Add support for kafka SSL autentication

Change-Id: Idef066a2e3b4923789a6b081d5442e931aba4507
This commit is contained in:
Michal Arbet 2019-11-15 11:30:50 +01:00
parent 04b2b5d451
commit 5a43d4548a
4 changed files with 39 additions and 3 deletions

View File

@ -101,6 +101,9 @@ class Connection(object):
self.security_protocol = self.driver_conf.security_protocol
self.sasl_mechanism = self.driver_conf.sasl_mechanism
self.ssl_cafile = self.driver_conf.ssl_cafile
self.ssl_client_cert_file = self.driver_conf.ssl_client_cert_file
self.ssl_client_key_file = self.driver_conf.ssl_client_key_file
self.ssl_client_key_password = self.driver_conf.ssl_client_key_password
self.url = url
self.virtual_host = url.virtual_host
self._parse_url()
@ -238,6 +241,9 @@ class ConsumerConnection(Connection):
'sasl.username': self.username,
'sasl.password': self.password,
'ssl.ca.location': self.ssl_cafile,
'ssl.certificate.location': self.ssl_client_cert_file,
'ssl.key.location': self.ssl_client_key_file,
'ssl.key.password': self.ssl_client_key_password,
'enable.partition.eof': False,
'default.topic.config': {'auto.offset.reset': 'latest'}
}
@ -323,7 +329,10 @@ class ProducerConnection(Connection):
'sasl.mechanism': self.sasl_mechanism,
'sasl.username': self.username,
'sasl.password': self.password,
'ssl.ca.location': self.ssl_cafile
'ssl.ca.location': self.ssl_cafile,
'ssl.certificate.location': self.ssl_client_cert_file,
'ssl.key.location': self.ssl_client_key_file,
'ssl.key.password': self.ssl_client_key_password
}
self.producer = confluent_kafka.Producer(conf)

View File

@ -73,7 +73,19 @@ KAFKA_OPTS = [
cfg.StrOpt('ssl_cafile',
default='',
help='CA certificate PEM file used to verify the server'
' certificate')
' certificate'),
cfg.StrOpt('ssl_client_cert_file',
default='',
help='Client certificate PEM file used for authentication.'),
cfg.StrOpt('ssl_client_key_file',
default='',
help='Client key PEM file used for authentication.'),
cfg.StrOpt('ssl_client_key_password',
default='',
help='Client key password file used for authentication.')
]

View File

@ -113,7 +113,10 @@ class TestKafkaDriver(test_utils.BaseTestCase):
'sasl.mechanism': 'PLAIN',
'sasl.username': mock.ANY,
'sasl.password': mock.ANY,
'ssl.ca.location': ''
'ssl.ca.location': '',
'ssl.certificate.location': '',
'ssl.key.location': '',
'ssl.key.password': '',
})
def test_listen(self):
@ -139,6 +142,9 @@ class TestKafkaDriver(test_utils.BaseTestCase):
'sasl.username': mock.ANY,
'sasl.password': mock.ANY,
'ssl.ca.location': '',
'ssl.certificate.location': '',
'ssl.key.location': '',
'ssl.key.password': '',
'default.topic.config': {'auto.offset.reset': 'latest'}
})

View File

@ -0,0 +1,9 @@
---
features:
- |
| SSL support for oslo_messaging's kafka driver
| Next configuration params was added
* *ssl_client_cert_file* (default='')
* *ssl_client_key_file* (default='')
* *ssl_client_key_password* (default='')