I agree, adding both HTTP and HTTPS is not complicated. I just didn't saw the use case for it. But I can add it. Would you add just support for a single HTTP and single HTTPS interface? Or do you see some value even in allowing more than 2 interfaces (for example one HTTP and two HTTPS with different configuration)? It could be done similarly to how the Kafka broker does it through the "listener" configuration parameter with comma separated list. What do you think?
As for the "rest" prefix - if we remove it, some of the same configuration options are already used today as the option for connecting from Kafka Connect to Kafka broker. So I'm not sure we should mix them. I can definitely imagine some cases where the client SSL configuration will not be the same as the REST HTTPS configuration. That is why I added the prefix. If we remove the prefix, how would you deal with this? On Fri, Oct 13, 2017 at 6:25 PM, Randall Hauch <rha...@gmail.com> wrote: > Also, do we need these properties to be preceded with `rest`? I'd argue > that we're just configuring the worker's SSL information, and that the REST > API would just use that. If we added another non-REST API, we'd want to use > the same security configuration. > > It's not that complicated in Jetty to support both "http" and "https" > simultaneously, so IMO we should add that from the beginning. > > On Fri, Oct 13, 2017 at 9:34 AM, Randall Hauch <rha...@gmail.com> wrote: > > > It'd be useful to specify the default values for the configuration > > properties. > > > > On Tue, Oct 10, 2017 at 2:53 AM, Jakub Scholz <ja...@scholz.cz> wrote: > > > >> FYI: Based on Ewen's suggestion from the related JIRA, I added a > >> clarification to the KIP that it doesn't do anything around > authorization > >> / > >> ACLs. While authorization / ACLs would be for sure valuable feature I > >> would > >> prefer to leave it for different KIP. > >> > >> Jakub > >> > >> On Mon, Oct 9, 2017 at 5:25 PM, Jakub Scholz <ja...@scholz.cz> wrote: > >> > >> > Hi, > >> > > >> > I would like to start a discussion about KIP-208: Add SSL support to > >> Kafka > >> > Connect REST interface (https://cwiki.apache.org/ > >> > confluence/display/KAFKA/KIP-208%3A+Add+SSL+support+to+ > >> > Kafka+Connect+REST+interface). > >> > > >> > I think this would be useful feature to improve the security of Kafka > >> > Connect. > >> > > >> > Thanks & Regards > >> > Jakub > >> > > >> > > > > >
