Skip to content

Commit

Permalink
Adds SSL Properties and refactors
Browse files Browse the repository at this point in the history
  • Loading branch information
rootxakash committed Oct 15, 2024
1 parent c48c97c commit 41d69a6
Show file tree
Hide file tree
Showing 3 changed files with 116 additions and 89 deletions.
4 changes: 3 additions & 1 deletion project.clj
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,9 @@
[ch.qos.logback.contrib/logback-jackson "0.1.5"]
[net.logstash.logback/logstash-logback-encoder "6.6"]
[clj-commons/iapetos "0.1.9"]
[org.apache.commons/commons-pool2 "2.11.1"]]
[org.apache.commons/commons-pool2 "2.11.1"]
[com.github.jnr/jffi "1.3.12"]
[com.github.jnr/jnr-unixsocket "0.38.21"]]
:deploy-repositories [["clojars" {:url "https://clojars.org/repo"
:username :env/clojars_username
:password :env/clojars_password
Expand Down
59 changes: 39 additions & 20 deletions src/ziggurat/config.clj
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,16 @@
[mount.core :refer [defstate]]
[ziggurat.util.java-util :as util])
(:import (java.util Properties)
[org.apache.kafka.common.config SaslConfigs]
[org.apache.kafka.common.config SaslConfigs SslConfigs]
[org.apache.kafka.clients CommonClientConfigs])
(:gen-class
:methods
[^{:static true} [get [String] Object]
^{:static true} [getIn [java.lang.Iterable] Object]]
:name tech.gojek.ziggurat.internal.Config))

(def DEFAULT-LOGIN-CALLBACK-HANDLER "io.gtflabs.kafka.security.oauthbearer.kubernetes.PodLoginCallbackHandler")

(def config-file "config.edn")

(def default-config
Expand Down Expand Up @@ -201,9 +203,18 @@
(.setProperty p sk nv))))
p)

(defn create-jaas-properties
[user-name password login-module]
(format "%s required username=\"%s\" password=\"%s\";" login-module user-name password))
(defn create-jaas-properties [user-name password login-module]
(let [username-str (if user-name (format " username=\"%s\"" user-name) "")
password-str (if password (format " password=\"%s\"" password) "")
credentials (str username-str password-str)]
(format "%s required%s;" login-module (if (empty? credentials) "" credentials))))

(defn- add-ssl-properties
[properties ssl-config-map]
(doto properties
(.put SslConfigs/SSL_TRUSTSTORE_LOCATION_CONFIG (:ssl-truststore-location ssl-config-map "/etc/kafka/certs/truststore.p12"))
(.put SslConfigs/SSL_TRUSTSTORE_PASSWORD_CONFIG (:ssl-truststore-password ssl-config-map)))
properties)

(defn- add-jaas-properties
[properties jaas-config]
Expand All @@ -217,12 +228,11 @@
properties))

(defn- add-sasl-properties
[properties mechanism protocol]
(if (and (some? mechanism) (some? protocol))
(doto properties
(.put SaslConfigs/SASL_MECHANISM mechanism)
(.put CommonClientConfigs/SECURITY_PROTOCOL_CONFIG protocol))
properties))
[properties mechanism protocol login-callback-handler]
(when (some? mechanism) (.put properties SaslConfigs/SASL_MECHANISM mechanism))
(when (some? protocol) (.put properties CommonClientConfigs/SECURITY_PROTOCOL_CONFIG protocol))
(when (some? login-callback-handler) (.put properties SaslConfigs/SASL_LOGIN_CALLBACK_HANDLER_CLASS login-callback-handler))
properties)

(defn build-ssl-properties
[properties set-property-fn ssl-config-map]
Expand Down Expand Up @@ -251,9 +261,10 @@
protocol (get ssl-config-map :protocol)]
(if (true? ssl-configs-enabled)
(as-> properties pr
(add-jaas-properties pr jaas-config)
(add-sasl-properties pr mechanism protocol)
(reduce-kv set-property-fn pr ssl-config-map))
(add-ssl-properties pr ssl-config-map)
(add-jaas-properties pr jaas-config)
(add-sasl-properties pr mechanism protocol nil)
(reduce-kv set-property-fn pr ssl-config-map))
properties)))

(defn build-sasl-properties
Expand All @@ -275,15 +286,16 @@
:password <>
:login-module <>}}}
"
(let [sasl-configs-enabled (:enabled sasl-config-map)
jaas-config (get sasl-config-map :jaas)
mechanism (get sasl-config-map :mechanism)
protocol (get sasl-config-map :protocol)]
(let [sasl-configs-enabled (:enabled sasl-config-map)
jaas-config (get sasl-config-map :jaas)
mechanism (get sasl-config-map :mechanism "OAUTHBEARER")
protocol (get sasl-config-map :protocol "SASL_SSL")
login-callback-handler (get sasl-config-map :login-callback-handler DEFAULT-LOGIN-CALLBACK-HANDLER)]
(if (true? sasl-configs-enabled)
(as-> properties pr
(add-jaas-properties pr jaas-config)
(add-sasl-properties pr mechanism protocol)
(reduce-kv set-property-fn pr sasl-config-map))
(add-jaas-properties pr jaas-config)
(add-sasl-properties pr mechanism protocol login-callback-handler)
(reduce-kv set-property-fn pr sasl-config-map))
properties)))

(defn build-properties
Expand Down Expand Up @@ -324,3 +336,10 @@

(defn get-channel-retry-count [topic-entity channel]
(:count (channel-retry-config topic-entity channel)))

;; 1. Bump up kafka version to 3.7.0
;; 2. Introduce changes for sasl and ssl properties:
;; 2.1


;;ZIGGURAT_
Loading

0 comments on commit 41d69a6

Please sign in to comment.