Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-10451

system tests send large command over ssh instead of using remote file for security config

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: system tests
    • Labels:
      None

      Description

      In `kafka.py` the pattern used to supply security configuration information to remote CLI tools is to send the information as part of the ssh command. For example, see this --command-config definition:

      {{Running ssh command: export KAFKA_OPTS="-Djava.security.auth.login.config=/mnt/security/admin_client_as_broker_jaas.conf -Djava.security.krb5.conf=/mnt/security/krb5.conf"; /opt/kafka-dev/bin/kafka-configs.sh --bootstrap-server worker2:9095 --command-config <(echo '
      ssl.endpoint.identification.algorithm=HTTPS
      sasl.kerberos.service.name=kafka
      security.protocol=SASL_SSL
      ssl.keystore.location=/mnt/security/test.keystore.jks
      ssl.truststore.location=/mnt/security/test.truststore.jks
      ssl.keystore.password=test-ks-passwd
      sasl.mechanism=SCRAM-SHA-256
      ssl.truststore.password=test-ts-passwd
      ssl.key.password=test-ks-passwd
      sasl.mechanism.inter.broker.protocol=GSSAPI
      ') --entity-name kafka-client --entity-type users --alter --add-config SCRAM-SHA-256=[password=client-secret]}}

      This ssh command length is getting pretty big. It would be best if this referred to a file as opposed to sending in the file contents as part of the ssh command.

      This happens in a few places in `kafka/py` and should be rectified.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              rndgstn Ron Dagostino
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: