diff options
author | Michal Arbet <michal.arbet@ultimum.io> | 2019-11-15 11:30:50 +0100 |
---|---|---|
committer | Michal Arbet <michal.arbet@ultimum.io> | 2020-01-16 23:26:53 +0100 |
commit | 5a43d4548a8cab82222d8d4d0fddc246a1f1fa32 (patch) | |
tree | a829162d0bf39f5bb4b92feea5f8482fc2d1a11c | |
parent | 04b2b5d451df7d5aa4047a6b38aa364c400602a3 (diff) | |
download | oslo-messaging-5a43d4548a8cab82222d8d4d0fddc246a1f1fa32.tar.gz |
Add support for kafka SSL autentication
Change-Id: Idef066a2e3b4923789a6b081d5442e931aba4507
-rw-r--r-- | oslo_messaging/_drivers/impl_kafka.py | 11 | ||||
-rw-r--r-- | oslo_messaging/_drivers/kafka_driver/kafka_options.py | 14 | ||||
-rw-r--r-- | oslo_messaging/tests/drivers/test_impl_kafka.py | 8 | ||||
-rw-r--r-- | releasenotes/notes/add-ssl-support-for-kafka.yaml | 9 |
4 files changed, 39 insertions, 3 deletions
diff --git a/oslo_messaging/_drivers/impl_kafka.py b/oslo_messaging/_drivers/impl_kafka.py index 88fdb7e..6729f87 100644 --- a/oslo_messaging/_drivers/impl_kafka.py +++ b/oslo_messaging/_drivers/impl_kafka.py @@ -101,6 +101,9 @@ class Connection(object): self.security_protocol = self.driver_conf.security_protocol self.sasl_mechanism = self.driver_conf.sasl_mechanism self.ssl_cafile = self.driver_conf.ssl_cafile + self.ssl_client_cert_file = self.driver_conf.ssl_client_cert_file + self.ssl_client_key_file = self.driver_conf.ssl_client_key_file + self.ssl_client_key_password = self.driver_conf.ssl_client_key_password self.url = url self.virtual_host = url.virtual_host self._parse_url() @@ -238,6 +241,9 @@ class ConsumerConnection(Connection): 'sasl.username': self.username, 'sasl.password': self.password, 'ssl.ca.location': self.ssl_cafile, + 'ssl.certificate.location': self.ssl_client_cert_file, + 'ssl.key.location': self.ssl_client_key_file, + 'ssl.key.password': self.ssl_client_key_password, 'enable.partition.eof': False, 'default.topic.config': {'auto.offset.reset': 'latest'} } @@ -323,7 +329,10 @@ class ProducerConnection(Connection): 'sasl.mechanism': self.sasl_mechanism, 'sasl.username': self.username, 'sasl.password': self.password, - 'ssl.ca.location': self.ssl_cafile + 'ssl.ca.location': self.ssl_cafile, + 'ssl.certificate.location': self.ssl_client_cert_file, + 'ssl.key.location': self.ssl_client_key_file, + 'ssl.key.password': self.ssl_client_key_password } self.producer = confluent_kafka.Producer(conf) diff --git a/oslo_messaging/_drivers/kafka_driver/kafka_options.py b/oslo_messaging/_drivers/kafka_driver/kafka_options.py index c1b8bef..754711e 100644 --- a/oslo_messaging/_drivers/kafka_driver/kafka_options.py +++ b/oslo_messaging/_drivers/kafka_driver/kafka_options.py @@ -73,7 +73,19 @@ KAFKA_OPTS = [ cfg.StrOpt('ssl_cafile', default='', help='CA certificate PEM file used to verify the server' - ' certificate') + ' certificate'), + + cfg.StrOpt('ssl_client_cert_file', + default='', + help='Client certificate PEM file used for authentication.'), + + cfg.StrOpt('ssl_client_key_file', + default='', + help='Client key PEM file used for authentication.'), + + cfg.StrOpt('ssl_client_key_password', + default='', + help='Client key password file used for authentication.') ] diff --git a/oslo_messaging/tests/drivers/test_impl_kafka.py b/oslo_messaging/tests/drivers/test_impl_kafka.py index 0af8c05..72a8683 100644 --- a/oslo_messaging/tests/drivers/test_impl_kafka.py +++ b/oslo_messaging/tests/drivers/test_impl_kafka.py @@ -113,7 +113,10 @@ class TestKafkaDriver(test_utils.BaseTestCase): 'sasl.mechanism': 'PLAIN', 'sasl.username': mock.ANY, 'sasl.password': mock.ANY, - 'ssl.ca.location': '' + 'ssl.ca.location': '', + 'ssl.certificate.location': '', + 'ssl.key.location': '', + 'ssl.key.password': '', }) def test_listen(self): @@ -139,6 +142,9 @@ class TestKafkaDriver(test_utils.BaseTestCase): 'sasl.username': mock.ANY, 'sasl.password': mock.ANY, 'ssl.ca.location': '', + 'ssl.certificate.location': '', + 'ssl.key.location': '', + 'ssl.key.password': '', 'default.topic.config': {'auto.offset.reset': 'latest'} }) diff --git a/releasenotes/notes/add-ssl-support-for-kafka.yaml b/releasenotes/notes/add-ssl-support-for-kafka.yaml new file mode 100644 index 0000000..170c17e --- /dev/null +++ b/releasenotes/notes/add-ssl-support-for-kafka.yaml @@ -0,0 +1,9 @@ +--- +features: + - | + | SSL support for oslo_messaging's kafka driver + | Next configuration params was added + + * *ssl_client_cert_file* (default='') + * *ssl_client_key_file* (default='') + * *ssl_client_key_password* (default='') |