You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2020/01/24 22:12:00 UTC

[jira] [Commented] (KAFKA-8843) Zookeeper migration tool support for TLS

    [ https://issues.apache.org/jira/browse/KAFKA-8843?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17023299#comment-17023299 ] 

ASF GitHub Bot commented on KAFKA-8843:
---------------------------------------

rondagostino commented on pull request #8003: KAFKA-8843: KIP-515: Zookeeper TLS support
URL: https://github.com/apache/kafka/pull/8003
 
 
   Signed-off-by: Ron Dagostino <rd...@confluent.io>
   
   *More detailed description of your change,
   if necessary. The PR title and PR message become
   the squashed commit message, so use a separate
   comment to ping reviewers.*
   
   *Summary of testing strategy (including rationale)
   for the feature or bug fix. Unit and/or integration
   tests are expected for any behaviour change and
   system tests should be considered for larger changes.*
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> Zookeeper migration tool support for TLS
> ----------------------------------------
>
>                 Key: KAFKA-8843
>                 URL: https://issues.apache.org/jira/browse/KAFKA-8843
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Pere Urbon-Bayes
>            Assignee: Pere Urbon-Bayes
>            Priority: Minor
>
> Currently zookeeper-migration tool works based on SASL authentication. What means only digest and kerberos authentication is supported.
>  
> With the introduction of ZK 3.5, TLS is added, including a new X509 authentication provider. 
>  
> To support this great future and utilise the TLS principals, the zookeeper-migration-tool script should support the X509 authentication as well.
>  
> In my newbie view, this should mean adding a new parameter to allow other ways of authentication around [https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/admin/ZkSecurityMigrator.scala#L65. |https://github.com/apache/kafka/blob/trunk/core/src/main/scala/kafka/admin/ZkSecurityMigrator.scala#L65]
>  
> If I understand the process correct, this will require a KIP, right?
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)