It looks like the file config provider isn't actually set up on the Connect
worker. What does your Connect worker config look like (usually a file
called something like connect-distributed.properties)? Feel free to change
any sensitive values to a string like "<redacted>", but please don't remove
them entirely (they may be necessary for debugging).
On Mon, Mar 7, 2022 at 4:39 PM Men Lim <zulu...@gmail.com> wrote:
> Thanks for the response Chris. I went thru the setup again and it appeared
> I might have had a typo somewhere last friday. Currently, I'm running into
> a file permission issue.
>
> the file has the following permissions:
>
> -rw-r--r-- 1 adm admn 88 Mar 7 21:23 connector_credentials.properties
>
> I have tried changing the pwd to 700 but still the same error:
>
> Unable to connect: Access denied for user
> '${file:/app/data/cred/connector_credentials.prop'@'172.x.x.x' (using
> password: YES)
>
> On Mon, Mar 7, 2022 at 1:55 PM Chris Egerton <fearthecel...@gmail.com>
> wrote:
>
> > Hi Men,
> >
> > That config snippet has a small syntax error: all double quotes should be
> > escaped. Assuming you tried something like this:
> >
> > "database.history.producer.sasl.jaas.config":
> > "org.apache.kafka.common.security.scram.ScramLoginModule required
> > username=\"${file:/path/file.pro:user\"} password=\"${file:/path/
> file.pro
> > :password}\";"
> >
> > and still ran into issues, we'd probably need to see log files or, at the
> > very least, the stack trace for the task from the REST API (if it failed
> at
> > all) in order to follow up and provide more help.
> >
> > Cheers,
> >
> > Chris
> >
> > On Mon, Mar 7, 2022 at 3:26 PM Men Lim <zulu...@gmail.com> wrote:
> >
> > > Hi Chris,
> > > I was getting an unauthorized/authentication error message when I was
> > > trying it out last Friday. I tried looking for the exact message in
> the
> > > connect.log.* files but was not very successful. In my connector
> file, I
> > > have
> > >
> > > {
> > > "name":"blah",
> > > "config": {
> > > ...
> > > ...
> > > "database.history.producer.sasl.jaas.config":
> > > "org.apache.kafka.common.security.scram.ScramLoginModule required
> > > username=\"000\" password=\"000000\";",
> > > ...
> > > }
> > > }
> > >
> > > I changed the database.history.producer.sasl.jaas.config to:
> > >
> > > "database.history.producer.sasl.jaas.config":
> > > "org.apache.kafka.common.security.scram.ScramLoginModule required
> > > username="${file:/path/file.pro:user"} password="${file:/path/file.pro
> :
> > > password}";",
> > >
> > > On Mon, Mar 7, 2022 at 9:46 AM Chris Egerton <fearthecel...@gmail.com>
> > > wrote:
> > >
> > > > Hi Men,
> > > >
> > > > The config provider mechanism should work for every property in a
> > > connector
> > > > config, and every property in a worker config except for the
> > plugin.path
> > > > property (see KAFKA-9845 [1]). You can also use it for only part of a
> > > > single property, or even multiple parts, like in this example
> > (assuming a
> > > > config provider named "file"):
> > > >
> > > >
> > sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
> > > > required username="${file:/some/file.properties:username}"
> > > > password="${file:/some/file.properties:password}"
> > > >
> > > > What sorts of errors are you seeing when trying to use a config
> > provider
> > > > with sasl/scram credentials?
> > > >
> > > > [1] - https://issues.apache.org/jira/browse/KAFKA-9845
> > > >
> > > > Cheers,
> > > >
> > > > Chris
> > > >
> > > > On Mon, Mar 7, 2022 at 10:35 AM Men Lim <zulu...@gmail.com> wrote:
> > > >
> > > > > Hi all,
> > > > >
> > > > > recently, I found out about
> > > > >
> > > > > config.providers=file
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
> > > > >
> > > > > This works great to remove our embedded database password into an
> > > > external
> > > > > file. However, it does not work when I tried to do the same thing
> > with
> > > > the
> > > > > sasl/scram username and password found in the distributor or
> > connector
> > > > file
> > > > > for kafka connect:
> > > > >
> > > > >
> > >
> sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule
> > > > > required \
> > > > > username="000" password="some_password";
> > > > >
> > > > > I was wondering if there's a way to secure these passwords as well?
> > > > >
> > > > > Thanks,
> > > > >
> > > >
> > >
> >
>
