Build a java jaas config file to tell the kafka event consumer to use…

… sasl to authenticate against msk
RedHatInsights · Dec 13, 2023 · bbfc1c2 · bbfc1c2
1 parent 07c1107
commit bbfc1c2
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 0 deletions.
diff --git a/deploy/connect-msk.yaml b/deploy/connect-msk.yaml
@@ -329,8 +329,13 @@ objects:
           app: playbook-dispatcher
           pod: playbook-dispatcher-event-consumer
       spec:
+
         containers:
         - command:
+          - /bin/sh
+          - /build_kafka_consumer_config.sh
+          - /tmp/temp-files/kafka-jaas.conf
+          - &&
           - /opt/kafka/bin/kafka-console-consumer.sh
           - --bootstrap-server
           - ${KAFKA_BOOTSTRAP_HOST}
@@ -339,6 +344,8 @@ objects:
           - ${EVENT_CONSUMER_GROUP}
           - --topic
           - ${EVENT_CONSUMER_TOPIC}
+          - --consumer.config
+          - /tmp/temp-files/kafka-jaas.conf
           image: ${KAFKA_CONNECT_IMAGE}:${IMAGE_TAG}
           name: playbook-dispatcher-event-consumer
           resources:
@@ -348,6 +355,24 @@ objects:
             limits:
               cpu: 200m
               memory: 256Mi
+          env:
+          - name: KAFKA_USERNAME
+            valueFrom:
+              secretKeyRef:
+                key: client_id
+                name: app-auth
+          - name: KAFKA_SECRET
+            valueFrom:
+              secretKeyRef:
+                key: client_secret
+                name: app-auth
+          volumeMounts:
+            - name: volume-temp
+              mountPath: /tmp/temp-files
+        volumes:
+          - name: volume-temp
+            emptyDir: {}
+
 
 # this service is only used in ephemeral to give the ephemeral kafka a stable address
 - apiVersion: v1

diff --git a/event-streams/Dockerfile b/event-streams/Dockerfile
@@ -40,6 +40,7 @@ RUN microdnf install jq
 
 COPY event-streams/check-connectors.sh /
 COPY examples/connector-local.json /
+COPY event-streams/build_kafka_consumer_config.sh /
 
 RUN mkdir -p ${CONNECT_PLUGIN_PATH} /opt/kafka/custom-config/
 

diff --git a/event-streams/build_kafka_consumer_config.sh b/event-streams/build_kafka_consumer_config.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+
+JAAS_FILE=$1
+
+cat <<HERE > $JAAS_FILE
+sasl.mechanism=SCRAM-SHA-512
+security.protocol=SASL_SSL
+sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \
+  username="$KAFKA_USERNAME" \
+  password="$KAFKA_SECRET";
+HERE
+