Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

create scram users thru kafka-storage command #1505

Closed

Conversation

piif
Copy link
Contributor

@piif piif commented Oct 31, 2023

Description

Creates scram users thru kafka-storage command when target is KRaft and not Zookeeper

Fixes #1495

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

Checked on a new installation, with dédicated KRaft nodes

Checklist:

  • Any variable/code changes have been validated to be backwards compatible (doesn't break upgrade)
  • I have added tests that prove my fix is effective or that my feature works
  • If required, I have ensured the changes can be discovered by cp-ansible discovery codebase
  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • Any dependent changes have been merged and published in downstream modules

@piif piif requested a review from a team as a code owner October 31, 2023 15:36
Copy link

cla-assistant bot commented Oct 31, 2023

CLA assistant check
All committers have signed the CLA.

Copy link

cla-assistant bot commented Oct 31, 2023

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.


Christian Lefebvre seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@piif
Copy link
Contributor Author

piif commented Nov 5, 2023

I just understood that I completly missed the point...
kafka-storage must be used only for a first admin user creation, when initializing kraft
Then, kafka-config must be used to create other users.
I put back this PR in draft mode and I'll work on a new version,

@piif piif marked this pull request as draft November 5, 2023 22:10
@piif piif force-pushed the fix/issue-1495-scram-kraft branch from ff8daaa to 0e9d768 Compare November 14, 2023 16:14
@piif piif marked this pull request as ready for review November 14, 2023 16:20
@mansisinha
Copy link
Member

Thanks @piif for the contribution. However, there are some technical gaps in SCRAM in Kraft at the moment. Such as: Controller-controller communication does not support SCRAM auth, Controller-broker and broker-broker communication can support SCRAM which internally would require multiple authentication on single listener, which is not yet supported in CP-Ansible. We are working on it and plan to add SCRAM support in Kraft in future releases.

piif added a commit to piif/cp-ansible that referenced this pull request Nov 8, 2024
@piif
Copy link
Contributor Author

piif commented Jan 10, 2025

https://github.com/confluentinc/cp-ansible/pull/1795/files#diff-e66ce9e66061c5897db0cc05b01c42461fe81121237a948a98d2f9ebed4c749c contains exactly this patch (one year later ...)
⇒ mine can be closed

@piif piif closed this Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[question] Unable to create SASL-SCRAM users in KRaft mode
2 participants