cp-ansible icon indicating copy to clipboard operation
cp-ansible copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

create scram users thru kafka-storage command

Open piif opened this issue 1 year ago • 4 comments

Description

Creates scram users thru kafka-storage command when target is KRaft and not Zookeeper

Fixes #1495

Type of change

  • [X] Bug fix (non-breaking change which fixes an issue)
  • [ ] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [ ] This change requires a documentation update

How Has This Been Tested?

Checked on a new installation, with dédicated KRaft nodes

Checklist:

  • [X] Any variable/code changes have been validated to be backwards compatible (doesn't break upgrade)
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [ ] If required, I have ensured the changes can be discovered by cp-ansible discovery codebase
  • [ ] My code follows the style guidelines of this project
  • [X] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [X] My changes generate no new warnings
  • [X] Any dependent changes have been merged and published in downstream modules

piif avatar Oct 31 '23 15:10 piif

CLA assistant check
All committers have signed the CLA.

cla-assistant[bot] avatar Oct 31 '23 15:10 cla-assistant[bot]

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

Christian Lefebvre seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

cla-assistant[bot] avatar Oct 31 '23 15:10 cla-assistant[bot]

I just understood that I completly missed the point... kafka-storage must be used only for a first admin user creation, when initializing kraft Then, kafka-config must be used to create other users. I put back this PR in draft mode and I'll work on a new version,

piif avatar Nov 05 '23 22:11 piif

Thanks @piif for the contribution. However, there are some technical gaps in SCRAM in Kraft at the moment. Such as: Controller-controller communication does not support SCRAM auth, Controller-broker and broker-broker communication can support SCRAM which internally would require multiple authentication on single listener, which is not yet supported in CP-Ansible. We are working on it and plan to add SCRAM support in Kraft in future releases.

mansisinha avatar Dec 04 '23 09:12 mansisinha