Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9570

SSL cannot be configured for Connect in standalone mode



    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.1.1, 2.0.2, 2.3.0, 2.1.2, 2.2.1, 2.2.2, 2.4.0, 2.3.1, 2.2.3, 2.5.0, 2.3.2, 2.4.1
    • Fix Version/s: 2.6.0, 2.4.2, 2.5.1
    • Component/s: KafkaConnect
    • Labels:


      When Connect is brought up in standalone, if the worker config contains any properties that begin with the listeners.https. prefix, SSL will not be enabled on the worker.

      This is because the relevant SSL configs are only defined in the distributed worker config instead of the superclass worker config. This, in conjunction with a call to AbstractConfig::valuesWithPrefixAllOrNothing, causes all configs not defined in the WorkerConfig used by the worker to be silently dropped when the worker configures its REST server if there is at least one config present with the listeners.https. prefix.

      Unfortunately, the workaround of specifying all SSL configs without the listeners.https. prefix will also fail if any passwords need to be specified. This is because the password values in the Map returned from AbstractConfig::valuesWithPrefixAllOrNothing aren't parsed as passwords, but the framework expects them to be. However, if no keystore, truststore, or key passwords need to be configured, then it should be possible to work around the issue by specifying all of those configurations without a prefix (as long as they don't conflict with any other configs in that namespace).


          Issue Links



              • Assignee:
                ChrisEgerton Chris Egerton
                ChrisEgerton Chris Egerton
                Randall Hauch
              • Votes:
                0 Vote for this issue
                4 Start watching this issue


                • Created: