Comments (13)
Unfortuntaley I have no access to the Kafka Broker Configuration.
I am currently using Confluent Cloud that offers a Kafka SaaS.
This is a command that I usually use to contact kafka:
./bin/kafka-topics.sh --command-config properties.txt --bootstrap-server hostname:port
And this is the content of the properties.txt
file:
ssl.endpoint.identification.algorithm=HTTPS
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="MY-USERNAME" password="MY-PASSWORD";
security.protocol=SASL_SSL
sasl.mechanism=PLAIN
request.timeout.ms=20000
If you want and you can provide a Docker image I can test, I can try to test if the fix works.
I am also open to other solutions, if you have other ideas.
Thanks for the quick reply!
from kafka-webview.
When i first posted this question I also got the code to see if I can do something to make it work and I managed to do it, but being more than 1 year ago i don't remember exactly. I know that i disabled the check for truststore in the UI and in the backend I set the filename and password to null. This is how the config looks in the UI:
Here are the config elements used in my application that read/writes from kafka. They are for spring but I think they are 1-to-1 to the actual kafka properties
SPRING_KAFKA_BOOTSTRAPSERVERS: "server:9092"
SPRING_KAFKA_PROPERTIES_SECURITY_PROTOCOL: SASL_SSL
SPRING_KAFKA_PROPERTIES_SASL_MECHANISM: PLAIN
SPRING_KAFKA_JAAS_ENABLED: "true"
SPRING_KAFKA_JAAS_CONTROL: required
SPRING_KAFKA_JAAS_LOGIN_MODULE: "org.apache.kafka.common.security.plain.PlainLoginModule"
SPRING_KAFKA_JAAS_OPTIONS_USERNAME: user
SPRING_KAFKA_JAAS_OPTIONS_PASSWORD: password
SPRING_KAFKA_PRODUCER_COMPRESSIONTYPE: lz4
from kafka-webview.
Off on vacation for the weekend, but I'll try to take a look in the next week.
Thanks!
from kafka-webview.
I have played a little with the code and to make it work it was enough to comment out the four last line of codes in here:
Unfortunately, I can work on it during weekend only and I have all the month weekends busy.
If i find the time and you have not done it yet, I will be more than happy to submit a PR.
from kafka-webview.
To make sure I understand correctly, in this scenario the JVM running kafka-webview is already configured to trust the certificate being served by your kafka cluster correct? And therefore there is no reason to upload a truststore?
Exactly. In my scenario internet is reachable and the certificate can be verified using the public certificate of the CA.
I should be able to mock up this locally without much effort. How would you expect the UI to be presented? Something along the lines of:
Use SSL Authentication? [ Checkbox ]
If Checked then show: Do you need to supply a truststore for this server? [ Checkbox ]
If Checked then show the TrustStore upload UI as it exists.
If NOT checked, no need to display the truststore upload UI. No truststore file will be passed to the underlying kafka client connection
I expect exactly this behavior :)
from kafka-webview.
I'll try to cut a release in the next day or two with this change. There are a couple other minor updates I'd like to sneak into the same release if possible.
from kafka-webview.
I have the same issue.
Is there any additional information I can provide?
from kafka-webview.
I have the same issue.
Is there any additional information I can provide?
Hi!
If possible an example configuration for a Kafka broker with the setup so I can replicate and test it locally would be super helpful.
Thanks!
from kafka-webview.
Reviewing this now that I'm back at home. To make sure I understand correctly, in this scenario the JVM running kafka-webview is already configured to trust the certificate being served by your kafka cluster correct? And therefore there is no reason to upload a truststore?
I should be able to mock up this locally without much effort. How would you expect the UI to be presented? Something along the lines of:
- Use SSL Authentication? [ Checkbox ]
- If Checked then show: Do you need to supply a truststore for this server? [ Checkbox ]
- If Checked then show the TrustStore upload UI as it exists.
- If NOT checked, no need to display the truststore upload UI. No truststore file will be passed to the underlying kafka client connection.
- If Checked then show: Do you need to supply a truststore for this server? [ Checkbox ]
Does that sound about right?
EDIT -- Also! Always happy to receive PullRequests :)
from kafka-webview.
Hi. I am not very knowledgeable about certificates so I can't say for sure. The UI config looks good to me though.
from kafka-webview.
Great, thanks for the confirmation. I started poking around at this a bit today.
from kafka-webview.
I've got this mocked up locally, will push a pull request shortly.
with uploading a truststore (previous behavior)
without requiring a truststore (new behavior)
from kafka-webview.
release 2.6.0 with this included.
from kafka-webview.
Related Issues (20)
- Lets add warning log msgs when ignoring or overwriting user defined configuration values for deserializers HOT 1
- Kafka-Webview should provide option to "Stringify" ByteArray messages HOT 2
- Failing to connect to GSSAPI/SSL cluster HOT 2
- Custom protobuf deserializer failed because of pb version conflict HOT 2
- On View page, the "previous button" jump is twice as big as the "next button" jump. HOT 1
- use custom config.yml with docker
- Repository with ID="orgsourcelab-1031" not found HOT 1
- Expose actuator/health path without login HOT 1
- Selecting a Partition filter from a 'Stream' persists the partition as an enforced filter.
- Allow Filtering on Views Page HOT 3
- Consumer poll timeout is hardcoded
- How to Build this as a Single Jar/War file to deploy in server which doesn't have MVN/JDK HOT 2
- Disable server host name verification HOT 3
- "Unknown magic byte!" when deserializing avro message with TopicRecordNameStrategy HOT 2
- Mistake in environment variable name HOT 2
- Feature Request: Make `requestTimeoutMs` configurable per cluster HOT 3
- Security Update HOT 3
- [Docker] Execute web application fail while upgrade from v2.4.0 to 2.8.1 HOT 5
- Is webview vulnerable to Spring4Shell vulnerablity (CVE-2022-22965)? HOT 3
- unable to connect to AWS MSK clusters HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kafka-webview.