[jira] [Commented] (KAFKA-5993) Kafka AdminClient does not support standard security settings

Stephane Maarek (JIRA) Tue, 03 Oct 2017 21:47:26 -0700

    [ 
https://issues.apache.org/jira/browse/KAFKA-5993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190808#comment-16190808
 ]


Stephane Maarek commented on KAFKA-5993:
----------------------------------------

[~ijuma] Indeed it does support security settings. The log still shows that 
WARN, which is what was misleading on my end.

See full log here:

{code:java}
15:42:18.548 [main] INFO  org.apache.kafka.clients.admin.AdminClientConfig - 
AdminClientConfig values: 
        bootstrap.servers = [localhost:9092]
        client.id = 
        connections.max.idle.ms = 300000
        metadata.max.age.ms = 300000
        metric.reporters = []
        metrics.num.samples = 2
        metrics.recording.level = INFO
        metrics.sample.window.ms = 30000
        receive.buffer.bytes = 65536
        reconnect.backoff.max.ms = 1000
        reconnect.backoff.ms = 50
        request.timeout.ms = 120000
        retries = 5
        retry.backoff.ms = 100
        sasl.jaas.config = [hidden]
        sasl.kerberos.kinit.cmd = /usr/bin/kinit
        sasl.kerberos.min.time.before.relogin = 60000
        sasl.kerberos.service.name = null
        sasl.kerberos.ticket.renew.jitter = 0.05
        sasl.kerberos.ticket.renew.window.factor = 0.8
        sasl.mechanism = GSSAPI
        security.protocol = PLAINTEXT
        send.buffer.bytes = 131072
        ssl.cipher.suites = null
        ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
        ssl.endpoint.identification.algorithm = null
        ssl.key.password = null
        ssl.keymanager.algorithm = SunX509
        ssl.keystore.location = null
        ssl.keystore.password = null
        ssl.keystore.type = JKS
        ssl.protocol = TLS
        ssl.provider = null
        ssl.secure.random.implementation = null
        ssl.trustmanager.algorithm = PKIX
        ssl.truststore.location = null
        ssl.truststore.password = null
        ssl.truststore.type = JKS

15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added 
sensor with name connections-closed:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added 
sensor with name connections-created:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added 
sensor with name bytes-sent-received:
15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added 
sensor with name bytes-sent:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added 
sensor with name bytes-received:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added 
sensor with name select-time:
15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added 
sensor with name io-time:
15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster 
metadata version 1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack: 
null)], partitions = [])
15:42:18.550 [main] WARN  org.apache.kafka.clients.admin.AdminClientConfig - 
The configuration 'sasl.jaas.config' was supplied but isn't a known config.
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka 
version : 0.11.0.1
15:42:18.550 [main] INFO  org.apache.kafka.common.utils.AppInfoParser - Kafka 
commitId : c2a0d5f9b1f45bf5
{code}

My code to generate my admin client is:
  
{code:java}
  public static AdminClient getAdminClient() {

        Properties adminProps = new Properties();
        adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG,
                
Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092"));
        adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG,
                
Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT"));
        adminProps.put(SaslConfigs.SASL_JAAS_CONFIG,
                
Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse(""));

        return AdminClient.create(adminProps);
    }

{code}

If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should 
rename the JIRA and address the WARN?

> Kafka AdminClient does not support standard security settings
> -------------------------------------------------------------
>
>                 Key: KAFKA-5993
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5993
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 0.11.0.1
>            Reporter: Stephane Maarek
>
> Kafka Admin Client does not support basic security configurations, such as 
> "sasl.jaas.config".
> Therefore it makes it impossible to use against a secure cluster
> ```
> 14:12:12.948 [main] WARN  org.apache.kafka.clients.admin.AdminClientConfig - 
> The configuration 'sasl.jaas.config' was supplied but isn't a known config.
> ```



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (KAFKA-5993) Kafka AdminClient does not support standard security settings

Reply via email to