merge / rename to TLS_ROOT_CA_FILE

.github/workflows/release.yml

@@ -21,14 +21,14 @@ jobs:
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
-      - uses: actions/cache@v3.0.11
+      - uses: actions/cache@v3.3.1
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v3
+        uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
           args: release --rm-dist

.github/workflows/snapshot.yml

@@ -21,14 +21,14 @@ jobs:
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
-      - uses: actions/cache@v3.0.11
+      - uses: actions/cache@v3.3.1
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
           restore-keys: |
             ${{ runner.os }}-go
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v3
+        uses: goreleaser/goreleaser-action@v4
         with:
           version: latest
           args: release --snapshot --rm-dist

.github/workflows/test.yml

@@ -29,7 +29,7 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: 1.16.x
-      - uses: actions/cache@v3.0.11
+      - uses: actions/cache@v3.3.1
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}

README.md

@@ -17,6 +17,11 @@ provider "kafka-connect" {
   url = "http://localhost:8083"
   basic_auth_username = "user" # Optional
   basic_auth_password = "password" # Optional
+  
+  # For TLS
+  tls_auth_crt = "/tmp/cert.pem" # Optional
+  tls_auth_key = "/tmp/key.pem " # Optional
+  tls_auth_is_insecure = true   # Optionnal if you do not want to check CA   
 }
 
 resource "kafka-connect_connector" "sqlite-sink" {
@@ -40,11 +45,14 @@ resource "kafka-connect_connector" "sqlite-sink" {
 
 ## Provider Properties
 
-| Property              | Type              | Example                 | Alternative environment variable name |
-|-----------------------|-------------------|-------------------------|---------------------------------------|
-| `url`                 | URL               | "http://localhost:8083" | `KAFKA_CONNECT_URL`                   |
-| `basic_auth_username` | String            | "user"                  | `KAFKA_CONNECT_BASIC_AUTH_USERNAME`   |
-| `basic_auth_password` | String            | "password"              | `KAFKA_CONNECT_BASIC_AUTH_PASSWORD`   |
+| Property              | Type   | Example                 | Alternative environment variable name |
+|-----------------------|--------|-------------------------|---------------------------------------|
+| `url`                 | URL    | "http://localhost:8083" | `KAFKA_CONNECT_URL`                   |
+| `basic_auth_username` | String | "user"                  | `KAFKA_CONNECT_BASIC_AUTH_USERNAME`   |
+| `basic_auth_password` | String | "password"              | `KAFKA_CONNECT_BASIC_AUTH_PASSWORD`   |
+| `tls_auth_crt`        | String | "certificate"           | `KAFKA_CONNECT_TLS_AUTH_CRT`          |
+| `tls_auth_key`        | String | "Key"                   | `KAFKA_CONNECT_TLS_AUTH_KEY`          |
+| `tls_auth_is_insecure`| String | "Key"                   | `KAFKA_CONNECT_TLS_IS_INSECURE`       |
 | `headers`             | Map[String]String | {foo = "bar"}           | N/A                                   |
 
 ## Resource Properties

connect/provider.go

@@ -2,6 +2,7 @@ package connect
 
 import (
 	"context"
+	"crypto/tls"
 	"log"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -30,10 +31,25 @@ func Provider() *schema.Provider {
 				Optional:    true,
 				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_BASIC_AUTH_PASSWORD", ""),
 			},
-			"ssl_root_ca_file": {
+			"tls_root_ca_file": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_SSL_ROOT_CA_FILE", ""),
+				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_TLS_ROOT_CA_FILE", ""),
+			},
+			"tls_auth_crt": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_TLS_AUTH_CRT", ""),
+			},
+			"tls_auth_key": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_TLS_AUTH_KEY", ""),
+			},
+			"tls_auth_is_insecure": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				DefaultFunc: schema.EnvDefaultFunc("KAFKA_CONNECT_TLS_IS_INSECURE", ""),
 			},
 			"headers": {
 				Type: schema.TypeMap,
@@ -64,9 +80,27 @@ func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}
 		c.SetBasicAuth(user, pass)
 	}
 
-	ssl_root_ca_file := d.Get("ssl_root_ca_file").(string)
-	if ssl_root_ca_file != "" {
-		resty.SetRootCertificate(ssl_root_ca_file)
+	tls_root_ca_file := d.Get("tls_root_ca_file").(string)
+	if tls_root_ca_file != "" {
+		resty.SetRootCertificate(tls_root_ca_file)
+	}
+
+	crt := d.Get("tls_auth_crt").(string)
+	key := d.Get("tls_auth_key").(string)
+	is_insecure := d.Get("tls_auth_is_insecure").(bool)
+	log.Printf("[INFO]Cert : %s\nKey: %s", crt, key)
+	log.Printf("[INFO]SSl connection is insecure : %t", is_insecure)
+
+	if crt != "" && key != "" {
+		cert, err := tls.LoadX509KeyPair(crt, key)
+		if err != nil {
+			log.Fatalf("client: loadkeys: %s", err)
+		} else {
+			if is_insecure {
+				c.SetInsecureSSL()
+			}
+			c.SetClientCertificates(cert)
+		}
 	}
 
 	headers := d.Get("headers").(map[string]interface{})