You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Ian McDonald (Jira)" <ji...@apache.org> on 2023/03/17 00:16:00 UTC
[jira] [Created] (KAFKA-14816) Connect Http Client
Ian McDonald created KAFKA-14816:
------------------------------------
Summary: Connect Http Client
Key: KAFKA-14816
URL: https://issues.apache.org/jira/browse/KAFKA-14816
Project: Kafka
Issue Type: Bug
Components: KafkaConnect
Reporter: Ian McDonald
Due to changes made here: [https://github.com/apache/kafka/pull/12828]
Connect now can load ssl configs from the worker into the rest client and use them even when the `security.protocol` is set to another protocol (sasl_plaintext, plaintext). This could lead to unexpected behavior where one has moved to another security protocol, however has left their ssl properties, and upgraded versions. This would lead to failure when creating connectors.
In our testing environments - older versions without the linked changes pass with the following configuration, and newer versions with the changes fail:
```
security.protocol = SASL_PLAINTEXT
...
ssl.keystore.location = /mnt/security/test.keystore.jks
ssl.keystore.password = [hidden]
ssl.keystore.type = JKS
ssl.protocol = TLSv1.2
```
its important to note that the file - /mnt/security/test.keystore.jks, isnt generated for our non ssl tests, however these configs are still created
this leads to a 500 response when hitting the create connector rest endpoint with the following error:
```
{
"error_code":500,
"message":"Failed to start RestClient:
/mnt/security/test.keystore.jks is not a valid keystore"
}
```
--
This message was sent by Atlassian Jira
(v8.20.10#820010)