[bitnami/kafka] The Kafka chart does not generate proper JAAS config

[Dwijad]

Name and Version

bitnami/kafka 26.6.2

What architecture are you using?

amd64

What steps will reproduce the bug?

Generated secret for SASL authentication:

# k create secret generic kafka-client-secret --from-literal=client-passwords=password --from-literal=inter-broker-password=password --from-literal=inter-broker-client-secret=password --from-literal=controller-password=password --from-literal=controller-client-secret=password

Configured SASL authentication using following config

...
...
sasl:
  enabledMechanisms: PLAIN,SCRAM-SHA-256,SCRAM-SHA-512
  interBrokerMechanism: PLAIN
  controllerMechanism: PLAIN
  interbroker:
    user: broker

  controller:
    user: controller

  client:
    users: 
      - user1

  existingSecret: "kafka-client-secret"
...
...

Are you using any custom parameters or values?

No

What is the expected behavior?

I should see the following line in the kafka server properties file in the client SASL JAAS configuration section.

...
...
listener.name.client.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="user1" password="password";
...
...

What do you see instead?

...
...
listener.name.client.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required user_user1="password";
...
...

Additional information

No response

[Dwijad]

I can confirm _helpers.tplis not generating correct SASL JAAS config for the kafka server. I have added a single line of code after line no 653 and now the kafka server is generating correct JAAS configuration in the server.properties file.

{{- $saslJaasConfig = append $saslJaasConfig (printf "username=\"%s\" password=\"password-placeholder-%d\"" $user (int $i)) }}

Now the kafka connect is able to connect to the kafka server using kafka client JAAS config which looks like:

KafkaClient {
    org.apache.kafka.common.security.plain.PlainLoginModule required username="user1" password="password";
};
export KAFKA_OPTS=-Djava.security.auth.login.config=/u01/cnfkfk/etc/ssl/kafka_client_jaas.conf

Earlier i used to get the folllowing error while connecting from kafka connect which is obviously due to the password not being set correctly in kafka server.properties file.

Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user.

I have not tested the modified code for multiple SASL users.

[sdYoo]

@javsalgar @fevisera

I have the same problem too. Is this problem fixed? jaas.conf file doesn't set correctly. So kafka-exporter dose not connect to kafka. How to generate jaas.conf file? My kafka version is 2.8.1

[fevisera]

Hi @Dwijad,

Could you kindly provide the specific commands necessary to replicate the issue you are experiencing? Additionally, please outline the steps you are taking that lead to the Could not login error?

In other hand, if you are suggesting an implementation, you are welcome to contribute to enhancing the solution by following our contributing guide. Any changes you propose will be reviewed by our team, and the whole community will benefit from your changes.

Thank you!

[fevisera]

Hi @sdYoo,

We currently do not offer support for 2.x versions. You can find the available versions at https://github.com/bitnami/containers/tree/main/bitnami/kafka. Please consider using a more recent version, and do not hesitate to report any errors you encounter.

[github-actions[bot]]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions[bot]]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.