diff --git a/README.md b/README.md index 688e0bdb..c8162a70 100644 --- a/README.md +++ b/README.md @@ -86,19 +86,24 @@ requires and provides, the permissions, and the additional module metadata. ### Environment variables -| Name | Default value | Description | -|:----------------------------------|:---------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------| -| DB_HOST | postgres | Postgres hostname | -| DB_PORT | 5432 | Postgres port | -| DB_USERNAME | folio_admin | Postgres username | -| DB_PASSWORD | - | Postgres username password | -| DB_DATABASE | okapi_modules | Postgres database name | -| KAFKA_HOST | kafka | Kafka broker hostname | -| KAFKA_PORT | 9092 | Kafka broker port | -| ENV | folio | Logical name of the deployment, must be set if Kafka/Elasticsearch are shared for environments, `a-z (any case)`, `0-9`, `-`, `_` symbols only allowed | -| MOD_USERS_ID | - | ID of `mod-users` module that is used for `custom-fields` interface | -| OKAPI_URL | http://sidecar:8081 | Okapi url | -| SYSTEM_USER_NAME | consortia-system-user | Username of the system user | -| SYSTEM_USER_PASSWORD | - | Password of the system user | -| CUSTOM_FIELDS_RETRY_BACKOFF_DELAY | 5000 | Custom fields retry backoff delay creation in milliseconds. | -| CUSTOM_FIELDS_RETRY_MAX_RETRIES | 5 | Custom fields retry max attempts creation in milliseconds. | +| Name | Default value | Description | +|:----------------------------------|:---------------------:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------| +| DB_HOST | postgres | Postgres hostname | +| DB_PORT | 5432 | Postgres port | +| DB_USERNAME | folio_admin | Postgres username | +| DB_PASSWORD | - | Postgres username password | +| DB_DATABASE | okapi_modules | Postgres database name | +| KAFKA_HOST | kafka | Kafka broker hostname | +| KAFKA_PORT | 9092 | Kafka broker port | +| KAFKA_SECURITY_PROTOCOL | PLAINTEXT | Kafka security protocol used to communicate with brokers (SSL or PLAINTEXT) | +| KAFKA_SSL_KEYSTORE_LOCATION | - | The location of the Kafka key store file. This is optional for client and can be used for two-way authentication for client. | +| KAFKA_SSL_KEYSTORE_PASSWORD | - | The store password for the Kafka key store file. This is optional for client and only needed if 'ssl.keystore.location' is configured. | +| KAFKA_SSL_TRUSTSTORE_LOCATION | - | The location of the Kafka trust store file. | +| KAFKA_SSL_TRUSTSTORE_PASSWORD | - | The password for the Kafka trust store file. If a password is not set, trust store file configured will still be used, but integrity checking is disabled. | +| ENV | folio | Logical name of the deployment, must be set if Kafka/Elasticsearch are shared for environments, `a-z (any case)`, `0-9`, `-`, `_` symbols only allowed | +| MOD_USERS_ID | - | ID of `mod-users` module that is used for `custom-fields` interface | +| OKAPI_URL | http://sidecar:8081 | Okapi url | +| SYSTEM_USER_NAME | consortia-system-user | Username of the system user | +| SYSTEM_USER_PASSWORD | - | Password of the system user | +| CUSTOM_FIELDS_RETRY_BACKOFF_DELAY | 5000 | Custom fields retry backoff delay creation in milliseconds. | +| CUSTOM_FIELDS_RETRY_MAX_RETRIES | 5 | Custom fields retry max attempts creation in milliseconds. | diff --git a/descriptors/ModuleDescriptor-template.json b/descriptors/ModuleDescriptor-template.json index b9a620b5..42f94bb6 100644 --- a/descriptors/ModuleDescriptor-template.json +++ b/descriptors/ModuleDescriptor-template.json @@ -602,6 +602,26 @@ "name": "KAFKA_PORT", "value": "9092" }, + { + "name": "KAFKA_SECURITY_PROTOCOL", + "value": "PLAINTEXT" + }, + { + "name": "KAFKA_SSL_KEYSTORE_LOCATION", + "value": "" + }, + { + "name": "KAFKA_SSL_KEYSTORE_PASSWORD", + "value": "" + }, + { + "name": "KAFKA_SSL_TRUSTSTORE_LOCATION", + "value": "" + }, + { + "name": "KAFKA_SSL_TRUSTSTORE_PASSWORD", + "value": "" + }, { "name": "OKAPI_URL", "value": "http://okapi:9130" diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 941cba03..90e0a434 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -9,6 +9,13 @@ spring: url: jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/${DB_DATABASE:okapi_modules} kafka: bootstrap-servers: ${KAFKA_HOST:localhost}:${KAFKA_PORT:9092} + security: + protocol: ${KAFKA_SECURITY_PROTOCOL:PLAINTEXT} + ssl: + key-store-password: ${KAFKA_SSL_KEYSTORE_PASSWORD:} + key-store-location: ${KAFKA_SSL_KEYSTORE_LOCATION:} + trust-store-password: ${KAFKA_SSL_TRUSTSTORE_PASSWORD:} + trust-store-location: ${KAFKA_SSL_TRUSTSTORE_LOCATION:} sql: init: continue-on-error: true