Kafka Authenticaion Mechanism for AWS differs from IBM Cloud

rtclauss commented 2 years ago

When using IBM EventStreams/Kafka the authentication mechanism is via username/password using the PLAIN SASL Mechanism. This can be partially seen in microprofile-config.properties:

...
mp.messaging.connector.liberty-kafka.sasl.mechanism=PLAIN
...
mp.messaging.connector.liberty-kafka.sasl.jaas.config=default-value

However, Amazon MSK uses a different set of SASL mechanisms as outlined below:

...
mp.messaging.connector.liberty-kafka.sasl.mechanism=SCRAM-SHA-512
mp.messaging.connector.liberty-kafka.sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required
...
#mp.messaging.connector.liberty-kafka.sasl.jaas.config=default-value

Azure Event Hubs can make use of the same, PLAIN, configuration or it can use OAUTHBEARER tokens with callback.

bootstrap.servers=NAMESPACENAME.servicebus.windows.net:9093
security.protocol=SASL_SSL
sasl.mechanism=OAUTHBEARER
sasl.jaas.config=org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required;
sasl.login.callback.handler.class=CustomAuthenticateCallbackHandler;

We need a generic mechanism to specify the SASL configuration for Kafka.

rtclauss commented 2 years ago

Related issue in portfolio

rtclauss commented 11 months ago

Maybe make the SASL_MECHANISM and JAAS class environment variables/secrets?

IBMStockTrader / trade-history

Kafka Authenticaion Mechanism for AWS differs from IBM Cloud #62