azure-functions-kafka-extension icon indicating copy to clipboard operation
azure-functions-kafka-extension copied to clipboard

Published 20 hours ago verified publisher icon Azure

HttpTrigger Kafka Needs to Support Config Settings Replacement for Ssl parameters

Open chadwillson opened this issue 4 years ago • 6 comments

Hello,

Ssl Config substitutions do not work on the HttpTrigger with Kafka. You need to hardcode. This is a huge config issue. They do work in the KafkaTrigger.

            SslKeyLocation = "%SslKeyLocation%",
            SslCaLocation = "%SslCaLocation%",
            SslCertificateLocation = "%SslCertificateLocation%",

       [HttpTrigger(AuthorizationLevel.Function, "post", Route = null)] HttpRequest req,
       [Kafka(
            "ProdBroker",
            "%ProdTopicEvents%",
            SslKeyLocation = "%SslKeyLocation%",
            SslCaLocation = "%SslCaLocation%",
            SslCertificateLocation = "%SslCertificateLocation%",
            SslKeyPassword = "%SslKeyPassword%",
            Protocol = BrokerProtocol.Ssl,
            AuthenticationMode = BrokerAuthenticationMode.Plain
        )] IAsyncCollector<KafkaEventData<byte[]>> events, ILogger log)

chadwillson avatar Dec 02 '20 16:12 chadwillson

Thank you for the feedback. I found the spot.

https://github.com/Azure/azure-functions-kafka-extension/blob/d6ddb6c48a4ad3e6e765fe0123b76b7f677f0bb2/src/Microsoft.Azure.WebJobs.Extensions.Kafka/Output/KafkaProducerFactory.cs#L127-L130

We need to do like this. https://github.com/Azure/azure-functions-kafka-extension/pull/153/files

TsuyoshiUshio avatar Dec 02 '20 17:12 TsuyoshiUshio

hi. is there an update on this one? This is a big problem that makes this output binding unusable if your cluster uses certs. @chadwillson - did you manage to find a walkaround for configuring different environments?

artursokhikyan avatar Jun 18 '21 14:06 artursokhikyan

Hi @artursokhikyan,

We hardcoded the variables per environment and are awaiting the update outlined by @TsuyoshiUshio.

It is a big pain and not defensible in code reviews. We are using this in production.

Chad

chadwillson avatar Jun 18 '21 21:06 chadwillson

Hi @chadwillson , @artursokhikyan

The change will be very simple, however, just need to test it. I'd happy to include this as the next release. However, I can't promise when I'll finish it. If you guys are ok, could you contribute it? the change is very simple and small that I just explained above. Or I'll do it before the next release.

TsuyoshiUshio avatar Jun 18 '21 21:06 TsuyoshiUshio

@TsuyoshiUshio @shrohilla This issue is still open and affecting us as well. Do you plan a change regarding this issue?

PSanetra avatar Jan 19 '23 09:01 PSanetra

Any update on the SslKeyPassword, right now it is still collected from the attribute itself, wich makes the output binding unusable to us

miquel09 avatar Sep 27 '23 10:09 miquel09