You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2021/07/05 13:15:06 UTC
[GitHub] [camel-quarkus] zbendhiba opened a new pull request #2879: kafka : impossible to authenticate with oauth2
zbendhiba opened a new pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879
fixes #2878
<!-- Uncomment and fill this section if your PR is not trivial
[ ] An issue should be filed for the change unless this is a trivial change (fixing a typo or similar). One issue should ideally be fixed by not more than one commit and the other way round, each commit should fix just one issue, without pulling in other changes.
[ ] Each commit in the pull request should have a meaningful and properly spelled subject line and body. Copying the title of the associated issue is typically enough. Please include the issue number in the commit message prefixed by #.
[ ] The pull request description should explain what the pull request does, how, and why. If the info is available in the associated issue or some other external document, a link is enough.
[ ] Phrases like Fix #<issueNumber> or Fixes #<issueNumber> will auto-close the named issue upon merging the pull request. Using them is typically a good idea.
[ ] Please run mvn process-resources -Pformat (and amend the changes if necessary) before sending the pull request.
[ ] Contributor guide is your good friend: https://camel.apache.org/camel-quarkus/latest/contributor-guide.html
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] zbendhiba merged pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
zbendhiba merged pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] zbendhiba commented on a change in pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
zbendhiba commented on a change in pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#discussion_r666820242
##########
File path: pom.xml
##########
@@ -101,7 +101,7 @@
<netty3.version>${netty3-version}</netty3.version><!-- Spark -->
<minio.version>${minio-version}</minio.version><!-- Keep in sync with quarkiverse-minio and Camel, preferring Camel assuming that it is more likely to be up to date -->
<mvel2.version>${mvel-version}</mvel2.version>
- <nimbus-jose-jwt.version>4.41.1</nimbus-jose-jwt.version><!-- Mess in hdfs transitive deps -->
+ <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version><!-- It's placed here because of mess in hdfs transitive deps, please upgrade when it's possible -->
Review comment:
Okay. It's not a kafka client pom, but usage of Strimzi, with oAuth2. The dependency is added for this purpose only : https://quarkus.io/guides/kafka#authenticating-with-oauth
That bug will maybe appear too on the Camel-K side, since they're using the Strimzi-oauth-client too.
When upgrading the client from 0.7.x to 0.8.x, the Strimzi oAuth client moves from Keyclock to Nimbus jose. so this configuration fails to start.
```
camel.component.kafka.security-protocol = SASL_SSL
camel.component.kafka.sasl-mechanism = OAUTHBEARER
camel.component.kafka.sasl-jaas-config = org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required \
oauth.client.id="<YOUR-SERVICE-ACCOUNT-ID-HERE>" \
oauth.client.secret="<YOUR-SERVICE-ACCOUNT-SECRET-HERE>" \
oauth.token.endpoint.uri="<TOKEN_ENDPOINT_URI>" ;
camel.component.kafka.additional-properties[sasl.login.callback.handler.class] = io.strimzi.kafka.oauth.client.JaasClientOauthLoginCallbackHandler
```
And when I checked that version we have is way too old. I was wondering if we can't just push this one just for hdfs purpose ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] ppalaga commented on a change in pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
ppalaga commented on a change in pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#discussion_r666975466
##########
File path: pom.xml
##########
@@ -101,7 +101,7 @@
<netty3.version>${netty3-version}</netty3.version><!-- Spark -->
<minio.version>${minio-version}</minio.version><!-- Keep in sync with quarkiverse-minio and Camel, preferring Camel assuming that it is more likely to be up to date -->
<mvel2.version>${mvel-version}</mvel2.version>
- <nimbus-jose-jwt.version>4.41.1</nimbus-jose-jwt.version><!-- Mess in hdfs transitive deps -->
+ <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version><!-- It's placed here because of mess in hdfs transitive deps, please upgrade when it's possible -->
Review comment:
In any case the comment should say something like `mess in hdfs transitive deps, used also by io.strimzi:kafka-oauth-client recommended by https://quarkus.io/guides/kafka#authenticating-with-oauth`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] ppalaga commented on a change in pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
ppalaga commented on a change in pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#discussion_r666807870
##########
File path: pom.xml
##########
@@ -101,7 +101,7 @@
<netty3.version>${netty3-version}</netty3.version><!-- Spark -->
<minio.version>${minio-version}</minio.version><!-- Keep in sync with quarkiverse-minio and Camel, preferring Camel assuming that it is more likely to be up to date -->
<mvel2.version>${mvel-version}</mvel2.version>
- <nimbus-jose-jwt.version>4.41.1</nimbus-jose-jwt.version><!-- Mess in hdfs transitive deps -->
+ <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version><!-- It's placed here because of mess in hdfs transitive deps, please upgrade when it's possible -->
Review comment:
If this is impacting Kafka, it would be nice to mention Kafka in the comment.
