Giter Club home page Giter Club logo

Comments (13)

davidetan avatar davidetan commented on July 2, 2024 1

Unfortuntaley I have no access to the Kafka Broker Configuration.
I am currently using Confluent Cloud that offers a Kafka SaaS.

This is a command that I usually use to contact kafka:

./bin/kafka-topics.sh --command-config properties.txt --bootstrap-server hostname:port

And this is the content of the properties.txt file:

ssl.endpoint.identification.algorithm=HTTPS
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="MY-USERNAME" password="MY-PASSWORD";
security.protocol=SASL_SSL
sasl.mechanism=PLAIN
request.timeout.ms=20000

If you want and you can provide a Docker image I can test, I can try to test if the fix works.

I am also open to other solutions, if you have other ideas.

Thanks for the quick reply!

from kafka-webview.

Vladutu avatar Vladutu commented on July 2, 2024 1

When i first posted this question I also got the code to see if I can do something to make it work and I managed to do it, but being more than 1 year ago i don't remember exactly. I know that i disabled the check for truststore in the UI and in the backend I set the filename and password to null. This is how the config looks in the UI:
Screenshot 2020-06-05 at 12 05 23

Here are the config elements used in my application that read/writes from kafka. They are for spring but I think they are 1-to-1 to the actual kafka properties

SPRING_KAFKA_BOOTSTRAPSERVERS: "server:9092"
SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: SASL_SSL
SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: PLAIN
SPRING_KAFKA_JAAS_ENABLED: "true"
SPRING_KAFKA_JAAS_CONTROL: required
SPRING_KAFKA_JAAS_LOGIN_MODULE: "org.apache.kafka.common.security.plain.PlainLoginModule"
SPRING_KAFKA_JAAS_OPTIONS_USERNAME: user
SPRING_KAFKA_JAAS_OPTIONS_PASSWORD: password
SPRING_KAFKA_PRODUCER_COMPRESSIONTYPE: lz4

from kafka-webview.

Crim avatar Crim commented on July 2, 2024 1

Off on vacation for the weekend, but I'll try to take a look in the next week.

Thanks!

from kafka-webview.

davidetan avatar davidetan commented on July 2, 2024 1

I have played a little with the code and to make it work it was enough to comment out the four last line of codes in here:

kafka-webview/kafka-webview-ui/src/main/java/org/sourcelab/kafka/webview/ui/manager/kafka/config/ClusterConfig.java

Lines 173 to 179 in fb860ca

if (cluster.isSslEnabled()) {
builder
.withUseSsl(cluster.isSslEnabled())
.withKeyStoreFile(cluster.getKeyStoreFile())
.withKeyStorePassword(secretManager.decrypt(cluster.getKeyStorePassword()))
.withTrustStoreFile(cluster.getTrustStoreFile())
.withTrustStorePassword(secretManager.decrypt(cluster.getTrustStorePassword()));

Unfortunately, I can work on it during weekend only and I have all the month weekends busy.
If i find the time and you have not done it yet, I will be more than happy to submit a PR.

from kafka-webview.

davidetan avatar davidetan commented on July 2, 2024 1

To make sure I understand correctly, in this scenario the JVM running kafka-webview is already configured to trust the certificate being served by your kafka cluster correct? And therefore there is no reason to upload a truststore?

Exactly. In my scenario internet is reachable and the certificate can be verified using the public certificate of the CA.

I should be able to mock up this locally without much effort. How would you expect the UI to be presented? Something along the lines of:

Use SSL Authentication? [ Checkbox ]
If Checked then show: Do you need to supply a truststore for this server? [ Checkbox ]
If Checked then show the TrustStore upload UI as it exists.
If NOT checked, no need to display the truststore upload UI. No truststore file will be passed to the underlying kafka client connection

I expect exactly this behavior :)

from kafka-webview.

Crim avatar Crim commented on July 2, 2024 1

I'll try to cut a release in the next day or two with this change. There are a couple other minor updates I'd like to sneak into the same release if possible.

from kafka-webview.

davidetan avatar davidetan commented on July 2, 2024

I have the same issue.
Is there any additional information I can provide?

from kafka-webview.

Crim avatar Crim commented on July 2, 2024

I have the same issue.
Is there any additional information I can provide?

Hi!
If possible an example configuration for a Kafka broker with the setup so I can replicate and test it locally would be super helpful.

Thanks!

from kafka-webview.

Crim avatar Crim commented on July 2, 2024

Reviewing this now that I'm back at home. To make sure I understand correctly, in this scenario the JVM running kafka-webview is already configured to trust the certificate being served by your kafka cluster correct? And therefore there is no reason to upload a truststore?

I should be able to mock up this locally without much effort. How would you expect the UI to be presented? Something along the lines of:

  • Use SSL Authentication? [ Checkbox ]
    • If Checked then show: Do you need to supply a truststore for this server? [ Checkbox ]
      • If Checked then show the TrustStore upload UI as it exists.
      • If NOT checked, no need to display the truststore upload UI. No truststore file will be passed to the underlying kafka client connection.

Does that sound about right?

EDIT -- Also! Always happy to receive PullRequests :)

from kafka-webview.

Vladutu avatar Vladutu commented on July 2, 2024

Hi. I am not very knowledgeable about certificates so I can't say for sure. The UI config looks good to me though.

from kafka-webview.

Crim avatar Crim commented on July 2, 2024

Great, thanks for the confirmation. I started poking around at this a bit today.

from kafka-webview.

Crim avatar Crim commented on July 2, 2024

I've got this mocked up locally, will push a pull request shortly.

with uploading a truststore (previous behavior)
image

without requiring a truststore (new behavior)
image

from kafka-webview.

Crim avatar Crim commented on July 2, 2024

release 2.6.0 with this included.

from kafka-webview.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.