You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Alessandro Ernesto Mascherpa <al...@piksel.com> on 2022/02/23 13:10:18 UTC

Kafka streams and user authentication

Hi All,
I'm facing a problem with user authentication in Kafka streams in Kafka v.3.0.0.

A Java application reads from topic A as a stream and, in the same stream, writes to topic B.
The two topics are configured with two different accounts, hence is it feasible for a stream to read using an account and to write using another account? And if so, how should I configure the stream?

I'm available for further information and discussion
Thanks in advance
Alessandro

This message is private and confidential. If you have received this message in error, please notify the sender or servicedesk@piksel.com and remove it from your system.

Piksel Inc is a Delaware corporation, whose registered office is 2100 Powers Ferry Road SE, Suite 400, Atlanta, GA 30339, USA

Re: Kafka streams and user authentication

Posted by Guozhang Wang <wa...@gmail.com>.

Got it.

I'm not totally sure how the spring wires the properties from the file to
the actual configs in Streams, but just a general suggestion: in Kafka
Streams you can specify the config overrides for the internally embedded
producer and consumer respectively:
https://kafka.apache.org/10/documentation/streams/developer-guide/config-streams.html#kafka-consumers-and-producer-configuration-parameters

So if you can figure out how to wire the configs with the embedded producer
and consumer, then they can indeed use different accounts for reading and
writing.

Guozhang

On Thu, Feb 24, 2022 at 4:22 AM Alessandro Ernesto Mascherpa <
alessandro.mascherpa@piksel.com> wrote:

> Hello Guozhang,
>
> For authentication I'm using the following configuration:
>
> spring.kafka.properties.sasl.jaas.config =
> org.apache.kafka.common.security.plain.PlainLoginModule required
> username="<username>" password="<password> ";
> spring.kafka.properties.ssl.truststore.location=/path/to/truststore.jks
> spring.kafka.properties.ssl.truststore.password=trustore-secret
> spring.kafka.properties.ssl.truststore.type=JKS
> spring.kafka.properties.security.protocol=SASL_SSL
> spring.kafka.properties.sasl.mechanism=PLAIN
>
> defined in a .properties file. With 'acocunt' I mean the pair
> username/password and the read/write rights the username has.
>
> If a simplified code snippet may be useful, the stream is created as:
>
> @Bean public KStream<String,Message>  plain(StreamsBuilder builder)  {
>         KStream<String,Message> stream = builder.stream( "A" );
>         stream.map( ... ).to( "B" );
>         return stream;
> }
>
> Thanks
> Alessandro
>
>
> -----Original Message-----
> From: Guozhang Wang <wa...@gmail.com>
> Sent: mercoledì 23 febbraio 2022 19:20
> To: Users <us...@kafka.apache.org>
> Subject: Re: Kafka streams and user authentication
>
> Hello Alessandro,
>
> Could you elaborate a bit more on what authN methanisms you are using, and
> by `account` what do you mean explicitly?
>
>
> Guozhang
>
> On Wed, Feb 23, 2022 at 5:10 AM Alessandro Ernesto Mascherpa <
> alessandro.mascherpa@piksel.com> wrote:
>
> > Hi All,
> > I'm facing a problem with user authentication in Kafka streams in
> > Kafka v.3.0.0.
> >
> > A Java application reads from topic A as a stream and, in the same
> > stream, writes to topic B.
> > The two topics are configured with two different accounts, hence is it
> > feasible for a stream to read using an account and to write using
> > another account? And if so, how should I configure the stream?
> >
> > I'm available for further information and discussion Thanks in advance
> > Alessandro
> >
> > This message is private and confidential. If you have received this
> > message in error, please notify the sender or servicedesk@piksel.com
> > and remove it from your system.
> >
> > Piksel Inc is a Delaware corporation, whose registered office is 2100
> > Powers Ferry Road SE, Suite 400, Atlanta, GA 30339, USA
> >
>
>
> --
> -- Guozhang
>


-- 
-- Guozhang

RE: Kafka streams and user authentication

Posted by Alessandro Ernesto Mascherpa <al...@piksel.com>.

Hello Guozhang,

For authentication I'm using the following configuration:

spring.kafka.properties.sasl.jaas.config = org.apache.kafka.common.security.plain.PlainLoginModule required username="<username>" password="<password> ";
spring.kafka.properties.ssl.truststore.location=/path/to/truststore.jks
spring.kafka.properties.ssl.truststore.password=trustore-secret
spring.kafka.properties.ssl.truststore.type=JKS
spring.kafka.properties.security.protocol=SASL_SSL
spring.kafka.properties.sasl.mechanism=PLAIN

defined in a .properties file. With 'acocunt' I mean the pair username/password and the read/write rights the username has.

If a simplified code snippet may be useful, the stream is created as:

@Bean public KStream<String,Message>  plain(StreamsBuilder builder)  {
        KStream<String,Message> stream = builder.stream( "A" );
        stream.map( ... ).to( "B" );
        return stream;
}

Thanks
Alessandro


-----Original Message-----
From: Guozhang Wang <wa...@gmail.com> 
Sent: mercoledì 23 febbraio 2022 19:20
To: Users <us...@kafka.apache.org>
Subject: Re: Kafka streams and user authentication

Hello Alessandro,

Could you elaborate a bit more on what authN methanisms you are using, and by `account` what do you mean explicitly?


Guozhang

On Wed, Feb 23, 2022 at 5:10 AM Alessandro Ernesto Mascherpa < alessandro.mascherpa@piksel.com> wrote:

> Hi All,
> I'm facing a problem with user authentication in Kafka streams in 
> Kafka v.3.0.0.
>
> A Java application reads from topic A as a stream and, in the same 
> stream, writes to topic B.
> The two topics are configured with two different accounts, hence is it 
> feasible for a stream to read using an account and to write using 
> another account? And if so, how should I configure the stream?
>
> I'm available for further information and discussion Thanks in advance 
> Alessandro
>
> This message is private and confidential. If you have received this 
> message in error, please notify the sender or servicedesk@piksel.com 
> and remove it from your system.
>
> Piksel Inc is a Delaware corporation, whose registered office is 2100 
> Powers Ferry Road SE, Suite 400, Atlanta, GA 30339, USA
>


--
-- Guozhang

Re: Kafka streams and user authentication

Posted by Guozhang Wang <wa...@gmail.com>.

Hello Alessandro,

Could you elaborate a bit more on what authN methanisms you are using, and
by `account` what do you mean explicitly?


Guozhang

On Wed, Feb 23, 2022 at 5:10 AM Alessandro Ernesto Mascherpa <
alessandro.mascherpa@piksel.com> wrote:

> Hi All,
> I'm facing a problem with user authentication in Kafka streams in Kafka
> v.3.0.0.
>
> A Java application reads from topic A as a stream and, in the same stream,
> writes to topic B.
> The two topics are configured with two different accounts, hence is it
> feasible for a stream to read using an account and to write using another
> account? And if so, how should I configure the stream?
>
> I'm available for further information and discussion
> Thanks in advance
> Alessandro
>
> This message is private and confidential. If you have received this
> message in error, please notify the sender or servicedesk@piksel.com and
> remove it from your system.
>
> Piksel Inc is a Delaware corporation, whose registered office is 2100
> Powers Ferry Road SE, Suite 400, Atlanta, GA 30339, USA
>


-- 
-- Guozhang