diff --git a/pom.xml b/pom.xml
index fcb5cd8d..c599f9ca 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,6 +18,8 @@
UTF-8
3.11.1
1.14.3
+ 1.0.0
+ 1.11.704
@@ -86,6 +88,11 @@
lombok
1.18.8
+
+ software.amazon.msk
+ aws-msk-iam-auth
+ ${msk.auth.version}
+
io.confluent
kafka-avro-serializer
@@ -154,6 +161,12 @@
spring-kafka
2.6.7
+
+
+ com.amazonaws
+ aws-java-sdk-sts
+ ${sts.sdk.version}
+
org.springframework.boot
spring-boot-starter-undertow
diff --git a/src/main/java/kafdrop/config/KafkaConfiguration.java b/src/main/java/kafdrop/config/KafkaConfiguration.java
index e866cf81..0df0c745 100644
--- a/src/main/java/kafdrop/config/KafkaConfiguration.java
+++ b/src/main/java/kafdrop/config/KafkaConfiguration.java
@@ -23,11 +23,17 @@ public final class KafkaConfiguration {
private String truststoreFile;
private String propertiesFile;
private String keystoreFile;
+ private String jaasConfig;
+ private String clientCallback;
+ private String iamEnabled;
public void applyCommon(Properties properties) {
properties.setProperty(CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG, brokerConnect);
+
if (isSecured) {
LOG.warn("The 'isSecured' property is deprecated; consult README.md on the preferred way to configure security");
+ LOG.info("Setting security protocol to {}", securityProtocol);
+ LOG.info("Setting sasl mechanism to {}", saslMechanism);
properties.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, securityProtocol);
properties.put(SaslConfigs.SASL_MECHANISM, saslMechanism);
}
@@ -37,6 +43,12 @@ public void applyCommon(Properties properties) {
LOG.info("Assigning truststore location to {}", truststoreFile);
properties.put("ssl.truststore.location", truststoreFile);
}
+ LOG.info("Is iam enabled : {}", iamEnabled);
+ if (Boolean.parseBoolean(iamEnabled)) {
+ LOG.info("Setting sasl.jaas.config {} and sasl and callback callback properties {}", jaasConfig, clientCallback);
+ properties.put(SaslConfigs.SASL_CLIENT_CALLBACK_HANDLER_CLASS, clientCallback);
+ properties.put(SaslConfigs.SASL_JAAS_CONFIG, jaasConfig);
+ }
LOG.info("Checking keystore file {}", keystoreFile);
if (new File(keystoreFile).isFile()) {
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 23bdeb25..a80190d0 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -28,9 +28,12 @@ kafdrop.monitor:
kafka:
brokerConnect: localhost:9092
- isSecured: false
- saslMechanism: "PLAIN"
- securityProtocol: "SASL_PLAINTEXT"
+ isSecured: "${KAFKA_IS_SECURED:false}"
+ saslMechanism: "${KAFKA_SASL_MECHANISM:PLAIN}"
+ securityProtocol: "${KAFKA_SECURITY_PROTOCOL:SASL_PLAINTEXT}"
truststoreFile: "${KAFKA_TRUSTSTORE_FILE:kafka.truststore.jks}"
propertiesFile : "${KAFKA_PROPERTIES_FILE:kafka.properties}"
- keystoreFile: "${KAFKA_KEYSTORE_FILE:kafka.keystore.jks}"
\ No newline at end of file
+ keystoreFile: "${KAFKA_KEYSTORE_FILE:kafka.keystore.jks}"
+ iamEnabled: "${KAFKA_IAM_ENABLED:false}"
+ jaasConfig: "${KAFKA_JAAS_CONFIG}"
+ clientCallback: "software.amazon.msk.auth.iam.IAMClientCallbackHandler"