Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-14987

Configure Reactive Messaging Kafka connector to use SSLContext from the Elytron subsystem and allow SASL_PLAINTEXT and SASL_SSL protocols

    XMLWordPrintable

    Details

      Description

      To connect to a Kafka instance via SSL with authentication via SASL you currently need to specify e.g. truststore parameters in the application's microprofile-config.properties file. Behind the scenes Kafka will then create an SSLContext which it in turn uses to create the SSLEngine for the consumer and producer (i.e. client) connections.

      An example config that will work before this change is:

      # General config to set up SASL over SSL
      mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:9092
      mp.messaging.connector.smallrye-kafka.sasl.mechanism=PLAIN
      mp.messaging.connector.smallrye-kafka.security.protocol=SASL_SSL
      mp.messaging.connector.smallrye-kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
        username="admin" \
        password="admin-secret";
      
      # Truststore config
      mp.messaging.connector.smallrye-kafka.ssl.truststore.location=/Users/kabir/temp/kafka_2.13-2.8.0/config/sasl-ssl/client.truststore.p12
      mp.messaging.connector.smallrye-kafka.ssl.truststore.password=clientts
      

      This RFE will allow the last two lines (i.e the properties defining the truststore location and password) to be replaced by

      mp.messaging.connector.smallrye-kafka.wildfly.elytron.ssl.context=test
      

      test is the name of an SSLContext defined by /subsystem=elytron/client-ssl-context=test

      This allows us to use the standard SSLContext configuration mechanisms provided by the Elytron subsystem

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              kkhan1@redhat.com Kabir Khan
              Reporter:
              kkhan1@redhat.com Kabir Khan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: