Skip to content

Forcing PLAINTEXT in SECURITY_PROTOCOL_MAP for created listener #10035

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sfc-gh-krosinski opened this issue Feb 26, 2025 · 1 comment
Open

Forcing PLAINTEXT in SECURITY_PROTOCOL_MAP for created listener #10035

sfc-gh-krosinski opened this issue Feb 26, 2025 · 1 comment

Comments

@sfc-gh-krosinski
Copy link

I'm trying to create ConfluentKafkaContainer in which I need to have an additional listener. The problem is that I require this listener to use SASL_PLAINTEXT not the plaintext. I see that KafkaHelper pushes PLAINTEXT for this listener into the security protocol map, even if I manually defined it as SASL_PLAINTEXT. Is there a workaround for this, or is there an idea to have this working?

https://github.com/testcontainers/testcontainers-java/blob/6e104da1d6e8a4188451f556e9c7cb4ce8eb3164/modules/kafka/src/main/java/org/testcontainers/kafka/KafkaHelper.java#L81C11-L81C59

Network network = new Network();
var kafka = new ConfluentKafkaContainer(DockerImageName.parse("confluentinc/cp-kafka:7.6.0"))
                .withNetwork(network)
                .withNetworkAliases(HOST_ALIAS)
                .withExposedPorts(9092, 9093, 9095)
                .withEnv("KAFKA_INTER_BROKER_LISTENER_NAME", "BROKER")
                .withEnv("KAFKA_LISTENER_NAME_PLAINTEXT_SASL_ENABLED_MECHANISMS", "PLAIN")
                .withEnv("KAFKA_LISTENER_NAME_PLAINTEXT_PLAIN_SASL_JAAS_CONFIG", "org.apache.kafka.common.security.plain.PlainLoginModule required " +
                        "username=\"admin\" " +
                        "password=\"admin-secret\" " +
                        "user_admin=\"admin-secret\";")
                .withEnv("KAFKA_LISTENER_NAME_TC-0_PLAIN_SASL_JAAS_CONFIG", "org.apache.kafka.common.security.plain.PlainLoginModule required " +
                        "username=\"admin\" " +
                        "password=\"admin-secret\" " +
                        "user_admin=\"admin-secret\";")
                    .withEnv("KAFKA_SASL_ENABLED_MECHANISMS", "PLAIN")
                .withEnv("KAFKA_AUTO_CREATE_TOPICS_ENABLE", "true")
                .withEnv("KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL", "PLAIN")
                .withListener("kafka:9095")
                .withEnv("KAFKA_LISTENER_SECURITY_PROTOCOL_MAP", "BROKER:PLAINTEXT,PLAINTEXT:SASL_PLAINTEXT,CONTROLLER:PLAINTEXT,TC-0:SASL_PLAINTEXT");
@eddumelendez
Copy link
Member

can you elaborate on what are you trying to do? I can give an idea but withListener is meant to used for connection between containers and I see you are also exposing the port 9095, so, I would like to understand first.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eddumelendez @sfc-gh-krosinski