024

Description

Support Kafka SASL_SSL/SSL security protocol for self signed certificate in Kafka Consumer

Check List

  • New functionality includes testing.
  • New functionality has a documentation issue. Please link to it in this PR.
    • New functionality has javadoc added
  • Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@dinujoh
Support Kafka SASL_SSL/SSL security protocol for self signed certifice
72b0164 
- Renamed the field names for certificate, truststore and password.
- Removed redundant information from build.gradle

Signed-off-by: Dinu John <[email protected]>
@dinujoh dinujoh requested a review from dlvenable February 23, 2024 17:50
@dinujoh
Support Kafka SASL_SSL/SSL security protocol for self signed certific…
67b95e2 
…ate in Kafka Consumer

- Add the copyright block to build.gradle

Signed-off-by: Dinu John <[email protected]>
dlvenable
dlvenable previously approved these changes Feb 23, 2024
View reviewed changes
kkondaka
kkondaka reviewed Feb 23, 2024
View reviewed changes
...ins/src/main/java/org/opensearch/dataprepper/plugins/kafka/util/KafkaSecurityConfigurer.java
properties.put(SECURITY_PROTOCOL, "SASL_SSL");
setSecurityProtocolSSLProperties(properties, encryptionConfig);
} else { // EncryptionType.NONE
properties.put(SECURITY_PROTOCOL, "SASL_PLAINTEXT");
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why switch the statements here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

encryptionType can be null, so had added checkEncryptionType method that does null check.

I could have kept the same order with if condition if (checkEncryptionType(encryptionConfig, EncryptionType.NONE)) {, but since we are handling addition things for SSL, I reversed the order.

...ins/src/main/java/org/opensearch/dataprepper/plugins/kafka/util/KafkaSecurityConfigurer.java
@@ -83,6 +83,10 @@ public class KafkaSecurityConfigurer {
private static final String REGISTRY_BASIC_AUTH_USER_INFO = "schema.registry.basic.auth.user.info";

private static final int MAX_KAFKA_CLIENT_RETRIES = 360; // for one hour every 10 seconds
private static final String SSL_ENGINE_FACTORY_CLASS = "ssl.engine.factory.class";
private static final String CERTIFICATE_CONTENT = "certificateContent";
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this valid name? I don't seem to find it.

Copy link
Member Author

@dinujoh dinujoh Feb 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's internal property that is used in CustomClientSslEngineFactory class to get the certificate content to setup TrustManager.

kkondaka
kkondaka previously approved these changes Feb 23, 2024
View reviewed changes
@dinujoh dinujoh dismissed stale reviews from kkondaka and dlvenable via e8c88bb February 23, 2024 20:46
@kkondaka kkondaka merged commit 0f9820a into opensearch-project:main Feb 23, 2024
72 of 74 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kkondaka kkondaka kkondaka approved these changes

@dlvenable dlvenable dlvenable approved these changes

@chenqi0805 chenqi0805 Awaiting requested review from chenqi0805 chenqi0805 is a code owner

@engechas engechas Awaiting requested review from engechas engechas is a code owner

@graytaylor0 graytaylor0 Awaiting requested review from graytaylor0 graytaylor0 is a code owner

@asifsmohammed asifsmohammed Awaiting requested review from asifsmohammed

@oeyh oeyh Awaiting requested review from oeyh oeyh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dinujoh @dlvenable @kkondaka