Options for SSL

[arnitolog]

Hello, we have ssl enabled for REST on the Opensearch side. So, need somehow specify ssl options on the connector side. In the elasticsearch connector there were options like:

elastic.security.protocol: "SSL"
elastic.https.ssl.truststore.location: "/tmp/kafka/cluster.truststore.p12"
elastic.https.ssl.truststore.password: "${file:/tmp/strimzi-connect.properties:ssl.truststore.password}"
elastic.https.ssl.truststore.type: "PKCS12"
elastic.https.ssl.enabled.protocols: "TLSv1.3"

is there any possibility to do the same in Opensearch connector?

[willyborankin]

@arnitolog yes it is possible to add.

[arnitolog]

@willyborankin do you have any example how to do this?

[willyborankin]

@arnitolog this feature needs to be added

[eaudet]

@willyborankin I have made changes to support @arnitolog request in the class OpensearchClient. I added a new constructor using the proposed properties. It's tested against a cluster of OpenSearch nodes. Can I create a pull request?

[jake1098]

Also looking for this fix, would appreciate the PR

@willyborankin I have made changes to support @arnitolog request in the class OpensearchClient. I added a new constructor using the proposed properties. It's tested against a cluster of OpenSearch nodes. Can I create a pull request?

[willyborankin]

@willyborankin I have made changes to support @arnitolog request in the class OpensearchClient. I added a new constructor using the proposed properties. It's tested against a cluster of OpenSearch nodes. Can I create a pull request?

@eaudet Sure your are welcome :-)

[wannajob]

@willyborankin I have made changes to support @arnitolog request in the class OpensearchClient. I added a new constructor using the proposed properties. It's tested against a cluster of OpenSearch nodes. Can I create a pull request?

@eaudet also looking for the fix, thanks. Meanwhile, did you add just those proposed properties which are related to trustore, or will you also include keystore setting such as below?

elastic.https.ssl.keystore.location
elastic.https.ssl.keystore.password 
elastic.https.ssl.keystore.type
elastic.https.ssl.key.password
elastic.https.ssl.protocol

[willyborankin]

@willyborankin I have made changes to support @arnitolog request in the class OpensearchClient. I added a new constructor using the proposed properties. It's tested against a cluster of OpenSearch nodes. Can I create a pull request?

@eaudet also looking for the fix, thanks. Meanwhile, did you add just those proposed properties which are related to trustore, or will you also include keystore setting such as below?

elastic.https.ssl.keystore.location
elastic.https.ssl.keystore.password 
elastic.https.ssl.keystore.type
elastic.https.ssl.key.password
elastic.https.ssl.protocol

It does not work without trust store. You need to provide both trust and key store

[wannajob]

@willyborankin I have made changes to support @arnitolog request in the class OpensearchClient. I added a new constructor using the proposed properties. It's tested against a cluster of OpenSearch nodes. Can I create a pull request?

@eaudet also looking for the fix, thanks. Meanwhile, did you add just those proposed properties which are related to trustore, or will you also include keystore setting such as below?

elastic.https.ssl.keystore.location
elastic.https.ssl.keystore.password 
elastic.https.ssl.keystore.type
elastic.https.ssl.key.password
elastic.https.ssl.protocol

It does not work without trust store. You need to provide both trust and key store

yeah, that is what i want to confirm

[akash092]

did anyone manage to get this done

[willyborankin]

Looks like no. I will create an internal issue for our team.

[arnitolog]

@willyborankin do you have any updates?

[martinsagan]

Is there any news about SSL parameters? We have OpenSearch cluster with authentication and SSL too. Thanks.

[XLAQO]

@willyborankin Could you please provide an update regarding this Issue? SSL encryption really is an important feature to have.

[martinsagan]

@XLAQO we made it through fluentbit, or you can try it through fluentd if dont have K8s

[ageorget]

Any news about the SSL support for the connector? Somebody managed to use it with the code of @eaudet ?

[qlecorre]

First off, thanks guys for maintaining an open-source sink connector for OpenSearch; it's really useful! @willyborankin

Was there any progress made in the support of SSL? It would be super appreciated on our side.

[willyborankin]

First off, thanks guys for maintaining an open-source sink connector for OpenSearch; it's really useful! @willyborankin

Was there any progress made in the support of SSL? It would be super appreciated on our side.

Hi @qlecorre, it looks like no one are willing to add this functionality :-). It will take some time but I will add it.

[qlecorre]

Thanks @willyborankin, it's much appreciated!

[fadhilijuma]

https://github.com/willyborankin Can I take this up?

On Mon, 29 Apr 2024 at 16:25, Quentin Le Corre @.***> wrote:

Thanks @willyborankin https://github.com/willyborankin, it's much appreciated!

— Reply to this email directly, view it on GitHub https://github.com/Aiven-Open/opensearch-connector-for-apache-kafka/issues/106#issuecomment-2082744803, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC53FOTOCIANFCCR2HAFSV3Y7ZC5JAVCNFSM6AAAAAAQRULQNWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBSG42DIOBQGM . You are receiving this because you are subscribed to this thread.Message ID: <Aiven-Open/opensearch-connector-for-apache-kafka/issues/106/2082744803@ github.com>

[willyborankin]

https://github.com/willyborankin Can I take this up? … On Mon, 29 Apr 2024 at 16:25, Quentin Le Corre @.***> wrote: Thanks @willyborankin https://github.com/willyborankin, it's much appreciated! — Reply to this email directly, view it on GitHub <#106 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC53FOTOCIANFCCR2HAFSV3Y7ZC5JAVCNFSM6AAAAAAQRULQNWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBSG42DIOBQGM . You are receiving this because you are subscribed to this thread.Message ID: <Aiven-Open/opensearch-connector-for-apache-kafka/issues/106/2082744803@ github.com>

Thank you , @fadhilijuma! But I already started to work on it.

[fadhilijuma]

Okay thanks for the great work.

On Mon, Apr 29, 2024 at 4:53 PM Andrey Pleskach @.***> wrote:

https://github.com/willyborankin Can I take this up? … <#m_-9080845024341341216_> On Mon, 29 Apr 2024 at 16:25, Quentin Le Corre @.***> wrote: Thanks @willyborankin https://github.com/willyborankin https://github.com/willyborankin, it's much appreciated! — Reply to this email directly, view it on GitHub <#106 (comment) https://github.com/Aiven-Open/opensearch-connector-for-apache-kafka/issues/106#issuecomment-2082744803>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC53FOTOCIANFCCR2HAFSV3Y7ZC5JAVCNFSM6AAAAAAQRULQNWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBSG42DIOBQGM . You are receiving this because you are subscribed to this thread.Message ID: </issues/106 https://github.com/Aiven-Open/opensearch-connector-for-apache-kafka/issues/106 /2082744803@ github.com>

Thank you , @fadhilijuma https://github.com/fadhilijuma! But I already started to work on it.

— Reply to this email directly, view it on GitHub https://github.com/Aiven-Open/opensearch-connector-for-apache-kafka/issues/106#issuecomment-2082818715, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC53FOU4NE3SKUQL7S4LLODY7ZGFDAVCNFSM6AAAAAAQRULQNWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBSHAYTQNZRGU . You are receiving this because you were mentioned.Message ID: <Aiven-Open/opensearch-connector-for-apache-kafka/issues/106/2082818715@ github.com>