search

IBMStockTrader / portfolio

Microservice implemented with MicroProfile that persists stock portfolios to JDBC (such as DB2)
Apache License 2.0
7 stars 60 forks source link

Kafka Authenticaion Mechanism for AWS differs from IBM Cloud #46

Closed rtclauss closed 6 months ago

rtclauss commented 2 years ago

When using IBM EventStreams/Kafka the authentication mechanism is via username/password using the PLAIN SASL Mechanism. This can be partially seen in EventStreamsProducer.java:

...
        properties.put(SaslConfigs.SASL_MECHANISM, "PLAIN");
        properties.put(SaslConfigs.SASL_JAAS_CONFIG, "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"" + USERNAME + "\" password=\"" + API_KEY + "\";");
 ...

However, Amazon MSK uses a different set of SASL mechanisms as outlined below:

...
        properties.put(SaslConfigs.SASL_MECHANISM, "SCRAM-SHA-512");
        properties.put(SaslConfigs.SASL_JAAS_CONFIG, "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"" + USERNAME + "\" password=\"" + API_KEY + "\";");
...

Azure Event Hubs can make use of the same, PLAIN, configuration or it can use OAUTHBEARER tokens with callback.

We need a generic mechanism to specify the SASL configuration for Kafka.

rtclauss commented 2 years ago

Related issue in trade-history

rtclauss commented 1 year ago

Maybe make the SASL_MECHANISM and JAAS class environment variables/secrets?

jwalcorn commented 6 months ago

Fixed this several months ago