[ https://issues.apache.org/jira/browse/KAFKA-5993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16190808#comment-16190808 ]
Stephane Maarek edited comment on KAFKA-5993 at 10/4/17 4:52 AM: ----------------------------------------------------------------- [~ijuma] Indeed it does support security settings. The log still shows that WARN, which is what was misleading on my end. See full log here (it's using the PLAINTEXT protocol on purpose for now): {code:java} 15:42:18.548 [main] INFO org.apache.kafka.clients.admin.AdminClientConfig - AdminClientConfig values: bootstrap.servers = [localhost:9092] client.id = connections.max.idle.ms = 300000 metadata.max.age.ms = 300000 metric.reporters = [] metrics.num.samples = 2 metrics.recording.level = INFO metrics.sample.window.ms = 30000 receive.buffer.bytes = 65536 reconnect.backoff.max.ms = 1000 reconnect.backoff.ms = 50 request.timeout.ms = 120000 retries = 5 retry.backoff.ms = 100 sasl.jaas.config = [hidden] sasl.kerberos.kinit.cmd = /usr/bin/kinit sasl.kerberos.min.time.before.relogin = 60000 sasl.kerberos.service.name = null sasl.kerberos.ticket.renew.jitter = 0.05 sasl.kerberos.ticket.renew.window.factor = 0.8 sasl.mechanism = GSSAPI security.protocol = PLAINTEXT send.buffer.bytes = 131072 ssl.cipher.suites = null ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] ssl.endpoint.identification.algorithm = null ssl.key.password = null ssl.keymanager.algorithm = SunX509 ssl.keystore.location = null ssl.keystore.password = null ssl.keystore.type = JKS ssl.protocol = TLS ssl.provider = null ssl.secure.random.implementation = null ssl.trustmanager.algorithm = PKIX ssl.truststore.location = null ssl.truststore.password = null ssl.truststore.type = JKS 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name connections-closed: 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name connections-created: 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name bytes-sent-received: 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name bytes-sent: 15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name bytes-received: 15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name select-time: 15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name io-time: 15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster metadata version 1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack: null)], partitions = []) 15:42:18.550 [main] WARN org.apache.kafka.clients.admin.AdminClientConfig - The configuration 'sasl.jaas.config' was supplied but isn't a known config. 15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka version : 0.11.0.1 15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka commitId : c2a0d5f9b1f45bf5 {code} My code to generate my admin client is: {code:java} public static AdminClient getAdminClient() { Properties adminProps = new Properties(); adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092")); adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG, Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT")); adminProps.put(SaslConfigs.SASL_JAAS_CONFIG, Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse("")); return AdminClient.create(adminProps); } {code} If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should rename the JIRA and address the WARN? was (Author: stephane.maa...@gmail.com): [~ijuma] Indeed it does support security settings. The log still shows that WARN, which is what was misleading on my end. See full log here: {code:java} 15:42:18.548 [main] INFO org.apache.kafka.clients.admin.AdminClientConfig - AdminClientConfig values: bootstrap.servers = [localhost:9092] client.id = connections.max.idle.ms = 300000 metadata.max.age.ms = 300000 metric.reporters = [] metrics.num.samples = 2 metrics.recording.level = INFO metrics.sample.window.ms = 30000 receive.buffer.bytes = 65536 reconnect.backoff.max.ms = 1000 reconnect.backoff.ms = 50 request.timeout.ms = 120000 retries = 5 retry.backoff.ms = 100 sasl.jaas.config = [hidden] sasl.kerberos.kinit.cmd = /usr/bin/kinit sasl.kerberos.min.time.before.relogin = 60000 sasl.kerberos.service.name = null sasl.kerberos.ticket.renew.jitter = 0.05 sasl.kerberos.ticket.renew.window.factor = 0.8 sasl.mechanism = GSSAPI security.protocol = PLAINTEXT send.buffer.bytes = 131072 ssl.cipher.suites = null ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] ssl.endpoint.identification.algorithm = null ssl.key.password = null ssl.keymanager.algorithm = SunX509 ssl.keystore.location = null ssl.keystore.password = null ssl.keystore.type = JKS ssl.protocol = TLS ssl.provider = null ssl.secure.random.implementation = null ssl.trustmanager.algorithm = PKIX ssl.truststore.location = null ssl.truststore.password = null ssl.truststore.type = JKS 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name connections-closed: 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name connections-created: 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name bytes-sent-received: 15:42:18.548 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name bytes-sent: 15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name bytes-received: 15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name select-time: 15:42:18.549 [main] DEBUG org.apache.kafka.common.metrics.Metrics - Added sensor with name io-time: 15:42:18.549 [main] DEBUG org.apache.kafka.clients.Metadata - Updated cluster metadata version 1 to Cluster(id = null, nodes = [localhost:9092 (id: -1 rack: null)], partitions = []) 15:42:18.550 [main] WARN org.apache.kafka.clients.admin.AdminClientConfig - The configuration 'sasl.jaas.config' was supplied but isn't a known config. 15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka version : 0.11.0.1 15:42:18.550 [main] INFO org.apache.kafka.common.utils.AppInfoParser - Kafka commitId : c2a0d5f9b1f45bf5 {code} My code to generate my admin client is: {code:java} public static AdminClient getAdminClient() { Properties adminProps = new Properties(); adminProps.put(AdminClientConfig.BOOTSTRAP_SERVERS_CONFIG, Optional.ofNullable(System.getenv("KAFKA_BOOTSTRAP_SERVERS")).orElse("localhost:9092")); adminProps.put(AdminClientConfig.SECURITY_PROTOCOL_CONFIG, Optional.ofNullable(System.getenv("SECURITY_PROTOCOL")).orElse("PLAINTEXT")); adminProps.put(SaslConfigs.SASL_JAAS_CONFIG, Optional.ofNullable(System.getenv("SASL_JAAS_CONFIG")).orElse("")); return AdminClient.create(adminProps); } {code} If you feel that WARN is okay, we can close the JIRA, otherwise maybe we should rename the JIRA and address the WARN? > Kafka AdminClient does not support standard security settings > ------------------------------------------------------------- > > Key: KAFKA-5993 > URL: https://issues.apache.org/jira/browse/KAFKA-5993 > Project: Kafka > Issue Type: Bug > Affects Versions: 0.11.0.1 > Reporter: Stephane Maarek > > Kafka Admin Client does not support basic security configurations, such as > "sasl.jaas.config". > Therefore it makes it impossible to use against a secure cluster > ``` > 14:12:12.948 [main] WARN org.apache.kafka.clients.admin.AdminClientConfig - > The configuration 'sasl.jaas.config' was supplied but isn't a known config. > ``` -- This message was sent by Atlassian JIRA (v6.4.14#64029)