rajagopr opened a new pull request, #12249: URL: https://github.com/apache/pinot/pull/12249
## Description Added support to dynamically initialize the Kafka client SSL configs based on the configuration passed as part of the streamConfigs. Support is added for one-way SSL (client validates the servers certificate) and two-way SSL( client validates the servers certificate and the server validates the clients certificate). ## Configuration One-way SSL is enabled when the table config contains the following configuration. ``` ssl.truststore.location=<path to truststore file> ssl.truststore.password=<truststore password> ``` The server certificate should be passed via the `streamConfigs` by setting the following key in base64 encoded format. ``` stream.kafka.ssl.server.certificate=<base64 encoded certificate> ``` Two-way SSL is enabled when the table config contains the following configuration in addition to the config required to enable one-way SSL. ``` ssl.keystore.location=<path to keystore file> ssl.keystore.password=<keystore password> ssl.key.password=<key password> ``` The client certificate and key should be passed via the `streamConfigs` by setting the following key in base64 encoded format. ``` stream.kafka.ssl.client.certificate=<base64 encoded certificate> stream.kafka.ssl.client.key=<base64 encoded key> ``` ## Testing Tested e2e by connecting to a test cluster from Aiven which supports two-way SSL based Kafka clusters. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
