Comments (5)
azhurbilo
commented on August 20, 2024
1
Today get the same error: Error: tls: failed to parse private key
with latest provider version: "= v0.2.9"
My "client_key" also encrypted with password but "client_key_passphrase" doesn't help
My certificate private key in this format
-----BEGIN ENCRYPTED PRIVATE KEY-----
XXXXXXX==
-----END ENCRYPTED PRIVATE KEY-----
@Mongey may be such format not covered in test? I see https://github.com/Mongey/terraform-provider-kafka/blob/9fc87abc86c42b96041dfb6271808c2d62e637a5/secrets/kafkacat.client.key looks they are in different format
from terraform-provider-kafka.
yohei1126
commented on August 20, 2024
sorry I was using encrypted private key.
Then I got different error.
$ openssl rsa -in private_key.txt -out decrypted_key.pem
$ terraform plan
Error: kafka: client has run out of available brokers to talk to (Is your cluster reachable?)
on kafka.tf line 1, in provider "kafka":
1: provider "kafka" {
from terraform-provider-kafka.
Mongey
commented on August 20, 2024
Can you post with TF_LOG=debug with the decrypted key ? or, can it still not parse ?
I need to invest some time into adding TLS tests 😅
from terraform-provider-kafka.
yohei1126
commented on August 20, 2024
Confirmed that this plugin does not support encrypted private key.
from terraform-provider-kafka.
yohei1126
commented on August 20, 2024
I am trying to connect from simple program with sarama but it failed to connect to kafka broker.
2019/07/24 13:26:19 unable to create kafka client: "kafka: client has run out of available
brokers to talk to (Is your cluster reachable?)"
package main
import (
"crypto/tls"
"crypto/x509"
"io/ioutil"
"log"
"os"
"os/signal"
"sync"
"github.com/Shopify/sarama"
)
func main() {
tlsConfig, err := NewTLSConfig(
"./certs/Certificate.txt",
"./certs/decrypted_key.pem",
"./certs/CACertificate.pem")
if err != nil {
log.Fatal(err)
}
// This can be used on test server if domain does not match cert:
// tlsConfig.InsecureSkipVerify = true
consumerConfig := sarama.NewConfig()
consumerConfig.Net.TLS.Enable = true
consumerConfig.Net.TLS.Config = tlsConfig
client, err := sarama.NewClient([]string{"my.kafka.io:19092"}, consumerConfig)
if err != nil {
log.Fatalf("unable to create kafka client: %q", err)
}
log.Println("created kafka client")
consumer, err := sarama.NewConsumerFromClient(client)
if err != nil {
log.Fatal(err)
}
log.Println("created consumer")
defer consumer.Close()
consumerLoop(consumer, "mytopic")
}
// NewTLSConfig generates a TLS configuration used to authenticate on server with
// certificates.
// Parameters are the three pem files path we need to authenticate: client cert, client key and CA cert.
func NewTLSConfig(clientCertFile, clientKeyFile, caCertFile string) (*tls.Config, error) {
tlsConfig := tls.Config{}
// Load client cert
cert, err := tls.LoadX509KeyPair(clientCertFile, clientKeyFile)
if err != nil {
return &tlsConfig, err
}
tlsConfig.Certificates = []tls.Certificate{cert}
// Load CA cert
caCert, err := ioutil.ReadFile(caCertFile)
if err != nil {
return &tlsConfig, err
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
tlsConfig.RootCAs = caCertPool
tlsConfig.BuildNameToCertificate()
return &tlsConfig, err
}
func consumerLoop(consumer sarama.Consumer, topic string) {
partitions, err := consumer.Partitions(topic)
if err != nil {
log.Println("unable to fetch partition IDs for the topic", topic, err)
return
}
// Trap SIGINT to trigger a shutdown.
signals := make(chan os.Signal, 1)
signal.Notify(signals, os.Interrupt)
var wg sync.WaitGroup
for partition := range partitions {
wg.Add(1)
go func() {
consumePartition(consumer, int32(partition), signals)
wg.Done()
}()
}
wg.Wait()
}
func consumePartition(consumer sarama.Consumer, partition int32, signals chan os.Signal) {
log.Println("Receving on partition", partition)
partitionConsumer, err := consumer.ConsumePartition("test", partition, sarama.OffsetNewest)
if err != nil {
log.Println(err)
return
}
defer func() {
if err := partitionConsumer.Close(); err != nil {
log.Println(err)
}
}()
consumed := 0
ConsumerLoop:
for {
select {
case msg := <-partitionConsumer.Messages():
log.Printf("Consumed message offset %d\nData: %s\n", msg.Offset, msg.Value)
consumed++
case <-signals:
break ConsumerLoop
}
}
log.Printf("Consumed: %d\n", consumed)
}
from terraform-provider-kafka.
Related Issues (20)
- password changes in scram credentials not detected HOT 1
- AWS MSK fresh cluster first apply fails because SASLS SCRAM secrets association is delayed
- Enable the GSSAPI SASL mechanism for kerberos-based authentication
- Add support for oauthbearer as the sasl mechanism HOT 6
- Unable to use aws-iam with Apache Kafka version 2.5.1 HOT 1
- Provider not working since version 0.6 HOT 22
- Terraform Plan takes a long time waiting for topics (intermittent)
- Ho do I use a PKCS12 keystore for MSK authentication?
- Version 0.7.0 does error on aim auth in comparison to 0.6.0 HOT 6
- Version 0.7.0 and 0.6.0 not working for kafka TLS brokers to create topics
- Version 0.7.0 and 0.6.0 not working for kafka TLS brokers to create topics
- Using this provider with multiple AWS Kafka clusters in the same AWS account HOT 1
- Provider wants to replace existing kafka_acls when a new entry/ creating new resource is being added. HOT 7
- `terraform plan` returns unexpected diff if brokers have cluster-wide default config HOT 1
- Overrides for Topic Placement Policy HOT 1
- Kafka Compatibility Query HOT 2
- Kafka Broker Issue HOT 1
- Provider Cannot Assume Role From EKS HOT 2
- Empty Summary: This is always a bug in the provider and should be reported to the provider developers
- MSK Serverless - The client is not authorized to access this topic
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-kafka.