[GitHub] [kafka] C0urante commented on a diff in pull request #13415: KAFKA-14816: Only load SSL properties when issuing cross-worker requests to HTTPS URLs

Sun, 19 Mar 2023 16:37:22 -0700 


C0urante commented on code in PR #13415:
URL: https://github.com/apache/kafka/pull/13415#discussion_r1141495840


##########
connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/RestClient.java:
##########
@@ -97,7 +98,11 @@ public <T> HttpResponse<T> httpRequest(String url, String 
method, HttpHeaders he
     public <T> HttpResponse<T> httpRequest(String url, String method, 
HttpHeaders headers, Object requestBodyData,
                                                   TypeReference<T> 
responseFormat,
                                                   SecretKey sessionKey, String 
requestSignatureAlgorithm) {
-        HttpClient client = httpClient();
+        // Only try to load SSL configs if we have to (see KAFKA-14816)
+        SslContextFactory sslContextFactory = url.startsWith("https://";)

Review Comment:
   @jolshan Although it may seem rudimentary, this is the logic we were using 
before we made the change that broke things (see 
[here](https://github.com/apache/kafka/blob/ed77bebcaf8e4a8f74dd3823c905c8fd01dadf64/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/RestClient.java#L86)).
 As far as I know, there were no problems with that logic, and before we 
changed that part, it remained as-was for 4-5 years.
   
   @imcdo that's already possible; you can control the SSL properties that are 
used for REST separately from the ones used for communication with the 
underlying Kafka cluster by prefixing them with `listeners.https`; see 
[here](https://github.com/apache/kafka/blob/a375777d8063cda087c77e520fcfd4e035e14f6f/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/RestClient.java#L63),
 
[here](https://github.com/apache/kafka/blob/a375777d8063cda087c77e520fcfd4e035e14f6f/connect/runtime/src/main/java/org/apache/kafka/connect/runtime/rest/util/SSLUtils.java#L67),
 and 
[here](https://github.com/apache/kafka/blob/a375777d8063cda087c77e520fcfd4e035e14f6f/clients/src/main/java/org/apache/kafka/common/config/AbstractConfig.java#L316-L339).



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to