[jira] [Resolved] (KAFKA-9768) rest.advertised.listener configuration is not handled properly by the worker

[Konstantine Karantasis (Jira)]

     [ 
https://issues.apache.org/jira/browse/KAFKA-9768?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Konstantine Karantasis resolved KAFKA-9768.
-------------------------------------------
    Resolution: Fixed

> rest.advertised.listener configuration is not handled properly by the worker
> ----------------------------------------------------------------------------
>
>                 Key: KAFKA-9768
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9768
>             Project: Kafka
>          Issue Type: Bug
>          Components: KafkaConnect
>            Reporter: Chris Egerton
>            Assignee: Chris Egerton
>            Priority: Major
>             Fix For: 2.6.0, 2.4.2, 2.5.1
>
>
> The {{rest.advertised.listener}} config can currently be set to either "http" 
> or "https", and a listener with that protocol should be used when advertising 
> the URL of the worker to other members of the Connect cluster.
> For example, someone might configure their worker with a {{listeners}} value 
> of 
> {{[https://localhost:42069,http://localhost:4761|https://localhost:42069%2Chttp//localhost:4761]}}
>  and a {{rest.advertised.listener}} value of {{http}}, which should cause the 
> worker to listen on port {{42069}} with TLS and port {{4761}} with plaintext, 
> and advertise the URL {{[http://localhost:4761|http://localhost:4761/]}} to 
> other workers.
> However, the worker instead advertises the URL 
> {{[https://localhost:42069|https://localhost:42069/]}} to other workers. This 
> is because the {{RestServer}} class, which is responsible for determining 
> which URL to advertise to other workers, simply [chooses the first listener 
> whose name begins with the 
> protocol|https://github.com/apache/kafka/blob/0f48446690e42b78a9a6b8c6a9bbab9f01d84cb1/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/RestServer.java#L422]
>  specified in the {{rest.advertised.listener}} config.
> This breaks because "http" is a prefix of "https", so if the advertised 
> listener is "http" but the first listener that's found starts with 
> "https://";, that listener will still be chosen.
> This bug has been present since SSL support (and the 
> {{rest.advertised.listener}} config) were added via 
> [KIP-208|https://cwiki.apache.org/confluence/display/KAFKA/KIP-208%3A+Add+SSL+support+to+Kafka+Connect+REST+interface],
>  in release 1.1.0.
> This bug should only present in the case where a user has set 
> {{rest.advertised.listener}} to {{http}} but the {{listeners}} list begins 
> with a listener that uses {{https}}. A workaround can be performed by 
> changing the order of the {{listeners}} list to put the desired advertised 
> listener at the beginning.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)