If the version 9.10 comes from some Kafka pom, then we should check whether it is possible to use `@sync` to update it automatically.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] zbendhiba commented on a change in pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
zbendhiba commented on a change in pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#discussion_r666821353
##########
File path: pom.xml
##########
@@ -101,7 +101,7 @@
<netty3.version>${netty3-version}</netty3.version><!-- Spark -->
<minio.version>${minio-version}</minio.version><!-- Keep in sync with quarkiverse-minio and Camel, preferring Camel assuming that it is more likely to be up to date -->
<mvel2.version>${mvel-version}</mvel2.version>
- <nimbus-jose-jwt.version>4.41.1</nimbus-jose-jwt.version><!-- Mess in hdfs transitive deps -->
+ <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version><!-- It's placed here because of mess in hdfs transitive deps, please upgrade when it's possible -->
Review comment:
To make sure it works, we need to have an integration tests with testcontainers + Strimzi that has oAuth2, I don't know if it's easy to setup
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] ppalaga commented on a change in pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
ppalaga commented on a change in pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#discussion_r666974334
##########
File path: pom.xml
##########
@@ -101,7 +101,7 @@
<netty3.version>${netty3-version}</netty3.version><!-- Spark -->
<minio.version>${minio-version}</minio.version><!-- Keep in sync with quarkiverse-minio and Camel, preferring Camel assuming that it is more likely to be up to date -->
<mvel2.version>${mvel-version}</mvel2.version>
- <nimbus-jose-jwt.version>4.41.1</nimbus-jose-jwt.version><!-- Mess in hdfs transitive deps -->
+ <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version><!-- It's placed here because of mess in hdfs transitive deps, please upgrade when it's possible -->
Review comment:
I thought `io.strimzi:kafka-oauth-client` would be managed in Quarkus BOM, but it is not. It it was managed there, we could use our tooling to keep our `nimbus-jose-jwt.version` in sync with theirs https://github.com/strimzi/strimzi-kafka-oauth/blob/main/pom.xml#L90
I wonder how much sense would it make for quarkus to manage `io.strimzi:kafka-oauth-client`. WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] ppalaga commented on a change in pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
ppalaga commented on a change in pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#discussion_r666974334
##########
File path: pom.xml
##########
@@ -101,7 +101,7 @@
<netty3.version>${netty3-version}</netty3.version><!-- Spark -->
<minio.version>${minio-version}</minio.version><!-- Keep in sync with quarkiverse-minio and Camel, preferring Camel assuming that it is more likely to be up to date -->
<mvel2.version>${mvel-version}</mvel2.version>
- <nimbus-jose-jwt.version>4.41.1</nimbus-jose-jwt.version><!-- Mess in hdfs transitive deps -->
+ <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version><!-- It's placed here because of mess in hdfs transitive deps, please upgrade when it's possible -->
Review comment:
I thought `io.strimzi:kafka-oauth-client` would be managed in Quarkus BOM, but it is not. If it was managed there, we could use our tooling to keep our `nimbus-jose-jwt.version` in sync with theirs https://github.com/strimzi/strimzi-kafka-oauth/blob/main/pom.xml#L90
I wonder how much sense would it make for quarkus to manage `io.strimzi:kafka-oauth-client`. WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel-quarkus] zbendhiba commented on pull request #2879: kafka : impossible to authenticate with oauth2
Posted by GitBox <gi...@apache.org>.
zbendhiba commented on pull request #2879:
URL: https://github.com/apache/camel-quarkus/pull/2879#issuecomment-878044075
@ppalaga fix here https://github.com/apache/camel-quarkus/pull/2896
FYI, the oauth Strimzi client version is not related to kafka client versions
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org