-
Notifications
You must be signed in to change notification settings - Fork 0
Fix for KAFKA-4090: Add an SSL check before to create a client #136
Conversation
3394814
to
a816525
Compare
@@ -0,0 +1,207 @@ | |||
#!/usr/bin/env bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gurinderu Did you implement this or did you copy it from somewhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
copied from https://github.com/confluentinc/confluent-platform-security-tools/blob/master/kafka-generate-ssl.sh
but yep, probably need to drop it here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a comment telling where this scripts comes from :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd prefer we keep this script and we just document its origin
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure that is a great idea in case of licenses
zio-kafka-test-utils/src/main/scala/zio/kafka/KafkaTestUtils.scala
Outdated
Show resolved
Hide resolved
val buf = ByteBuffer.allocate(5) | ||
channel.write(buf) | ||
buf.position(0) | ||
channel.read(buf) | ||
buf.position(0) | ||
isTls(buf) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🌕 Can you please add a comment explaining what this is doing and you found this, please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Meh. Please see: #136 (comment)
private def isTls(buf: ByteBuffer): Boolean = { | ||
val tlsMessageType = buf.get() | ||
tlsMessageType match { | ||
case 20 | 21 | 22 | 23 | 255 => | ||
true | ||
case _ => tlsMessageType >= 128 | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🌕 Can you please add a comment telling where this piece of code comes from, please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
from the downpage Notes here https://cwiki.apache.org/confluence/display/KAFKA/KIP-498%3A+Add+client-side+configuration+for+maximum+response+size+to+protect+against+OOM# , TLS version
a816525
to
325f0d1
Compare
ZIO.attempt(SocketChannel.open(addr)) | ||
)(channel => ZIO.attempt(channel.close()).orDie) | ||
tls <- ZIO.attempt { | ||
//make a simple request here and validate a server response |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🌕 This comment is really not helping, sorry.
We know you're making a request and you validate the response.
The non obvious things are:
- why
5
inByteBuffer.allocate(5)
? - where is piece of code/algorithm comes from?
- is there any documentation that can explain this unusual piece of code?
* Add ssl check * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Fmt --------- Co-authored-by: Jules Ivanic <guizmaii@users.noreply.github.com>
* Add ssl check * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Fmt --------- Co-authored-by: Jules Ivanic <guizmaii@users.noreply.github.com>
* Add ssl check * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Fmt --------- Co-authored-by: Jules Ivanic <guizmaii@users.noreply.github.com>
* Add ssl check * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Fmt --------- Co-authored-by: Jules Ivanic <guizmaii@users.noreply.github.com>
* Add ssl check * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Fmt --------- Co-authored-by: Jules Ivanic <guizmaii@users.noreply.github.com>
* Add ssl check * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Fmt --------- Co-authored-by: Jules Ivanic <guizmaii@users.noreply.github.com>
* Add ssl check * Review fixes * Review fixes * Review fixes * Review fixes * Review fixes * Fmt --------- Co-authored-by: Jules Ivanic <guizmaii@users.noreply.github.com>
No description provided.