Does it support ACL

Question

Does it support ACL

Closed this issue 5 years ago · 5 comments

Hello,

first this looks great, thanks for it.

Second, is there a way to add support for Kafka's ACL on the consumer and producer commands ( all would be great too ) in the config file or somewhere we don't need to retype?

Cheers

Answer 1 · 2019-03-22T20:04:31.000Z

Hey @cfontes -- thank you very much!!

So, what support are you looking for? Can you give an example of the stuff you would like to skip typing on kafka-acls? I don't use that command much so I'm fairly unaware of the things that you have to repeatedly type. We can definitely add what you're looking for, though! 😄

Answer 2 · 2019-03-25T16:57:30.000Z

Hey @devshawn, basically when you are using kafka-console-consumer or producer in a topic with ACL on it you have to do this:

--consumer-property sasl.mechanism=PLAIN
--consumer-property security.protocol=SASL_SSL
--consumer-property ssl.truststore.location= ....
--consumer-property ssl.truststore.password= .....
--consumer-property ssl.enabled.protocols=TLSv1.2
--consumer-property ssl.cipher.suites=TLS_ECDHE_ECDSA_WITH_AES_256 ....
--consumer-property ssl.truststore.type=JKS
--consumer-property ssl.secure.random.implementation=........
--consumer-property ssl.endpoint.identification.algorithm="" \

But this is not available in all kafka shell commands, so there is also a way to setup a file that you import before running the kafka shell scripts so ACL kicks in and you can talk to the cluster.

Answer 3 · 2019-03-25T19:56:46.000Z

Hey @cfontes! Ah, yes! So, right now, kafka-console-consumer and kafka-console-producer (and the avro variants) can take the properties file as a part of the configuration of kafka-shell.

If you put those properties in a properties file, such as config.properties:

security.protocol=SASL_SSL
ssl.enabled.protocols=TLSv1.2 
ssl.truststore.type=JKS

You can then set up your kafka-shell config (in ~/.kafka-shell/config.yaml) to look like this:

...
clusters:
  my-cluster:
    bootstrap_servers: localhost:9092
    zookeeper_connect: localhost:2181
    schema_registry_url: http://localhost:8081
    ksql_server_url: http://localhost:8081
    consumer_settings:
      config: config.properties
    producer_settings:
      config: config.properties

Then, it will automatically add --consumer.config and --producer.config when you use the consumer/producer commands. This is detailed a bit more in CONFIGURATION.md. Note that the paths given above would be relative so wherever you started the shell, so you may want to configure them as absolute paths. Is that what you're looking for? :)

In the next release, I'm planning to add the ability to configure the --command-config (which takes a similar properties file, used in commands like kafka-acls).

Answer 4 · 2019-03-25T20:25:42.000Z

Hey, great, RTFM right...

I will give it a try!

Answer 5 · 2019-03-27T18:21:55.000Z

Let me know how it goes!