-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/schema-registry] keystore is not mandatory for SASL_SSL protocol #71059
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Miguel Sotomayor <[email protected]> Signed-off-by: masfworld <[email protected]>
abfc253
to
a0a8130
Compare
Signed-off-by: Miguel Sotomayor <[email protected]>
…ithub.com-masfworld:masfworld/bitnami-containers into sasl_ssl_no_keystore
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @masfworld,
Thank you for your contribution!
I would like to ask several questions:
- How does schema-registry not need certificates (keystore) when SASL_SSL protocol is used?
- What is the reason to add the
[[ -v "$SCHEMA_REGISTRY_CERTS_DIR" ]]
conditional? The environment variable 'SCHEMA_REGISTRY_CERTS_DIR' is configured by default, so what would be the scenario where it could be empty?
Hi @migruiz4 👋
Username and password should be enough for Kafka authentication. Confluent Schema Registry official docker image doesn't require a keystore for
The same reason, |
We are just waiting for a review on this PR |
This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution. |
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary. |
Can you approve the PR #71059 |
BTW if your running SASL_SSL for an EXTERNAL KAFKA provider, why would you need certs?
now if your running kafka local, then you would need certs, either signed or self-signed, i think the config does not make all combos clear... |
This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution. |
Description of the change
There are multiple protocols for security to connect Schema Registry to Kafka.
SASL_SSL
is one of them. Before this change, a keystore is mandatory to useSASL_SSL
protocol. This change fixes that requirement. So, keystore won't be a requirement forSASL_SSL
anymorePossible drawbacks
Applicable issues
Additional information
This code has been tested using AWS MSK with
SASL_SSL
protocol, with the following configuration