Re: [PR] KAFKA-18047: Add org.apache.kafka.automatic.config.providers to System Properties section [kafka]

Sat, 22 Feb 2025 22:56:50 -0800 


chia7712 commented on code in PR #17920:
URL: https://github.com/apache/kafka/pull/17920#discussion_r1966687749


##########
docs/configuration.html:
##########
@@ -302,6 +302,22 @@ <h4><a 
id="org.apache.kafka.disallowed.login.modules"></a><a id="systempropertie
       <tr><th>Default 
Value:</th><td>com.sun.security.auth.module.JndiLoginModule</td></tr>
       </tbody></table>
     </li>
+    <li>
+      <h4><a id="org.apache.kafka.automatic.config.providers"></a><a 
id="systemproperties_org.apache.kafka.automatic.config.providers" 
href="#systemproperties_org.apache.kafka.automatic.config.providers">org.apache.kafka.automatic.config.providers</a></h4>
+      <p>This system property controls the automatic loading of ConfigProvider 
implementations in Apache Kafka. ConfigProviders are used to dynamically supply 
configuration values from sources such as files, directories, or environment 
variables. This property accepts a comma-separated list of ConfigProvider 
names. By default, all built-in ConfigProviders are enabled, including 
<b>FileConfigProvider</b>, <b>DirectoryConfigProvider</b>, and 
<b>EnvVarConfigProvider</b>.</p>
+      <p>If users want to disable all automatic ConfigProviders, they need to 
explicitly set the system property as shown below. Disabling automatic 
ConfigProviders is recommended in environments where configuration data comes 
from untrusted sources or where increased security is required. For more 
details, see <a 
href="https://kafka.apache.org/cve-list#CVE-2024-31141";>CVE-2024-31141</a>.</p>
+      <pre><code 
class="language-bash">-Dorg.apache.kafka.automatic.config.providers=none</code></pre>
+      <p>To allow specific ConfigProviders, update the system property with a 
comma-separated list of ConfigProvider names. For example, to enable only the 
<b>EnvVarConfigProvider</b>, set the property as follows:</p>
+      <pre><code 
class="language-bash">-Dorg.apache.kafka.automatic.config.providers=env</code></pre>

Review Comment:
   It seems to me that =evn is incorrect. According to the source code, the 
correct value should be the class name. for example: 
`org.apache.kafka.common.config.provider.EnvVarConfigProvider` - I have opened 
https://issues.apache.org/jira/browse/KAFKA-18850 to fix it



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to