search

Qarik-Group / kafka-service-broker

Open Service Broker to share an Apache Kafka cluster
5 stars 4 forks source link

How to add new user in Kafka through Service Broker #4

Open cfmagnum opened 7 years ago

cfmagnum commented 7 years ago

I want to create new user in kafka while binding an kafka instance with any cf application. So that kafka instance endpoint should be authenticated one.

How can I do this?

drnic commented 7 years ago

You're right, we should be using any authentication that's setup for Kafka.

If a target Kafka did support authentication, then it would be the creation of the binding that setup the user + authentication and provided it back to each application instance/service key.

drnic commented 6 years ago

@cfmagnum if you're running your own Zookeeper/Kafka cluster, can you confirm how you are setting up authentication?

cfmagnum commented 6 years ago

Thanks @drnic.

I am using Kafka SSL with ACLs for authentication. Referring following link.

https://developer.ibm.com/hadoop/2016/07/20/kafka-acls/

cfmagnum commented 6 years ago

I have more scenarios to understand the broker scope while interacting with Kafka Service using Kafka SSL + ACL.

I want to understand What has been / has to be - tried or considered to overcome these type of problem statement.

  1. Create Service Instance: Here, I am creating a topic-T1 into the zoo Keeper.
  2. Bind App-A1 with user-U1[SSL] to Service Instance – T1 => I am adding ACL for the U1 user with A1 app : Allowing to be Producer or Consumer
  3. Now Bind App-A2 with again User-U1 to same Service Instance –T1 . => I am adding ACL for same user U1 with A2 app : Allowing to be producer or Consumer.

Now in terms of the above scenarios, there will be a case where A producer with one topic-‘xyz’[T1] will be there, & many consumer will be there for same topic-‘xyz’[T1]

As per the life cycle, Service broker has no role after the bind .

  1. But when we Try to Unbind the App-A2, then the ACL – records or metadata of User U1 from the zookeeper will be removed , which will end up the App-A1 will not work.[being producer or consumer]

Note : U1 User creation [SSL] are not part of Service broker Life cycle.

Please help me to overcome this problem and please suggest how can I add/remove ACLs while bind/unbind methods of kafka-service-broker.