From 1835248370e13d22f7bb316e63af640fd36425d8 Mon Sep 17 00:00:00 2001
From: Anatoly Zelenin <anatoly@zelenin.de>
Date: Fri, 21 Jun 2019 16:31:16 +0200
Subject: [PATCH] Init: Translate environment variables to parameters

For following scripts:

* bin/kafka-console-consumer.sh
* bin/kafka-console-producer.sh
* bin/kafka-topics.sh
---
 bin/kafka-console-consumer.sh |   9 +++
 bin/kafka-console-producer.sh |   8 +++
 bin/kafka-topics.sh           |   2 +
 bin/utils.sh                  | 130 ++++++++++++++++++++++++++++++++++
 4 files changed, 149 insertions(+)
 create mode 100644 bin/utils.sh

diff --git a/bin/kafka-console-consumer.sh b/bin/kafka-console-consumer.sh
index d8cdb2f..d2a1457 100755
--- a/bin/kafka-console-consumer.sh
+++ b/bin/kafka-console-consumer.sh
@@ -18,4 +18,13 @@ if [ "x$KAFKA_HEAP_OPTS" = "x" ]; then
     export KAFKA_HEAP_OPTS="-Xmx512M"
 fi
 
+
+# Translate environment variables to parameters
+PARAMS="$@"
+DIR=$( dirname "${BASH_SOURCE[0]}" )
+source "$DIR/utils.sh"
+
+PARAMS=$(add_param_from_env "$KAFKA_BOOTSTRAP_SERVERS" "--bootstrap-server" "$PARAMS")
+PARAMS=$(add_ssl_to_params "$KAFKA_CA_CERT_LOCATION" "$KAFKA_USER_CERT_LOCATION" "$KAFKA_USER_KEY_LOCATION" "--consumer-property" "$PARAMS")
+
 exec $(dirname $0)/kafka-run-class.sh kafka.tools.ConsoleConsumer $PARAMS
diff --git a/bin/kafka-console-producer.sh b/bin/kafka-console-producer.sh
index 301cb83..a8ae17a 100755
--- a/bin/kafka-console-producer.sh
+++ b/bin/kafka-console-producer.sh
@@ -18,4 +18,12 @@ if [ "x$KAFKA_HEAP_OPTS" = "x" ]; then
     export KAFKA_HEAP_OPTS="-Xmx512M"
 fi
 
+# Translate environment variables to parameters
+PARAMS="$@"
+DIR=$( dirname "${BASH_SOURCE[0]}" )
+source "$DIR/utils.sh"
+
+PARAMS=$(add_param_from_env "$KAFKA_BOOTSTRAP_SERVERS" "--bootstrap-server" "$PARAMS")
+PARAMS=$(add_ssl_to_params "$KAFKA_CA_CERT_LOCATION" "$KAFKA_USER_CERT_LOCATION" "$KAFKA_USER_KEY_LOCATION" "--producer-property" "$PARAMS")
+
 exec $(dirname $0)/kafka-run-class.sh kafka.tools.ConsoleProducer "$@"
diff --git a/bin/kafka-topics.sh b/bin/kafka-topics.sh
index 4a93f6e..245d3a2 100755
--- a/bin/kafka-topics.sh
+++ b/bin/kafka-topics.sh
@@ -19,4 +19,6 @@ PARAMS="$@"
 DIR=$( dirname "${BASH_SOURCE[0]}" )
 source "$DIR/utils.sh"
 
