Details
-
Feature Request
-
Resolution: Unresolved
-
Major
-
0.5.2
-
None
-
0
-
0%
Description
Current situation with SSL configuration
- MySQL overwrites javax.net.ssl system properties
- MongoDB does not support SSL (see
DBZ-343), but would need to overwrite javax.net.ssl properties - PostgreSQL has its own SSL setup configured via JDBC connection options but also supports configuration via javax.net.ssl
Other connectors (like ElasticSearch) seems also to be using javax.net.ssl
The problem is when more than one connector is deployed in Kafka Connect cluster that the connectors can overwrite each other settings and there is no way how to co-ordinate it.
We thus should
- Deprecate current MySQL SSL configuration
- Centralize javax.net.ssl that would be shared by all connectors
- Extend MongoDB with SSL support
We need to decide between two approaches
- Setting via system properties on Connect startup (KAFKA_OPTS env var)
- Setting via connector options
In case of the latter one we should
- Define a namespace dedicated to configure system properties
- When a system property is going to be configured it is first checked if it is empty, if not the old value is compared to the new value and if they differs an exception is thrown - to guarantee cross-connector consistency
- 3rd party connectors will still require KAFKA_OPTS appoach
- This appoach is just inconsistent when doing configuration update - if a user changes the configuration for one connector then the system properties will be modified but the rest of connectors will still display the old value
