Comments (8)
this is already supported. if neither local sasl nor sasl by proxy is configured, sasl will passed to broker.
from kafka-proxy.
Thank you for your response. It appears this works the way you described if the kafka proxy's client chooses SASL_PLAINTEXT as the security protocol. Its failing with following error with SASL_SSL
Reading data from local connection on 127.0.0.1:3904 from 127.0.0.1:51253 (xxxx.xx.xx.com:9093) had error: api key -19711 is invalid
Port 9093 is SSL listener port on the Kafka broker.
If security protocol setting is not set at all in the client code, it results in following
Reading data from xxxx.xx.xx.com:9093 had error: unexpected EOF
from kafka-proxy.
The same issue, api key -19711 is invalid
security.protocol on broker side is SASL_SSL
@everesio is there any plan for the future releases to implicitly set security protocol setting?
from kafka-proxy.
I've had the same experience, what are we missing from the client or proxy command?
from kafka-proxy.
Same here, setting no sasl config in the proxy leads to no connection at all.
from kafka-proxy.
@bitkill , I already spend more then 30 hours to setup this but due to combination of various configuration on client, cluster and proxy end, It was long to setup but your one comment "no connection at all without sasl config on proxy" end my struggle. Thanks,
from kafka-proxy.
Is this issue still a problem? I am a bit confused by the discussion.
My situation is that I am able to use the kafka utilities to connect using a config like this:
client.id=event-hub
ssl.protocol=TLSv1.3
ssl.enabled.protocols=TLSv1.3
security.protocol=SASL_SSL
sasl.mechanism=OAUTHBEARER
sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;
sasl.login.callback.handler.class=com.adobe.core.pipeline.kafka.security.client.auth.ImsClientCallbackHandler
sasl.ims.url=https://ims-na1.adobelogin.com
sasl.ims.secret.type=DIRECT
sasl.ims.secret.client.id=event-hub
sasl.ims.secret.client.secret=<redacted>
sasl.ims.secret.client.code=<redacted>
metric.reporters=org.apache.kafka.common.metrics.JmxReporter
And I can then run commands like:
./bin/kafka-console-consumer.sh --consumer.config config/consumer.properties --topic project-management_outbox_fullstate --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --from-beginning
./bin/kafka-broker-api-versions.sh --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --command-config config/consumer.properties
./bin/kafka-topics.sh --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --command-config config/consumer.properties --list
./bin/kafka-get-offsets.sh --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --command-config config/consumer.properties
However, I am not sure how to connect with kafka-proxy in the same way. Does it support passing through SASL parameters? Does it support a custom callback handler function (which I have to put a JAR file in the libs folder for)?
from kafka-proxy.
Hi @everesio,
I can only confirm what the previous writers say. It seems that when the kafka brokers are configured in a way that sasl is not running over plaintext and it's configured to do only forwarding the requests seem to hang.
Even though I try to set some sasl-method or enable sasl (which doesn't work as it now requires sasl.username and sasl.password) the mechanism seems not to work. The only exception that I see is this one:
{"@level":"info","@message":"New connection for kafka-cluster-1-kafka-0.kafka-cluster-1-kafka-brokers.kafka-cluster-1.svc.cluster.local:9093","@timestamp":"2023-09-22T10:56:46Z"}
{"@level":"debug","@message":"Kafka request key 17, version 0, length 40","@timestamp":"2023-09-22T10:56:46Z"}
{"@level":"debug","@message":"Kafka response key 17, version 0, length 25","@timestamp":"2023-09-22T10:56:46Z"}
{"@level":"info","@message":"Reading data from kafka-cluster-1-kafka-0.kafka-cluster-1-kafka-brokers.kafka-cluster-1.svc.cluster.local:9093 had error: open request is missing","@timestamp":"2023-09-22T10:56:51Z"}
from kafka-proxy.
Related Issues (20)
- TLS extract CN and lookup on LDAP for SASL
- cannot connect to aws kafka from on-prem server with SASL_SSL enabled HOT 2
- Simple use case to connect docker compose container to remote vpn kafka cluster over socks5a proxy via ssh HOT 1
- Pod startup issue after version 0.3.3-all HOT 3
- CVE-2023-37788 - github.com/elazarl/goproxy HOT 3
- AWS MSK Serverless - had error: api key -13567 is invalid HOT 4
- updating to tag 0.3.7-all from 0.3.3-all getting error auth-local-command HOT 1
- [Question] Can I attach 3 bootstrap server endpoints to a single port? HOT 1
- [Question] If my Kafka brokers are running version 2.8.1, should I be using kafka-proxy version 0.2.9? HOT 1
- "Metadata" request (ApiKey=3 and ApiVersion=5) in the Kafka Proxy is not following the protocol structure defined by Kafka protocol guide HOT 1
- [Question] is there a plan to release a Java implementation of Kafka Proxy ? HOT 1
- [Need Help] Sending Custom METADATA response through Kafka Proxy
- [Question] is there a plan to support HTTPS proxy ?
- will there be an update to resovle 7 vulnerabilitys
- tls: failed to parse private key AWS MSK HOT 6
- bad performance when executing kafka-producer-perf-test.sh HOT 3
- Can not use grepplabs/kafka-proxy ARM image as base image HOT 1
- one port mapping to 6 broker HOT 2
- AWS Invalid API Key. What did I miss ?
- tls: failed to parse private key HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kafka-proxy.