Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL and Basic Auth support for Schema Registry connection #307

Open
whatsupbros opened this issue Mar 10, 2021 · 1 comment
Open

SSL and Basic Auth support for Schema Registry connection #307

whatsupbros opened this issue Mar 10, 2021 · 1 comment

Comments

@whatsupbros
Copy link

whatsupbros commented Mar 10, 2021
edited
Loading

Currently, I am not able to connect to Schema Registry over HTTPS, because SSL certificate does not seem to be used for it:

$ ./kafkacat -b $KAFKA_BROKER_HOST:$KAFKA_BROKER_PORT \
> -t my_topic \
> -s value=avro \
> -r https://$KAFKA_API_KEY:$KAFKA_API_SECRET@$KAFKA_SCHEMA_REGISTRY_HOST:$KAFKA_SCHEMA_REGISTRY_PORT \
> -X security.protocol=SASL_SSL \
> -X sasl.mechanisms=PLAIN \
> -X sasl.username="$KAFKA_API_KEY" -X sasl.password="$KAFKA_API_SECRET" \
> -X ssl.keystore.location=$KAFKA_KEYSTORE_P12_LOCATION \
> -X ssl.keystore.password=$KAFKA_KEYSTORE_PASSPHRASE \
> -X ssl.key.password=$KAFKA_KEY_PASSPHRASE \
> -X enable.ssl.certificate.verification=false \
> -C \
> -o beginning
% ERROR: Failed to format message in my_topic [0] at offset 2: Avro/Schema-registry message deserialization: REST request failed (code -1): HTTP request failed: SSL peer certificate or SSH remote key was not OK : terminating

It would be nice to be able to specify SSL certificates to be used for the Schema Registry connection via some properties, as well as Basic Auth credentials. Something similar to what is possible with kafka-avro-console-consumer:

export SCHEMA_REGISTRY_OPTS="-Djavax.net.ssl.keyStore=$KAFKA_KEYSTORE_LOCATION -Djavax.net.ssl.trustStore=$KAFKA_TRUSTSTORE_LOCATION -Djavax.net.ssl.keyStorePassword=$KAFKA_KEYSTORE_PASSPHRASE -Djavax.net.ssl.trustStorePassword=$KAFKA_TRUSTSTORE_PASSPHRASE"

./kafka-avro-console-consumer
...
--property schema.registry.url=https://$KAFKA_SCHEMA_REGISTRY_HOST:$KAFKA_SCHEMA_REGISTRY_PORT \
--property schema.registry.basic.auth.user.info="$KAFKA_API_KEY:$KAFKA_API_SECRET" \
--property basic.auth.credentials.source=USER_INFO \
...
@sachincool
Copy link

I guess, you can try
docker run --rm edenhill/kafkacat:1.6.0 -b -C -t -X security.protocol=SASL_SSL -X sasl.mechanism=PLAIN -X sasl.username=username -X sasl.password=password -o beginning -r https://username:password@schemaregistryurl/ -s key=s -s value=avro
worked for me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@whatsupbros @sachincool