+PARAMS=$(add_param_from_env "$KAFKA_ZOOKEEPER" "--zookeeper" "$PARAMS")
+
 exec $(dirname $0)/kafka-run-class.sh kafka.admin.TopicCommand $PARAMS
diff --git a/bin/utils.sh b/bin/utils.sh
new file mode 100644
index 0000000..fad30dc
--- /dev/null
+++ b/bin/utils.sh
@@ -0,0 +1,130 @@
+#!/bin/bash
+function add_param_from_env() {
+    local ENVVAR="$1"
+    local PARAM="$2"
+    local PARAMS="$3"
+    if [ -z "$PARAM" ] ; then
+        echo "usage: add_param_from_env [ENVVAR] [PARAM] [PARAMS]"
+        return 1
+    fi
+    if [ ! -z "$ENVVAR" ] ; then
+        if [ "$(echo "$PARAMS" | grep -- "$PARAM" || echo "false")" == "false" ] ; then
+            PARAMS="$PARAM $ENVVAR $PARAMS"
+        fi
+    fi
+    echo "$PARAMS"
+}
+
+function add_config_from_env() {
+    local ENVVAR="$1"
+    local ARGNAME="$2"
+    local PARAM="$3"
+    local PARAMS="$4"
+    if [ -z "$PARAM" ] ; then
+        echo "usage: add_config_from_env [ENVVAR] [ARGNAME] [PARAM] [PARAMS]"
+        return 1
+    fi
+    if [ ! -z "$ENVVAR" ] ; then
+        PARAMS="$ARGNAME $PARAM=$ENVVAR $PARAMS"
+    fi
+    echo "$PARAMS"
+}
+
+function pem_to_truststore() {
+    local KEYSTORE_LOCATION="$1"
+    local CERT_LOCATION="$2"
+    local KEYSTORE_PASSWORD="$3"
+    local KEY_ALIAS="$4"
+    if [ -z "$KEY_ALIAS" ] ; then
+        echo "usage: pem_to_truststore [KEYSTORE_LOCATION] [CERT_LOCATION] [KEYSTORE_PASSWORD] [KEY_ALIAS]"
+        return 1
+    fi
+    keytool -import -noprompt \
+            -keystore "$KEYSTORE_LOCATION" \
+             -file "$CERT_LOCATION" \
+            -storepass "$KEYSTORE_PASSWORD" \
+            -alias "$KEY_ALIAS"
+}
+
+function pem_to_keystore() {
+    local KEYSTORE_LOCATION="$1"
+    local CERT_LOCATION="$2"
+    local KEYSTORE_PASSWORD="$3"
+    local KEY_ALIAS="$4"
+    local KEY_LOCATION="$5"
+    if [ -z "$KEY_LOCATION" ] ; then
+        echo "usage: pem_to_keystore [KEYSTORE_LOCATION] [CERT_LOCATION] [KEYSTORE_PASSWORD] [KEY_ALIAS] [KEY_LOCATION]"
+        return 1
+    fi
+
+    # If a key and a cert is given, create a keystore
+    PEMFILE=$(mktemp)
+    PKCS12FILE=$(mktemp)
+    cat "$KEY_LOCATION" "$CERT_LOCATION" > $PEMFILE
+
+    # Create pkcs12 file
+    openssl pkcs12 -export \
+            -out $PKCS12FILE \
+            -in $PEMFILE \
+            -passout pass:"$KEYSTORE_PASSWORD"
+
+    # Create Java Keystore
+    keytool -v -importkeystore \
+            -srckeystore $PKCS12FILE \
+            -srcstoretype PKCS12 \
+            -destkeystore "$KEYSTORE_LOCATION" \
+            -storepass "$KEYSTORE_PASSWORD" \
+            -srcstorepass "$KEYSTORE_PASSWORD" \
+            -alias 1 \
+            -destalias "$KEY_ALIAS"
+
+    rm $PEMFILE $PKCS12FILE
+}
+
+function rand_str() {
+    LENGTH=$1
+    if [ -z "$LENGTH" ] ; then
+        LENGTH=10
+    fi
+    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w $LENGTH | head -n 1
+}
+
+function add_ssl_to_params() {
+    local CA_CERT_LOCATION="$1"
+    local USER_CERT_LOCATION="$2"
+    local USER_KEY_LOCATION="$3"
+    local CONFIG_ARG="$4"
+    local PARAMS="$5"
+
+    if [ ! -z "$CA_CERT_LOCATION" ] || [ ! -z "$USER_KEY_LOCATION" ] || [ ! -z "$USER_CERT_LOCATION" ] ; then
+        if [ -z "$CA_CERT_LOCATION" ] ; then
+            echo "Missing \$CA_CERT_LOCATION!"
+            exit 1
+        fi
+        if [ -z "$USER_CERT_LOCATION" ] ; then
+            echo "Missing \$USER_CERT_LOCATION!"
+            exit 1
+        fi
+        if [ -z "$USER_KEY_LOCATION" ] ; then
+            echo "Missing \$USER_KEY_LOCATION!"
+            exit 1
+        fi
+        KEYSTORE_PASSWORD=$(rand_str 20)
+        KEY_ALIAS="mykey"
+
+        PARAMS=$(add_config_from_env "ssl" "$CONFIG_ARG" "security.protocol" "$PARAMS")
+
+        # Keystore
+        KEYSTORE_LOCATION=/tmp/kafka-keystore-$(rand_str 5).jks
+        pem_to_keystore "$KEYSTORE_LOCATION" "$USER_CERT_LOCATION" "$KEYSTORE_PASSWORD" "$KEY_ALIAS" "$USER_KEY_LOCATION" 2&>1 > /dev/null
+        PARAMS=$(add_config_from_env "$KEYSTORE_LOCATION" "$CONFIG_ARG" "ssl.keystore.location" "$PARAMS")
+        PARAMS=$(add_config_from_env "$KEYSTORE_PASSWORD" "$CONFIG_ARG" "ssl.keystore.password" "$PARAMS")
+
+        # Truststore
+        TRUSTSTORE_LOCATION=/tmp/kafka-truststore-$(rand_str 5).jks
+        pem_to_truststore "$TRUSTSTORE_LOCATION" "$CA_CERT_LOCATION" "$KEYSTORE_PASSWORD" "$KEY_ALIAS" 2&>1 > /dev/null
+        PARAMS=$(add_config_from_env "$TRUSTSTORE_LOCATION" "$CONFIG_ARG" "ssl.truststore.location" "$PARAMS")
+        PARAMS=$(add_config_from_env "$KEYSTORE_PASSWORD" "$CONFIG_ARG" "ssl.truststore.password" "$PARAMS")
+    fi
+    echo "$PARAMS"
+}