-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added dynamic SSL initialization support for the Kafka client #12249
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #12249 +/- ##
============================================
+ Coverage 61.51% 61.59% +0.07%
+ Complexity 1153 1152 -1
============================================
Files 2416 2417 +1
Lines 131179 131367 +188
Branches 20246 20262 +16
============================================
+ Hits 80691 80911 +220
+ Misses 44595 44550 -45
- Partials 5893 5906 +13
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
f11fe45
to
2b9dcdf
Compare
...tion/pinot-kafka-2.0/src/main/java/org/apache/pinot/plugin/stream/kafka20/KafkaSSLUtils.java
Outdated
Show resolved
Hide resolved
...tion/pinot-kafka-2.0/src/main/java/org/apache/pinot/plugin/stream/kafka20/KafkaSSLUtils.java
Show resolved
Hide resolved
...tion/pinot-kafka-2.0/src/main/java/org/apache/pinot/plugin/stream/kafka20/KafkaSSLUtils.java
Show resolved
Hide resolved
...tion/pinot-kafka-2.0/src/main/java/org/apache/pinot/plugin/stream/kafka20/KafkaSSLUtils.java
Show resolved
Hide resolved
...tion/pinot-kafka-2.0/src/main/java/org/apache/pinot/plugin/stream/kafka20/KafkaSSLUtils.java
Outdated
Show resolved
Hide resolved
.../pinot-kafka-2.0/src/test/java/org/apache/pinot/plugin/stream/kafka20/KafkaSSLUtilsTest.java
Show resolved
Hide resolved
2b9dcdf
to
bf11077
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
bf11077
to
26f8bf6
Compare
Description
Added support to dynamically initialize the Kafka client SSL configs based on the configuration passed as part of the streamConfigs. Support is added for one-way SSL (client validates the servers certificate) and two-way SSL( client validates the servers certificate and the server validates the clients certificate).
Configuration
One-way SSL is enabled when the table config contains the following configuration.
The server certificate should be passed via the
streamConfigs
by setting the following key in base64 encoded format.Two-way SSL is enabled when the table config contains the following configuration in addition to the config required to enable one-way SSL.
The client certificate and key should be passed via the
streamConfigs
by setting the following key in base64 encoded format.Certificate Renewal
The certificates can be renewed by updating the certificate entries in the table configs. The Pinot API
forceCommit
can be called to flush out the current consuming segments and start new Kafka consumers. This process would update the certificates if the certificates have changed.Testing
Tested e2e by connecting to a test cluster from Aiven which supports two-way SSL based Kafka clusters.