rahulnirgude opened a new pull request, #17561:
URL: https://github.com/apache/kafka/pull/17561
Client applications use SSL/TLS to connect with Kafka brokers in order to
implement secured communication. The clients initiate SSL communication with
Kafka brokers using the SSL Engine constructed from the ssl.* properties
pointing to key store and trust store. This PR addresses couple of important
enhancements related to how the key store is loaded for secured communication
with Kafka brokers.
**Problem :**
Most of the container platforms such as PCF where the client applications
are deployed set key store and trust store are environment variables with
Base64 encoded PEM. Kafka clients expect the key store and trust store to be
file system artefacts. This introduces custom logic to read these environment
variables and create a key store / trust store out of that.
**Solution :**
This can be solved by implementing loading the key store directly from
environment variables as input stream. Two new configs ssl.keystore.as.string
and ssl.truststore.as.string are added to indicate loading the key stores from
these environment variables. When the values are true, it indicates the
ssl.keystore.location and ssl.trustore.location are pointing to environment
variables instead of paths.
Example configuration:
ssl.truststore.as.string=true
ssl.keystore.type=JKS
ssl.truststore.location=${KEYSTORE} // populate this as an environment
variable
ssl.keystore.as.string=true
ssl.truststore.type=JKS
ssl.keystore.location= ${TRUSTSTORE} // populate this as an environment
variable
All unit tests are passing and added a new test to verify that the base64
encoded string works with the code changes. No changes were made to any other
unit tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
