Ian McDonald created KAFKA-14816: ------------------------------------ Summary: Connect Http Client Key: KAFKA-14816 URL: https://issues.apache.org/jira/browse/KAFKA-14816 Project: Kafka Issue Type: Bug Components: KafkaConnect Reporter: Ian McDonald
Due to changes made here: [https://github.com/apache/kafka/pull/12828] Connect now can load ssl configs from the worker into the rest client and use them even when the `security.protocol` is set to another protocol (sasl_plaintext, plaintext). This could lead to unexpected behavior where one has moved to another security protocol, however has left their ssl properties, and upgraded versions. This would lead to failure when creating connectors. In our testing environments - older versions without the linked changes pass with the following configuration, and newer versions with the changes fail: ``` security.protocol = SASL_PLAINTEXT ... ssl.keystore.location = /mnt/security/test.keystore.jks ssl.keystore.password = [hidden] ssl.keystore.type = JKS ssl.protocol = TLSv1.2 ``` its important to note that the file - /mnt/security/test.keystore.jks, isnt generated for our non ssl tests, however these configs are still created this leads to a 500 response when hitting the create connector rest endpoint with the following error: ``` { "error_code":500, "message":"Failed to start RestClient: /mnt/security/test.keystore.jks is not a valid keystore" } ``` -- This message was sent by Atlassian Jira (v8.20.10#820010)