Skip to content

Add SSL bundle support to Apache Kafka auto-configuration #37629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Tracked by #17589
mdeinum opened this issue Sep 29, 2023 · 4 comments
Closed
Tracked by #17589

Add SSL bundle support to Apache Kafka auto-configuration #37629

mdeinum opened this issue Sep 29, 2023 · 4 comments
Labels
theme: ssl Issues related to ssl support type: enhancement A general enhancement
Milestone

Comments

@mdeinum
Copy link
Contributor

mdeinum commented Sep 29, 2023

While investigating the Spring Boot Kafka support (for the upcoming release of Spring Boot 3 Recipes) I noticed that the Kafka autoconfiguration also has the possibility to set various SSL settings. I would expect that this would also use the new SSL Bundle support in Spring Boot, this is however not the case.

It would be great if we could use SSL Bundles for Kafka as well.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 29, 2023
@wilkinsona
Copy link
Member

It's intentional that Spring Boot Kafka integration does not support SSL bundles as we believed that it was not possible to configure Kafka with an SSLContext or similar and, instead, everything had to be stringly-typed and property-based. However, this issue prompted me to take another look and it looks like it may be possible after all.

Kafka provides a plug point for its SSL configuration with its SslEngineFactory interface. This has to be provided to Kafka as a Class or as a String class name, preventing us from providing a factory instance that's pre-configured with the necessary state. However, it appears to be possible to pass this state through the Map<String, ?> of config with which the SslEngineFactory implementation is called.

I've prototyped something that seems to show that this approach may be worth some further investigation. The SslEngineFactory is called in such a way that it can access an SslBundle from which it can then create an SSLEngine. I'll discuss it with the rest of the team to see if this approach is worth pursuing.

@wilkinsona wilkinsona added type: enhancement A general enhancement for: team-meeting An issue we'd like to discuss as a team to make progress labels Sep 29, 2023
@wilkinsona wilkinsona changed the title Kafka Autoconfiguration doesn't use the new SSL Bundle support Provide SSL Bundle Support with Apache Kafka Sep 29, 2023
@philwebb
Copy link
Member

philwebb commented Oct 4, 2023

We like the prototype and think we can add support using it.

@philwebb philwebb added this to the 3.x milestone Oct 4, 2023
@philwebb philwebb removed status: waiting-for-triage An issue we've not yet triaged for: team-meeting An issue we'd like to discuss as a team to make progress labels Oct 4, 2023
@scottfrederick scottfrederick added the theme: ssl Issues related to ssl support label Oct 11, 2023
@scottfrederick scottfrederick changed the title Provide SSL Bundle Support with Apache Kafka Add SSL bundle Support to Apache Kafka auto-configuration Oct 11, 2023
@scottfrederick scottfrederick modified the milestones: 3.x, 3.2.0-RC1 Oct 18, 2023
@wilkinsona wilkinsona changed the title Add SSL bundle Support to Apache Kafka auto-configuration Add SSL bundle support to Apache Kafka auto-configuration Oct 20, 2023
@ozozgun
Copy link

ozozgun commented Dec 28, 2024

Hi, I have arrived here from a google search and it seems to be the only official information on the subject.
Is there any documentation for this ?

@philwebb
Copy link
Member

@ozozgun You can read about SSL bundles at https://docs.spring.io/spring-boot/reference/features/ssl.html. Once you've got the concept you can use one of the spring.kafka.*.ssl.bundle properties to apply it (for example spring.kafka.producer.ssl.bundle.

If you have any issues, please ask questions on stackoverflow.com as we prefer to keep this issue tracker for bugs and enhancements.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
theme: ssl Issues related to ssl support type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

6 participants