search

grepplabs / kafka-proxy

Proxy connections to Kafka cluster. Connect through SOCKS Proxy, HTTP Proxy or to cluster running in Kubernetes.
Apache License 2.0
501 stars 87 forks source link

Implement same client cert check feature #42

Closed mgusiew-guide closed 4 years ago

mgusiew-guide commented 4 years ago

Implement same client cert check functionality as discussed in https://github.com/grepplabs/kafka-proxy/issues/37

Major changes: 1) New flag --same-client-cert-enable that enables check set to false by default (backwards compatibility) 2) Extend config validation to require TLS on both sides and client cert on Kafka connection when new flag is set 3) Feature implementation in client that includes handshake (with timeout with same value as dial timeout), retrieving client certificate from proxy client connection and validating that it matches configured Kafka client cert 3) Tests for config validation and flag handling (both success and failure scenarios) 4) Include flag description and feature sample in readme file

mgusiew-guide commented 4 years ago

@mantkiewicz - thanks for comments, let's wait for @everesio review and then I will apply necessary changes in one go

everesio commented 4 years ago

thank you for the PR. great job !