Hi team,
Excuse me for duplicate. The last message isn't attached to the thread. I try
to fix it by this email.
Ping for review / vote for KIP-967 [1].
Voting thread is here [2]
Please pay your attention, I beg of you.
I'm a little frustrated by the lack of community interest in what
seems like
Hi team,
Ping for review / vote for KIP-967 [1].
Voting thread is here [2]
Please pay your attention, I beg of you.
I'm a little frustrated by the lack of community interest in what
seems like a simple and necessary patch.
Is the SslEngineFactory refactoring requirement blocking?
[1].
https://c
Hi team,
Ping for review / vote for KIP-967 [1].
Voting thread is here [2]
[1].
https://cwiki.apache.org/confluence/display/KAFKA/KIP-967%3A+Support+custom+SSL+configuration+for+Kafka+Connect+RestServer
[2]. https://lists.apache.org/thread/wc4v5v3pynl15g1q547m2croqsqgmzpw
--
With best regards,
Hi Greg,
> Taras, are you interested in dynamic SSL reconfiguration in Connect?
> Would you be willing to investigate the details of that for the KIP?
I would prefer to separate this functionality into the next KIP. But
if you / (the community) consider it necessary to combine this in one
KIP/patc
Hi Chris,
> I don't think we should populate default values for SSL-related properties
> before sending properties to the SSL engine factory,
> since it may confuse users who have written custom SSL engine factories
> to see that properties not specified in their Connect worker config are being
Hi Chris,
Thank you for your comments above. I disagree with your recommendation
for a new SslEngineFactory variant/hierarchy.
1. A superinterface could be more confusing to users. Since this is an
interface in `clients`, the connect-specific interface would also need
to be in clients, despite be
Hi Taras,
Regarding slimming down the interface: IMO, we should do this right the
first time, and that includes not requiring unnecessary methods from users.
I think BaseSslEngineFactory is good enough as a superinterface.
Regarding the parsing logic: I think the KIP needs to be more explicit. W
Hi team,
Ping for review / vote for KIP-967 [1].
Voting thread is here [2]
[1].
https://cwiki.apache.org/confluence/display/KAFKA/KIP-967%3A+Support+custom+SSL+configuration+for+Kafka+Connect+RestServer
[2]. https://github.com/apache/kafka/pull/14203
[2]. https://lists.apache.org/thread/wc4v5v3p
Hi Chris,
Regarding item 4:
Thanks for clarification. I really missed it. I've updated the
'compatibility' section [1] and prototype [2] accordingly.
Regarding item 5:
Perfect naming is the one of hardest things and not my strong point.
> The best I've been able to come up with is establishing
>
Hi Taras,
Thanks for the changes to the KIP!
Regarding item 4: I think some background may be helpful for people without
context on the Connect code base. The current parsing logic for SSL-related
properties used with the REST API is to use all worker properties prefixed
with "listeners.https." (
Hi Chris,
Thanks a lot for such a close review.
> 1. The "ssl.engine.factory.class" property was originally added for Kafka
> brokers in KIP-519 [1]. It'd be nice to link to that KIP (possibly in a
> "Background" section?
Added "Background" section.
> 2. Can we clarify that the new "listeners.ht
Hi Taras,
Thanks for the KIP! I have some feedback but ultimately I like this
proposal:
1. The "ssl.engine.factory.class" property was originally added for Kafka
brokers in KIP-519 [1]. It'd be nice to link to that KIP (possibly in a
"Background" section?) so that reviewers who don't have that co
Hi Ashwin,
> I was referring to (and did not understand) the removal of L141 in
> clients/src/main/java/org/apache/kafka/common/security/ssl/SslFactory.java
This line is moved to "new" private method `instantiateSslEngineFactory0 `.
Please take a look at the `SslFactory:L132` at the patch.
Just
Hello Taras,
> Do you think that something needs to be corrected in KIP to make it more
understandable without PR? Do you have any advice?
Ha - no. I just wanted to thank you for sharing the PR which helped me as a
newbie.
> If I understood the question correctly:
I was referring to (and did not
Hi, Kafka team.
1. Ping to review KIP.
2. I dare say that the low activity in the discussion of KIP-967 means that
KIP-967 is ready for voting?
--
With best regards
Taras Ledkov
Hi Ashwin,
Thanks a lot for your review.
> Thanks for the KIP and the PR (which helped me understand the change).
Do you think that something needs to be corrected in KIP to make it more
understandable without PR? Do you have any advice?
> I could not understand one thing though - In
> https:
Hi Taras,
Thanks for the KIP and the PR (which helped me understand the change).
This is a useful feature, change is small and reuses existing functionality
in clients/../SslFactory.java - so hopefully, this KIP will get accepted.
I could not understand one thing though - In
https://github.com/a
Hi Kafka Team.
Ping...
Hi Kafka Team.
Looks like the code freeze of 3.6.0 release done.
I hope that community members have more time for review.
Please pay your attention for the KIP-967: Support custom SSL configuration for
Kafka Connect RestServer [1].
The purpose of this KIP is add ability to use custom SSL factory
Hello, Taras.
I found this KIP useful.
We already has an ability to setup custom SslEngineFactory via
‘ssl.engine.factory.class'
So it’s looks logical to extend this feature to connect rest.
AFAIK many organization adopts custom SSL storage like HashiCorp Vault or
similar so native integration
20 matches
Mail list logo
