Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-25956

Add simple configuration for Kafka SASL and TLS authentication

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 9.10, 10.2
    • Fix Version/s: 9.10-HF22, 10.3
    • Component/s: Core

      Description

      Nuxeo supports authentication for all backing services from the nuxeo.conf file except for Kafka.

      Adding support to SASL and SSL can be done by adding Kafka properties to consumer and producer configuration.

      SSL configuration should be as close as possible to other Nuxeo services.

      The properties exposed to nuxeo.conf should be:

      # SASL
      kafka.sasl.enabled=false
      kafka.security.protocol=SASL_PLAINTEXT
      kafka.sasl.mechanism=SCRAM-SHA-256
      kafka.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="kafkaclient1" password="kafkaclient1-secret";
      
      # SSL
      kafka.ssl=false
      kafka.truststore.type=JKS
      kafka.truststore.path=
      kafka.truststore.password=
      kafka.keystore.type=JKS
      kafka.keystore.path=
      kafka.keystore.password=
      

      These properties are turned into Kafka consumer and producer properties, for SASL:

              <property name="security.protocol">${kafka.security.protocol}</property>
              <property name="sasl.mechanism">${kafka.sasl.mechanism}</property>
              <property name="sasl.jaas.config">${kafka.sasl.jaas.config}</property>
      

      and for SSL:

              <property name="security.protocol">SSL</property>
              <property name="ssl.truststore.type">${kafka.truststore.type}</property>
              <property name="ssl.truststore.location">${kafka.truststore.path}</property>
              <property name="ssl.truststore.password">${kafka.truststore.password}</property>
              <property name="ssl.keystore.type">${kafka.keystore.type}</property>
              <property name="ssl.keystore.location">${kafka.keystore.path}</property>
              <property name="ssl.keystore.password">${kafka.keystore.password}</property>
      

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 5 hours
                  5h

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.