WIP:sasl-client--broker-angepasst--separate-accounts
authorKai Moritz <kai@juplo.de>
Sun, 25 May 2025 15:54:37 +0000 (17:54 +0200)
committerKai Moritz <kai@juplo.de>
Sun, 25 May 2025 21:26:47 +0000 (23:26 +0200)
STEP-ONE.sh
admin.properties
docker-compose.yml

index a78cc8e..2e87a43 100755 (executable)
@@ -20,22 +20,36 @@ docker compose exec zookeeper zookeeper-shell zookeeper:2181 get /cluster/id
 echo "Starting Kafka in Zookeeper-Mode..."
 docker compose up setup
 
-echo "Setting up ACLs for the consumer and the producer..."
-# client
+echo "Setting up ACLs for the producer..."
 docker compose exec cli kafka-acls \
   --command-config /mnt/admin.properties \
   --bootstrap-server kafka:9092 \
   --add \
-  --allow-principal User:client \
+  --allow-principal User:producer \
   --topic test \
-  --consumer --group=my-group \
   --producer
 
 docker compose exec cli kafka-acls \
   --command-config /mnt/admin.properties \
   --bootstrap-server kafka:9092 \
   --list \
-  --user-principal User:client \
+  --user-principal User:producer \
+  --topic test
+
+echo "Setting up ACLs for the consumer..."
+docker compose exec cli kafka-acls \
+  --command-config /mnt/admin.properties \
+  --bootstrap-server kafka:9092 \
+  --add \
+  --allow-principal User:consumer \
+  --topic test \
+  --consumer --group=my-group \
+
+docker compose exec cli kafka-acls \
+  --command-config /mnt/admin.properties \
+  --bootstrap-server kafka:9092 \
+  --list \
+  --user-principal User:consumer \
   --group=my-group \
   --topic test
 
index b040250..d7168db 100644 (file)
@@ -2,4 +2,4 @@ sasl.mechanism=PLAIN
 security.protocol=SASL_PLAINTEXT
 sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
   username="broker" \
-  password="geheim";
+  password="brokerpw";
index df9f07f..c762053 100644 (file)
@@ -31,24 +31,27 @@ services:
       KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
       KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
@@ -85,24 +88,27 @@ services:
       KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
       KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
@@ -144,24 +150,27 @@ services:
       KAFKA_LISTENER_NAME_BROKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_BROKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_DOCKER_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_DOCKER_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_LISTENER_NAME_LOCALHOST_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_LISTENER_NAME_LOCALHOST_PLAIN_SASL_JAAS_CONFIG: |
         org.apache.kafka.common.security.plain.PlainLoginModule required \
-        user_broker="geheim" \
-        user_client="geheim" \
+        user_broker="brokerpw" \
+        user_producer="producerpw" \
+        user_consumer="consumerpw" \
         username="broker" \
-        password="geheim"; \
+        password="brokerpw"; \
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512
       KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: 10000
@@ -263,7 +272,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="producer" password="producerpw";
       juplo.producer.topic: test
 
   consumer:
@@ -274,7 +283,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw";
       spring.kafka.consumer.auto-offset-reset: earliest
       logging.level.org.apache.kafka.clients.consumer: INFO
       juplo.consumer.topic: test
@@ -287,7 +296,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw";
       spring.kafka.consumer.auto-offset-reset: earliest
       logging.level.org.apache.kafka.clients.consumer: INFO
       juplo.consumer.topic: test
@@ -300,7 +309,7 @@ services:
       spring.kafka.jaas.enabled: "true"
       spring.kafka.properties.security.protocol: SASL_PLAINTEXT
       spring.kafka.properties.sasl.mechanism: PLAIN
-      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="client" password="geheim";
+      spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username="consumer" password="consumerpw";
       spring.kafka.consumer.auto-offset-reset: earliest
       logging.level.org.apache.kafka.clients.consumer: INFO
       juplo.consumer.topic: test