Git Product home page Git Product logo

Comments (8)

everesio avatar everesio commented on June 13, 2024

this is already supported. if neither local sasl nor sasl by proxy is configured, sasl will passed to broker.

from kafka-proxy.

ms5838 avatar ms5838 commented on June 13, 2024

Thank you for your response. It appears this works the way you described if the kafka proxy's client chooses SASL_PLAINTEXT as the security protocol. Its failing with following error with SASL_SSL

Reading data from local connection on 127.0.0.1:3904 from 127.0.0.1:51253 (xxxx.xx.xx.com:9093) had error: api key -19711 is invalid

Port 9093 is SSL listener port on the Kafka broker.

If security protocol setting is not set at all in the client code, it results in following

Reading data from xxxx.xx.xx.com:9093 had error: unexpected EOF

from kafka-proxy.

Ladjack7 avatar Ladjack7 commented on June 13, 2024

The same issue, api key -19711 is invalid
security.protocol on broker side is SASL_SSL
@everesio is there any plan for the future releases to implicitly set security protocol setting?

from kafka-proxy.

sarwarbhuiyan avatar sarwarbhuiyan commented on June 13, 2024

I've had the same experience, what are we missing from the client or proxy command?

from kafka-proxy.

bitkill avatar bitkill commented on June 13, 2024

Same here, setting no sasl config in the proxy leads to no connection at all.

from kafka-proxy.

hareacc avatar hareacc commented on June 13, 2024

@bitkill , I already spend more then 30 hours to setup this but due to combination of various configuration on client, cluster and proxy end, It was long to setup but your one comment "no connection at all without sasl config on proxy" end my struggle. Thanks,

from kafka-proxy.

mrn3 avatar mrn3 commented on June 13, 2024

Is this issue still a problem? I am a bit confused by the discussion.

My situation is that I am able to use the kafka utilities to connect using a config like this:

client.id=event-hub
ssl.protocol=TLSv1.3   
ssl.enabled.protocols=TLSv1.3  
security.protocol=SASL_SSL 
sasl.mechanism=OAUTHBEARER 
sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required; 
sasl.login.callback.handler.class=com.adobe.core.pipeline.kafka.security.client.auth.ImsClientCallbackHandler  
sasl.ims.url=https://ims-na1.adobelogin.com
sasl.ims.secret.type=DIRECT
sasl.ims.secret.client.id=event-hub
sasl.ims.secret.client.secret=<redacted>
sasl.ims.secret.client.code=<redacted>
metric.reporters=org.apache.kafka.common.metrics.JmxReporter

And I can then run commands like:

./bin/kafka-console-consumer.sh --consumer.config config/consumer.properties --topic project-management_outbox_fullstate --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --from-beginning

./bin/kafka-broker-api-versions.sh --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --command-config config/consumer.properties

./bin/kafka-topics.sh --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --command-config config/consumer.properties --list

./bin/kafka-get-offsets.sh --bootstrap-server kafka-1-az1-or2-secure.prd.pipeline.adobedc.net:9097 --command-config config/consumer.properties

However, I am not sure how to connect with kafka-proxy in the same way. Does it support passing through SASL parameters? Does it support a custom callback handler function (which I have to put a JAR file in the libs folder for)?

from kafka-proxy.

DaspawnW avatar DaspawnW commented on June 13, 2024

Hi @everesio,

I can only confirm what the previous writers say. It seems that when the kafka brokers are configured in a way that sasl is not running over plaintext and it's configured to do only forwarding the requests seem to hang.

Even though I try to set some sasl-method or enable sasl (which doesn't work as it now requires sasl.username and sasl.password) the mechanism seems not to work. The only exception that I see is this one:

{"@level":"info","@message":"New connection for kafka-cluster-1-kafka-0.kafka-cluster-1-kafka-brokers.kafka-cluster-1.svc.cluster.local:9093","@timestamp":"2023-09-22T10:56:46Z"}
{"@level":"debug","@message":"Kafka request key 17, version 0, length 40","@timestamp":"2023-09-22T10:56:46Z"}
{"@level":"debug","@message":"Kafka response key 17, version 0, length 25","@timestamp":"2023-09-22T10:56:46Z"}
{"@level":"info","@message":"Reading data from kafka-cluster-1-kafka-0.kafka-cluster-1-kafka-brokers.kafka-cluster-1.svc.cluster.local:9093 had error: open request is missing","@timestamp":"2023-09-22T10:56:51Z"}

from kafka-proxy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.