Comments (7)
From what I can gather, zookeeper is the only option with Amazon MSK for managing ACLs. So it doesn't seem this is supporting Amazon MSK at all if I am not mistaken. Has anyone got this working with MSK?
from terraform-provider-kafka.
@arinhouck, I was able to create ACL over MKS using plaintext
According to your code I can suggest turning on skip_tls_verify
attribute to true, and trying again.
I'd suggest setting up the provider in the following way.
provider "kafka" {
bootstrap_servers = split(",", var.servers)
tls_enabled = false
skip_tls_verify = true
}
from terraform-provider-kafka.
@hugolesta if create ACL over MSK using SSL, It's failed. so do you have solution for that? As we know, considering security requirement, in common, using SSL is required in Production Environment.thanks
from terraform-provider-kafka.
@arinhouck have any update? I also encounter the same issue with you.
from terraform-provider-kafka.
@arinhouck, I was able to create ACL over MKS using plaintext
According to your code I can suggest turning on
skip_tls_verify
attribute to true, and trying again.I'd suggest setting up the provider in the following way.
provider "kafka" { bootstrap_servers = split(",", var.servers) tls_enabled = false skip_tls_verify = true }
Plaintext on which server urls? I'd assume bootstrap ones. You sure you are using zookeeper? As from what I understand the library maps to --bootstrap-server ...
it doesn't use --zookeeper.connect=...
. Is your cluster public as well?
@qq304635576 I ditched SCRAM and zookeeper. I ended up using IAM Auth which allows you to bypass zookeeper. I used https://github.com/devshawn/kafka-gitops using the following script from this comment to setup IAM auth.
devshawn/kafka-gitops#82 (comment)
from terraform-provider-kafka.
@arinhouck Actually, Looks like no need to care about zookeeper, I can modify ACL by a client app named "offset explorer 2" without configuring Zookeeper over MSK using SASL_SSL manually. IAM Auth is a new feature, which is owned by AWS MSK only. considering MSK as bus info channel, It should be the most widely compatible with apps for auth. that's why I chose SASL_SSL. moreover, will check your recommendation, maybe I will change to IAM auth in future. thanks.
from terraform-provider-kafka.
@arinhouck
Good news! I tested again via SASL_SSL & Port:9096. It woks.
(1) Set up as below:
provider "msk" {
bootstrap_servers = var.msk_kafka_brokers
tls_enabled = true
skip_tls_verify = true
sasl_username = local.raw_data.username
sasl_password = local.raw_data.password
sasl_mechanism = "scram-sha512"
}
(2)Terraform output:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
- create
Terraform will perform the following actions:
##kafka_acl.brokertopic will be created
- resource "kafka_acl" "brokertopic" {
- acl_host = "*"
- acl_operation = "All"
- acl_permission_type = "Allow"
- acl_principal = "User:broker"
- id = (known after apply)
- resource_name = "TEST_"
- resource_pattern_type_filter = "Prefixed"
- resource_type = "Topic"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
kafka_acl.brokertopic: Creating...
kafka_acl.brokertopic: Creation complete after 2s [id=User:broker|*|All|Allow|Topic|TEST_|Prefixed]
Releasing state lock. This may take a few moments...
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
from terraform-provider-kafka.
Related Issues (20)
- Import of Scram Credential Resource
- password changes in scram credentials not detected HOT 1
- AWS MSK fresh cluster first apply fails because SASLS SCRAM secrets association is delayed
- Enable the GSSAPI SASL mechanism for kerberos-based authentication
- Add support for oauthbearer as the sasl mechanism HOT 6
- Unable to use aws-iam with Apache Kafka version 2.5.1 HOT 1
- Provider not working since version 0.6 HOT 20
- Terraform Plan takes a long time waiting for topics (intermittent)
- Ho do I use a PKCS12 keystore for MSK authentication?
- Version 0.7.0 does error on aim auth in comparison to 0.6.0 HOT 6
- Version 0.7.0 and 0.6.0 not working for kafka TLS brokers to create topics
- Version 0.7.0 and 0.6.0 not working for kafka TLS brokers to create topics
- Using this provider with multiple AWS Kafka clusters in the same AWS account
- Provider wants to replace existing kafka_acls when a new entry/ creating new resource is being added. HOT 6
- `terraform plan` returns unexpected diff if brokers have cluster-wide default config HOT 1
- Overrides for Topic Placement Policy HOT 1
- Kafka Compatibility Query HOT 2
- Kafka Broker Issue HOT 1
- Provider Cannot Assume Role From EKS HOT 1
- Empty Summary: This is always a bug in the provider and should be reported to the provider developers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-kafka.