[GitHub] [kafka] RivenSun2 commented on a diff in pull request #12010: KAFKA-13793: Add validators for configs that lack validators

Mon, 18 Apr 2022 17:16:57 -0700 


RivenSun2 commented on code in PR #12010:
URL: https://github.com/apache/kafka/pull/12010#discussion_r852494899


##########
core/src/main/scala/kafka/server/KafkaConfig.scala:
##########
@@ -1324,9 +1324,9 @@ object KafkaConfig {
       .define(SslEngineFactoryClassProp, CLASS, null, LOW, 
SslEngineFactoryClassDoc)
 
       /** ********* Sasl Configuration ****************/
-      .define(SaslMechanismInterBrokerProtocolProp, STRING, 
Defaults.SaslMechanismInterBrokerProtocol, MEDIUM, 
SaslMechanismInterBrokerProtocolDoc)
+      .define(SaslMechanismInterBrokerProtocolProp, STRING, 
Defaults.SaslMechanismInterBrokerProtocol, ConfigDef.CompositeValidator.of(new 
ConfigDef.NonNullValidator(), new ConfigDef.NonEmptyString()), MEDIUM, 
SaslMechanismInterBrokerProtocolDoc)
       .define(SaslJaasConfigProp, PASSWORD, null, MEDIUM, SaslJaasConfigDoc)
-      .define(SaslEnabledMechanismsProp, LIST, Defaults.SaslEnabledMechanisms, 
MEDIUM, SaslEnabledMechanismsDoc)
+      .define(SaslEnabledMechanismsProp, LIST, Defaults.SaslEnabledMechanisms, 
new BrokerSecurityConfigs.SaslEnabledMechanismsValidator(), MEDIUM, 
SaslEnabledMechanismsDoc)

Review Comment:
   > Is it possible today to bring up a MirrorMaker 2 instance with 
security.protocol set to SASL without it failing? 
   
   
   According to the official website 
https://kafka.apache.org/documentation/#producerconfigs_security.protocol, the 
valid values of `security.protocol` are: PLAINTEXT, SSL, SASL_PLAINTEXT, 
SASL_SSL.
   Currently this legal values apply to Producer, Consumer, KafkaConnect, 
KafkaStreams, Adminclient and `security.inter.broker.protocol`.
   I'm also not sure if there are different legal values for the 
`security.protocol` parameter in `Mirrormaker`. If it is indeed different, I 
think we can do a separate treatment for `Mirrormaker`.
   As far as I know, SASL is just a switch that turns on the authentication 
mechanism, it is not a specific communication protocol. It needs to be used 
with the transport layer protocol. For example: SASL_PLAINTEXT or SASL_SSL.
   
   WDYT?
   Thanks.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to