Uploaded image for project: 'Debezium'
  1. Debezium
  2. DBZ-3245

Debezium 1.4.2.Final and onwards unable to parse sasl.jaas.config from env var

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 1.4-next, 1.5.0.Beta2
    • 1.4.2.Final, 1.5.0.Alpha1, 1.5.0.Beta1
    • container-images
    • None
    • False
    • False
    • Undefined
    • Hide
      1. Set the sasl jaas config environment variable that'll be ingested by the Debezium container on boot 
        CONNECT_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required username="fakeusername" password="fakepassword"
      1. Boot Debezium watching the stdout/stderr for env var parsing
      2. Observe that in versions 1.4.2.Final and later the provided CONNECT_SASL_JAAS_CONFIG env var is parsed as  
        --- Setting property from CONNECT_SASL_JAAS_CONFIG=org.apache.kafka.common.security.scram.ScramLoginModule required username="fakeusername" password: sasl.jaas.config=org.apache.kafka.common.security.scram.scramloginmodule required username="fakeusername" password="fakepassword";
      1. Debezium throws authentication errors as the sasl.jaas.config property is incorrect due to the misconfigured parser.
      Show
      Set the sasl jaas config environment variable that'll be ingested by the Debezium container on boot CONNECT_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required username= "fakeusername" password= "fakepassword" Boot Debezium watching the stdout/stderr for env var parsing Observe that in versions 1.4.2.Final and later the provided CONNECT_SASL_JAAS_CONFIG env var is parsed as  --- Setting property from CONNECT_SASL_JAAS_CONFIG=org.apache.kafka.common.security.scram.ScramLoginModule required username= "fakeusername" password: sasl.jaas.config=org.apache.kafka.common.security.scram.scramloginmodule required username= "fakeusername" password= "fakepassword" ; Debezium throws authentication errors as the sasl.jaas.config property is incorrect due to the misconfigured parser.

      We've run into an issue with the Debezium kafka-connect docker image 1.4.2.Final (https://hub.docker.com/layers/debezium/connect/1.4.2.Final/images/sha256-f14e176ecbf367e70149c6ffbe93ab4d734785c53527eeedaf4384f565e2e882?context=explore). It appears that it is no longer parsing the provided sasl.jaas.config environment variable. The parsing works fine in 1.4.1.Final but appears to be broken from 1.4.2.Final and onwards.

      I believe I've traced it back to changes made to the way environment variables are fed into the parser in the entrypoint https://github.com/debezium/docker-images/commit/f25411e5d6061bb40a73dd402a58d2039cc1e71f#diff-2c2a818cf3b7202a01a16e55ab47df3c301f34fea9e16bc57315e22c362fb120R197-R199

       

      Providing the following env var:

      CONNECT_SASL_JAAS_CONFIG: org.apache.kafka.common.security.scram.ScramLoginModule required username="fakeusername" password="fakepassword"

      Output from 1.4.1.Final, note properly parsed env var:

      --- Setting property from CONNECT_SASL_JAAS_CONFIG: sasl.jaas.config=[hidden]

      Output from 1.4.2.Final and onwards, note incorrectly parsed env var:

      --- Setting property from CONNECT_SASL_JAAS_CONFIG=org.apache.kafka.common.security.scram.ScramLoginModule required username="fakeusername" password: sasl.jaas.config=org.apache.kafka.common.security.scram.scramloginmodule required username="fakeusername" password="fakepassword";

       

              Unassigned Unassigned
              brandonharvey Brandon Harvey (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: