________________________________
From: Tuan Dang <tuan.dang.27...@gmail.com>
Sent: Wednesday, December 7, 2016 10:00 AM
To: users@kafka.apache.org
Subject: reacting to a truststore change
Hello all,
I'm working my way through Kafka 0.9 SSL/TLS authentication.
If I make a change to the truststore, either adding or removing a
certificate, will Kafka automatically pick up the changes or would I need
to restart ?
My main issue is how to unauthorize a producer. I've seen suggestions for
doing this by changing ACLs but I'd like to
stop at the connection level, either via a certificate revocation list or
via updating the truststore.
MG>deltas in kafka channel config(s) *could* update "running state" if
ChannelBuilder architecture conformed to Observer pattern
https://en.wikipedia.org/wiki/Observer_pattern
Observer pattern - Wikipedia<https://en.wikipedia.org/wiki/Observer_pattern>
en.wikipedia.org
The observer pattern is a software design pattern in which an object, called
the subject, maintains a list of its dependents, called observers, and notifies
them ...
/*unfortunately since ChannelBuilder current implementation is static the
Observer Pattern has not been implemented yet */
public static ChannelBuilder create(SecurityProtocol securityProtocol, Mode
mode, LoginType loginType, Map<String, ?> configs) {
ChannelBuilder channelBuilder;
switch (securityProtocol) {
case SSL:
requireNonNullMode(mode, securityProtocol);
channelBuilder = new SslChannelBuilder(mode);
break;
case SASL_SSL:
case SASL_PLAINTEXT:
requireNonNullMode(mode, securityProtocol);
if (loginType == null)
throw new IllegalArgumentException("`loginType` must be
non-null if `securityProtocol` is `" + securityProtocol + "`");
channelBuilder = new SaslChannelBuilder(mode, loginType,
securityProtocol);
break;
case PLAINTEXT:
case TRACE:
channelBuilder = new PlaintextChannelBuilder();
break;
default:
throw new IllegalArgumentException("Unexpected securityProtocol
" + securityProtocol);
}
channelBuilder.configure(configs);
return channelBuilder;
}
MG>org.apache.kafka.common.network.ChannelBuilders loads SSLChannelBuilder
statically so SSLConfig is only updated when jar is loaded
MG>conformance to Observer Pattern is already implemented in ESB
https://books.google.com/books?id=uemsBAAAQBAJ&pg=PA179&lpg=PA179&dq=ESB+Observer+pattern&source=bl&ots=aeshC1sBhF&sig=V9i8we6dYqUjx1vLZ0bO4a2Hxt8&hl=en&sa=X&ved=0ahUKEwj_u6rzuOLQAhUp_4MKHX0qAOcQ6AEIRDAG#v=onepage&q=ESB%20Observer%20pattern&f=false
MG>IMHO Refactoring kafka to implement Observer Pattern should be an easy
refactor for 0.11.1x or latter version(s)
https://issues.apache.org/jira/browse/KAFKA/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel
Kafka - ASF
JIRA<https://issues.apache.org/jira/browse/KAFKA/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel>
issues.apache.org
Atlassian JIRA Project Management Software (v6.3.4#6332-sha1:51bc225) About
JIRA; Report a problem; Powered by a free Atlassian JIRA open source license
for Apache ...
Thanks, Tuan
MG>let us know if you need any assistance processing this request
