I tried to setup ksqldb Basic auth in the following way, based on configuring-listener-for-http-basic-authenticationauthorization
version: '3.4'
services:
zookeeper:
image: 'bitnami/zookeeper:latest'
ports:
- '2181:2181'
environment:
- ALLOW_ANONYMOUS_LOGIN=yes
broker01:
image: 'bitnami/kafka:latest'
ports:
- '29092:29092'
environment:
- KAFKA_BROKER_ID=1
- KAFKA_CFG_LISTENER_SECURITY_PROTOCOL_MAP=CLIENT:PLAINTEXT,EXTERNAL:PLAINTEXT
- KAFKA_CFG_LISTENERS=CLIENT://broker01:9092,EXTERNAL://broker01:29092
- KAFKA_CFG_ADVERTISED_LISTENERS=CLIENT://broker01:9092,EXTERNAL://localhost:29092
- KAFKA_INTER_BROKER_LISTENER_NAME=CLIENT
- KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181
- ALLOW_PLAINTEXT_LISTENER=yes
depends_on:
- zookeeper
ksqldb-server:
image: confluentinc/ksqldb-server:0.21.0
hostname: ksqldb-server
container_name: ksqldb-server
depends_on:
- broker01
- connect
ports:
- "8088:8088"
environment:
KSQL_CONFIG_DIR: "/etc/ksql"
KSQL_BOOTSTRAP_SERVERS: "broker01:9092"
KSQL_HOST_NAME: ksqldb-server
KSQL_KSQL_CONNECT_URL: "http://connect:8083"
KSQL_LISTENERS: "http://0.0.0.0:8088"
KSQL_CACHE_MAX_BYTES_BUFFERING: 0
KSQL_SASL_MECHANISM: PLAIN
KSQL_OPTS: "-Dauthentication.method=BASIC -Dauthentication.realm=KsqlServer-Props -Dauthentication.roles=admin,user,ksql,cli -Djava.security.auth.login.config=/etc/ksqldb/jaas_config.file"
ksqldb-cli:
image: confluentinc/ksqldb-cli:0.21.0
depends_on:
- broker01
- ksqldb-server
entrypoint: /bin/sh
tty: true
docker compose up -d
I tried to create the config files from Powershell and then bash:
docker exec -it $(docker ps -q -f name=ksqldb-server) bash
cd ../../etc/ksqldb
echo "KsqlServer-Props {
org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
file="/etc/ksqldb/password-file"
debug="false";
};" >> jaas_config.file
echo "fred: MD5:0d107d09f5bbe40cade3de5c71e9e9b7,user,admin" >> password-file
Connecting to ksqldb-cli returns Unauthorized:
docker exec -it $(docker ps -q -f name=ksqldb-cli) ksql --user fred --password letmein http://192.168.11.215:8088
Couldn't connect to the KSQL server: Unauthorized
ksqldb logs:
[2021-10-07 18:36:31,737] ERROR Failed to create LoginContext. java.io.IOException: Configuration Error: Line 4: expected [option key] (io.confluent.ksql.api.auth.JaasAuthProvider:115) [2021-10-07 18:36:31,739] ERROR Failed to handle request 401 /info (io.confluent.ksql.api.server.FailureHandler:38) io.vertx.ext.web.handler.impl.HttpStatusException: Unauthorized Caused by: io.vertx.core.impl.NoStackTraceThrowable: Failed to create LoginContext. [2021-10-07 18:36:31,759] WARN 172.30.0.1 - - [Thu, 7 Oct 2021 18:36:31 GMT] "GET /info HTTP/1.1" 401 69 "-" "-" 0 (io.confluent.ksql.api.server.LoggingHandler:111) [2021-10-07 18:36:31,864] ERROR Failed to create LoginContext. java.io.IOException: Configuration Error: Line 4: expected [option key] (io.confluent.ksql.api.auth.JaasAuthProvider:115) [2021-10-07 18:36:31,865] ERROR Failed to handle request 401 /info (io.confluent.ksql.api.server.FailureHandler:38) io.vertx.ext.web.handler.impl.HttpStatusException: Unauthorized Caused by: io.vertx.core.impl.NoStackTraceThrowable: Failed to create LoginContext. [2021-10-07 18:36:31,866] WARN 172.30.0.1 - - [Thu, 7 Oct 2021 18:36:31 GMT] "GET /info HTTP/1.1" 401 69 "-" "-" 0 (io.confluent.ksql.api.server.LoggingHandler:111)
Could anyone suggest a working example of ksqldb BASIC authentication, please? Thank you.
UPDATE: I added a volume to my ksqldb-server container and put the jaas_config.file and password-file there. After I restarted the container I was able to log in with ksqldb-cli.
volumes:
- "C:/data:/etc/ksqldb/jaas/"
