[
https://issues.apache.org/jira/browse/NIFI-7585?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Christian Gumpert updated NIFI-7585:
------------------------------------
Description:
We recently migrated from Nifi 1.9.2 to 1.11.2 and are now experiencing
problems when communicating with our Kafka cluster.
We have a bunch of flows where we use\{{ PublishKafka_2_0}} or
{{ConsumeKafkaRecords_2_0}} to send or received data to/from our Kafka cluster.
Our Kafka cluster is configured to use SASL_SSL with SCRAM-SHA-512 as
authentication method. In Nifi 1.9.2 the "SASL MECHANISM" was a free-text
property where we could use "SCRAM-SHA-512". After the upgrade, this property
has changed to a drop down list where SCRAM-SHA-512 is not available anymore.
One can add a custom parameter (which we did) but then the processor is invalid
due to a validation error.
{code:java}
'sasl.mechanism' validated against 'SCRAM-SHA-512' is invalid because Given
value not found in allowed set 'GSSAPI, PLAIN, SCRAM-SHA-256'{code}
We believe that the validation is too strict in this case. As it was working
fine in Nifi 1.9.2 we believe this is a regression and therefore labelled it as
a bug. We also think that this issue was introduced with [this
PR|https://github.com/apache/nifi/pull/3813] (NIFI-4820)
was:
We recently migrated from Nifi 1.9.2 to 1.11.2 and are now experiencing
problems when communicating with our Kafka cluster.
We have a bunch of flows where we use{{ PublishKafka_2_0}} or
{{ConsumeKafkaRecords_2_0}} to send or received data to/from our Kafka cluster.
Our Kafka cluster is configured to use SASL_SSL with SCRAM-SHA-512 as
authentication method. In Nifi 1.9.2 the "SASL MECHANISM" was a free-text
property where we could use "SCRAM-SHA-512". After the upgrade, this property
has changed to a drop down list where SCRAM-SHA-512 is not available anymore.
One can add a custom parameter (which we did) but then the processor is invalid
due to a validation error.
{code:java}
'sasl.mechanism' validated against 'SCRAM-SHA-512' is invalid because Given
value not found in allowed set 'GSSAPI, PLAIN, SCRAM-SHA-256'{code}
> Kafka processors do not support SCRAM-SHA-512 SASL mechanism any more
> ---------------------------------------------------------------------
>
> Key: NIFI-7585
> URL: https://issues.apache.org/jira/browse/NIFI-7585
> Project: Apache NiFi
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.11.2
> Reporter: Christian Gumpert
> Priority: Major
>
> We recently migrated from Nifi 1.9.2 to 1.11.2 and are now experiencing
> problems when communicating with our Kafka cluster.
> We have a bunch of flows where we use\{{ PublishKafka_2_0}} or
> {{ConsumeKafkaRecords_2_0}} to send or received data to/from our Kafka
> cluster. Our Kafka cluster is configured to use SASL_SSL with SCRAM-SHA-512
> as authentication method. In Nifi 1.9.2 the "SASL MECHANISM" was a free-text
> property where we could use "SCRAM-SHA-512". After the upgrade, this property
> has changed to a drop down list where SCRAM-SHA-512 is not available anymore.
> One can add a custom parameter (which we did) but then the processor is
> invalid due to a validation error.
> {code:java}
> 'sasl.mechanism' validated against 'SCRAM-SHA-512' is invalid because Given
> value not found in allowed set 'GSSAPI, PLAIN, SCRAM-SHA-256'{code}
> We believe that the validation is too strict in this case. As it was working
> fine in Nifi 1.9.2 we believe this is a regression and therefore labelled it
> as a bug. We also think that this issue was introduced with [this
> PR|https://github.com/apache/nifi/pull/3813] (NIFI-4820)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
