tmp fix

Author: vdesabou

other/broker-schema-validation/2way-ssl-and-security-plugin.sh

@@ -10,7 +10,14 @@ if ! version_gt $TAG_BASE "5.3.99"; then
     exit 111
 fi
 
-playground start-environment --environment 2way-ssl --docker-compose-override-file "${PWD}/docker-compose.2way-ssl.security-plugin.yml"
+if [ ! -z $ENABLE_KRAFT ]
+then
+  # KRAFT mode
+  playground start-environment --environment 2way-ssl --docker-compose-override-file "${PWD}/docker-compose.2way-ssl.security-plugin-kraft.yml"
+else
+  # Zookeeper mode
+  playground start-environment --environment 2way-ssl --docker-compose-override-file "${PWD}/docker-compose.2way-ssl.security-plugin.yml"
+fi
 
 docker exec schema-registry sr-acl-cli --config /etc/schema-registry/schema-registry.properties --add -s '*' -p read -o SUBJECT_READ
 docker exec schema-registry sr-acl-cli --config /etc/schema-registry/schema-registry.properties --add -s '*' -p write -o SUBJECT_WRITE

other/broker-schema-validation/2way-ssl.sh

@@ -10,7 +10,14 @@ if ! version_gt $TAG_BASE "5.3.99"; then
     exit 111
 fi
 
-playground start-environment --environment 2way-ssl --docker-compose-override-file "${PWD}/docker-compose.2way-ssl.yml"
+if [ ! -z $ENABLE_KRAFT ]
+then
+  # KRAFT mode
+  playground start-environment --environment 2way-ssl --docker-compose-override-file "${PWD}/docker-compose.2way-ssl-kraft.yml"
+else
+  # Zookeeper mode
+  playground start-environment --environment 2way-ssl --docker-compose-override-file "${PWD}/docker-compose.2way-ssl.yml"
+fi
 
 log "Create topic topic-validation"
 docker exec broker kafka-topics --bootstrap-server broker:9092 --create --topic topic-validation --partitions 1 --replication-factor 1 --command-config /etc/kafka/secrets/client_without_interceptors.config --config confluent.key.schema.validation=true --config confluent.value.schema.validation=true

other/broker-schema-validation/docker-compose.2way-ssl-kraft.yml

@@ -0,0 +1,27 @@
+---
+services:
+
+  controller:
+    volumes:
+      - ../../environment/2way-ssl/security:/etc/kafka/secrets
+    environment:
+      KAFKA_CONFLUENT_SCHEMA_REGISTRY_URL: "https://schema-registry:8081"
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/kafka.client.truststore.jks
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.client.keystore.jks
+      KAFKA_CONFLUENT_SSL_KEYSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEY_PASSWORD: confluent
+
+
+  broker:
+    environment:
+      KAFKA_CONFLUENT_SCHEMA_REGISTRY_URL: "https://schema-registry:8081"
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/kafka.client.truststore.jks
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.client.keystore.jks
+      KAFKA_CONFLUENT_SSL_KEYSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEY_PASSWORD: confluent
+
+  schema-registry:
+    ports:
+      - "8081:8081"

other/broker-schema-validation/docker-compose.2way-ssl.security-plugin-kraft.yml

@@ -0,0 +1,47 @@
+---
+services:
+  
+  controller:
+    volumes:
+      - ../../environment/2way-ssl/security:/etc/kafka/secrets
+    environment:
+      KAFKA_CONFLUENT_SCHEMA_REGISTRY_URL: "https://schema-registry:8081"
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/kafka.client.truststore.jks
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.client.keystore.jks
+      KAFKA_CONFLUENT_SSL_KEYSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEY_PASSWORD: confluent
+      KAFKA_CONFLUENT_BASIC_AUTH_CREDENTIALS_SOURCE: USER_INFO
+      KAFKA_CONFLUENT_BASIC_AUTH_USER_INFO: 'read:read'
+
+  broker:
+    environment:
+      KAFKA_CONFLUENT_SCHEMA_REGISTRY_URL: "https://schema-registry:8081"
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_LOCATION: /etc/kafka/secrets/kafka.client.truststore.jks
+      KAFKA_CONFLUENT_SSL_TRUSTSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEYSTORE_LOCATION: /etc/kafka/secrets/kafka.client.keystore.jks
+      KAFKA_CONFLUENT_SSL_KEYSTORE_PASSWORD: confluent
+      KAFKA_CONFLUENT_SSL_KEY_PASSWORD: confluent
+      KAFKA_CONFLUENT_BASIC_AUTH_CREDENTIALS_SOURCE: USER_INFO
+      KAFKA_CONFLUENT_BASIC_AUTH_USER_INFO: 'read:read'
+
+  schema-registry:
+    ports:
+      - "8081:8081"
+    environment:
+      CUB_CLASSPATH: '/etc/confluent/docker/docker-utils.jar:/usr/share/java/cp-base-new/*:/usr/share/java/confluent-security/schema-registry/*:/usr/share/java/schema-registry/*'
+      SCHEMA_REGISTRY_KAFKASTORE_TOPIC: "schemas-security-plugin"
+      SCHEMA_REGISTRY_SCHEMA_REGISTRY_RESOURCE_EXTENSION_CLASS: "io.confluent.kafka.schemaregistry.security.SchemaRegistrySecurityResourceExtension"
+      SCHEMA_REGISTRY_CONFLUENT_SCHEMA_REGISTRY_AUTHORIZER_CLASS: io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SchemaRegistryAclAuthorizer
+      SCHEMA_REGISTRY_AUTHENTICATION_METHOD: "BASIC"
+      SCHEMA_REGISTRY_AUTHENTICATION_ROLES: "write,read,admin"
+      SCHEMA_REGISTRY_AUTHENTICATION_REALM: "Schema"
+      SCHEMA_REGISTRY_OPTS: "-Djava.security.auth.login.config=/tmp/jaas_config.file"
+      SCHEMA_REGISTRY_CONFLUENT_SCHEMA_REGISTRY_AUTH_MECHANISM: "JETTY_AUTH"
+      SCHEMA_REGISTRY_CONFLUENT_LICENSE_REPLICATION_FACTOR: 1
+      # SCHEMA_REGISTRY_CONFLUENT_LICENSE: $CONFLUENT_LICENSE
+      # required prior to 6.x, see https://github.com/vdesabou/kafka-docker-playground/issues/1182
+      SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: zookeeper:2181
+    volumes:
+      - ../../other/schema-registry-security-plugin/jaas_config.file:/tmp/jaas_config.file
+      - ../../other/schema-registry-security-plugin/password-file:/tmp/password-file