Does it support ACL
Closed this issue · 5 comments
Hello,
first this looks great, thanks for it.
Second, is there a way to add support for Kafka's ACL on the consumer and producer commands ( all would be great too ) in the config file or somewhere we don't need to retype?
Cheers
Hey @cfontes -- thank you very much!!
So, what support are you looking for? Can you give an example of the stuff you would like to skip typing on kafka-acls
? I don't use that command much so I'm fairly unaware of the things that you have to repeatedly type. We can definitely add what you're looking for, though! 😄
Hey @devshawn, basically when you are using kafka-console-consumer or producer in a topic with ACL on it you have to do this:
--consumer-property sasl.mechanism=PLAIN
--consumer-property security.protocol=SASL_SSL
--consumer-property ssl.truststore.location= ....
--consumer-property ssl.truststore.password= .....
--consumer-property ssl.enabled.protocols=TLSv1.2
--consumer-property ssl.cipher.suites=TLS_ECDHE_ECDSA_WITH_AES_256 ....
--consumer-property ssl.truststore.type=JKS
--consumer-property ssl.secure.random.implementation=........
--consumer-property ssl.endpoint.identification.algorithm="" \
But this is not available in all kafka shell commands, so there is also a way to setup a file that you import before running the kafka shell scripts so ACL kicks in and you can talk to the cluster.
Hey @cfontes! Ah, yes! So, right now, kafka-console-consumer
and kafka-console-producer
(and the avro variants) can take the properties file as a part of the configuration of kafka-shell
.
If you put those properties in a properties file, such as config.properties
:
security.protocol=SASL_SSL
ssl.enabled.protocols=TLSv1.2
ssl.truststore.type=JKS
You can then set up your kafka-shell
config (in ~/.kafka-shell/config.yaml
) to look like this:
...
clusters:
my-cluster:
bootstrap_servers: localhost:9092
zookeeper_connect: localhost:2181
schema_registry_url: http://localhost:8081
ksql_server_url: http://localhost:8081
consumer_settings:
config: config.properties
producer_settings:
config: config.properties
Then, it will automatically add --consumer.config
and --producer.config
when you use the consumer/producer commands. This is detailed a bit more in CONFIGURATION.md. Note that the paths given above would be relative so wherever you started the shell, so you may want to configure them as absolute paths. Is that what you're looking for? :)
In the next release, I'm planning to add the ability to configure the --command-config
(which takes a similar properties file, used in commands like kafka-acls
).
Hey, great, RTFM right...
I will give it a try!
Let me know how it goes!