Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

info: Authentication support for kafka and schema registry #1

Open
fjvierap opened this issue Jan 16, 2024 · 5 comments
Open

info: Authentication support for kafka and schema registry #1

fjvierap opened this issue Jan 16, 2024 · 5 comments

Comments

@fjvierap
Copy link

We are evaluating the usage of karate kafka addon. The addon seem to be very good for our use case for end to testing. But our kafka cluster and schema registry requires authentication and not sure it this is supported by the addon.

We use confluent and schema registry basic authentication with API Key and API secret.

Is there some example we can use as reference?
@ptrthomas
Copy link
Member

@fjvierap please have a look at this example for MTLS using a cert + keystore: https://github.com/karatelabs/karate-examples/blob/main/kafka-mtls/README.md

so the short answer is since you have full control over all kafka config properties, anything supported by kafka should work
the MTLS example was quite complex to set up, I'm hoping basic auth should be relatively simpler

let me know how it goes

@fjvierap
Copy link
Author

fjvierap commented Jan 16, 2024
edited
Loading

Ok thanks...

Then it is clear that this will work for kafka:

			"security.protocol":        "SASL_SSL",
			"sasl.username":            config.Username,
			"sasl.password":            config.Password,

And i guess this will work for schema registry

basic.auth.credentials.source=USER_INFO,basic.auth.user.info=<username>:<password>

@ptrthomas
Copy link
Member

@fjvierap thanks, I'll close this when we update the docs

@fjvierap
Copy link
Author

For kafka we had to add the following properties en configuration:

'sasl.mechanism' : 'PLAIN',
  'sasl.jaas.config': 'org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="password";',

We managed to connect with schema registry

'schema.registry.basic.auth.credentials.source' : 'USER_INFO',
'schema.registry.basic.auth.user.info' : 'user:password'

But in logs we see this error even the test is working as expected

17:26:36.339 [main] DEBUG com.intuit.karate - response time in milliseconds: 2
30 < 401
30 < WWW-Authenticate: basic realm="SchemaRegistry"
30 < Content-Type: application/json;charset=iso-8859-1
30 < Content-Length: 43
{"error_code":401,"message":"Unauthorized"}

@ptrthomas
Copy link
Member

@fjvierap thanks that is something we can improve, it is because we attempt a plain HTTP get to wait until the schema registry is up - it doesn't matter if it returns a 401 :) please keep the feedback coming

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ptrthomas @fjvierap