[KAFKA-9570] SSL cannot be configured for Connect in standalone mode - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0, 2.0.1, 2.1.0, 2.2.0, 2.1.1, 2.0.2, 2.3.0, 2.1.2, 2.2.1, 2.2.2, 2.4.0, 2.3.1, 2.2.3, 2.5.0, 2.3.2, 2.4.1
Fix Version/s: 2.6.0, 2.4.2, 2.5.1
Component/s: connect
Labels:
None

Description

When Connect is brought up in standalone, if the worker config contains any properties that begin with the listeners.https. prefix, SSL will not be enabled on the worker.

This is because the relevant SSL configs are only defined in the distributed worker config instead of the superclass worker config. This, in conjunction with a call to AbstractConfig::valuesWithPrefixAllOrNothing, causes all configs not defined in the WorkerConfig used by the worker to be silently dropped when the worker configures its REST server if there is at least one config present with the listeners.https. prefix.

Unfortunately, the workaround of specifying all SSL configs without the listeners.https. prefix will also fail if any passwords need to be specified. This is because the password values in the Map returned from AbstractConfig::valuesWithPrefixAllOrNothing aren't parsed as passwords, but the framework expects them to be. However, if no keystore, truststore, or key passwords need to be configured, then it should be possible to work around the issue by specifying all of those configurations without a prefix (as long as they don't conflict with any other configs in that namespace).

Attachments

Issue Links

links to

GitHub Pull Request #8135

Activity

People

Assignee:: Chris Egerton

Reporter:: Chris Egerton

Reviewer:: Randall Hauch

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Feb/20 21:25

Updated:: 05/Jun/20 21:47

Resolved:: 05/Jun/20 21:47