Hi Team,
I have implemented Basic auth validation for Kafka Connect REST Interface.
I noticed that the worker process needs the password file only till the
time first query is made to the REST Interface. Post the first query even
if we delete the file containing password , we can keep querying the REST
interface without any issues.
e.g.
1.Start the distributed worker.
2.Make a query like curl --user <username> -k https://
<host>:<port>/connectors
3.Delete the password file specified in the Jaas config
4.Make another query with curl and the output is still delivered.
On the other hand :
1.Start the distributed worker.
2.Delete the password file specified in the Jaas config
3. Make a query like curl --user <username> -k https://<host>:<port>/connectors
4. user unauthorized error comes up.
What I feel is that the REST Interface caches the credentials post the
first time any query is made to the worker and then uses the same till the
lifetime of the worker process.* Could you please validate this
understanding*
*MY CONFIG DETAILS ARE BELOW*
*Updating below in the distributed worker : *
rest.extension.classes=org.apache.kafka.connect.rest.basic.auth.extension.BasicAuthSecurityRestExtension
*and creating a jaas config *
KafkaConnect {
org.apache.kafka.connect.rest.basic.auth.extension.PropertyFileLoginModule
required
file="connect.password";
};
*Updating userid password in the file connect.password *
Regards
Ashish
