trino icon indicating copy to clipboard operation
trino copied to clipboard

Published 20 hours ago verified publisher icon trinodb

Render environment variables in kafka resource properties file

Open aakashnand opened this issue 1 year ago • 2 comments

When I was trying to configure SASL settings for Kafka Connector, I tried using secrets https://trino.io/docs/current/security/secrets.html explained here. but the environment variables are not loaded in kafka-config.properties

Here are the settings I used

kafka_catalog.properties

connector.name=kafka
kafka.nodes=<BOOTSTRAP_SERVERS>
kafka.table-names=my-topic
kafka.hide-internal-columns=false
kafka.config.resources=/etc/trino/kafka-configuration.properties

kafka-configuration.properties

security.protocol=SASL_SSL
ssl.endpoint.identification.algorithm=
ssl.truststore.location=/etc/trino/kafka-trustore.jks
ssl.truststore.password=${ENV:KAFKA_TRUSTORE_PASS}

Apparently these values are showing following NULL error

Caused by: java.lang.IllegalArgumentException: Value not specified for key 'null' in JAAS config
	at org.apache.kafka.common.security.JaasConfig.parseAppConfigurationEntry(JaasConfig.java:116)
	at org.apache.kafka.common.security.JaasConfig.<init>(JaasConfig.java:63)
	at org.apache.kafka.common.security.JaasContext.load(JaasContext.java:90)
	at org.apache.kafka.common.security.JaasContext.loadClientContext(JaasContext.java:84)
	at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:124)
	at org.apache.kafka.common.network.ChannelBuilders.clientChannelBuilder(ChannelBuilders.java:67)
	at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:99)
	at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:741)

Additional Point:

  • If we could extend this to properties file we should try to extend it to .xml file which can be useful for hive.config.resources

aakashnand avatar Aug 10 '22 07:08 aakashnand

We should also update the document clarifying that secret may not work for some files on that line

aakashnand avatar Aug 10 '22 07:08 aakashnand

We're basically missing Bootstrap since we just call Properties#readProperties on whatever path is returned by KafkaConfig#getResourceConfigFiles.

BTW this is one of the downsides of such "escape hatches" provided by ability to passthrough arbitrary configs instead of building dedicated handling for a feature.

cc: @kokosing

hashhar avatar Aug 10 '22 07:08 hashhar