Add support for SASL_PLAIN authentication (#12)

mccutchen · Jun 24, 2024 · 6522c97 · 6522c97
1 parent 1b5f92f
commit 6522c97
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,7 @@ FROM alpine:3.16
 # Scala versions with which they are built.
 ARG KAFKA_VERSION
 ARG SCALA_VERSION
-ARG KAFKA_TARBALL=https://downloads.apache.org/kafka/${KAFKA_VERSION}/kafka_${SCALA_VERSION}-${KAFKA_VERSION}.tgz
+ARG KAFKA_TARBALL=https://archive.apache.org/dist/kafka/${KAFKA_VERSION}/kafka_${SCALA_VERSION}-${KAFKA_VERSION}.tgz
 
 RUN apk add --no-cache bash curl openjdk17-jre-headless supervisor \
     && mkdir -p /opt/kafka \
@@ -18,7 +18,8 @@ ENV PATH=/opt/kafka/bin:${PATH}
 # echo "00000000-0000-0000-0000-000000000000" | base64 | cut -b 1-22
 ENV KAFKA_CLUSTER_ID=MDAwMDAwMDAtMDAwMC0wMD \
     KAFKA_DATA_DIR=/var/lib/kafka/data \
-    KAFKA_PORT=9092 \
+    KAFKA_NOAUTH_PORT=9092 \
+    KAFKA_PORT=9093 \
     ZOOKEEPER_DATA_DIR=/var/lib/zookeeper/data \
     ZOOKEEPER_PORT=2181 \
     LOG_DIR=/var/log/kafka
@@ -45,6 +46,7 @@ VOLUME ${ZOOKEEPER_DATA_DIR}
 
 EXPOSE ${KAFKA_PORT}
 EXPOSE ${ZOOKEEPER_PORT}
+EXPOSE ${KAFKA_NOAUTH_PORT}
 
 USER kafka
 CMD ["./start-kafka-lite.sh"]
diff --git a/VERSIONS b/VERSIONS
@@ -3,4 +3,4 @@ KAFKA_VERSION=3.3.1
 SCALA_VERSION=2.13
 
 # Bump this revision to release a new version.
-RELEASE_REVISION=8
+RELEASE_REVISION=20
diff --git a/start-kafka-lite.sh b/start-kafka-lite.sh
@@ -1,15 +1,32 @@
 #!/bin/bash
 
+# Create Kafka properties file
 cat > ./kafka.properties <<EOL
 authorizer.class.name=kafka.security.authorizer.AclAuthorizer
 broker.id=1
 cluster.id=$KAFKA_CLUSTER_ID
-listeners=PLAINTEXT://:$KAFKA_PORT
 zookeeper.connect=localhost:$ZOOKEEPER_PORT
 log.dirs=$KAFKA_DATA_DIR
 offsets.topic.replication.factor=1
 transaction.state.log.replication.factor=1
 transaction.state.log.min.isr=1
+
+# enable SASL authenticated listener and unauthenticated listener
+listeners=SASL_PLAINTEXT://:$KAFKA_PORT,PLAINTEXT://:$KAFKA_NOAUTH_PORT
+
+# configure SASL authentication with "admin" and "user" users
+sasl.enabled.mechanisms=PLAIN
+listener.security.protocol.map=SASL_PLAINTEXT:SASL_PLAINTEXT,PLAINTEXT:PLAINTEXT
+listener.name.sasl_plaintext.plain.sasl.enabled.mechanisms=PLAIN
+listener.name.sasl_plaintext.plain.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
+    username="admin" \
+    password="admin" \
+    user_admin="admin" \
+    user_user="user";
+super.users=User:admin
+
+# allow anonymous users full admin permissions during migration period
+allow.everyone.if.no.acl.found=true
 EOL
 
 cat > ./zookeeper.properties <<EOL
@@ -20,4 +37,5 @@ maxClientCnxns=0
 admin.enableServer=false
 EOL
 
+# Start Kafka and Zookeeper using supervisord
 exec supervisord --nodaemon --configuration /etc/supervisord.conf