密码屏蔽仅适用于 JDBC 个连接器
Password masking only works for JDBC Connectors
我们已将 Kafka Connect 设置为能够从文件中读取凭据,而不是直接在连接器配置中提供它们。这是连接器配置的登录部分的样子:
"connection.user": "${file:/kafka/pass.properties:username}",
"connection.password":
"${file:/kafka/pass.properties:password}",
我们还将这两行添加到“connect-distributed.properties”文件中:
config.providers=file
config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
请注意,它对 JDBC 连接器非常有效,因此 pass.properties 文件没有问题。但对于其他连接器,如 couchbase、rabbitmq、s3 等,它会导致问题。当我们直接提供凭据时,所有这些连接器都可以正常工作,但是当我们尝试让 Connect 从文件中读取它们时,它会出现一些错误。可能是什么原因?我在这里没有看到任何 JDBC 特定配置。
编辑:
connect.log 中关于 couchbase 的错误:
[2021-12-02 11:50:19,580] ERROR [com.couchbase.io][SaslAuthenticationFailedEvent][20ms] Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","status":"UNKNOWN","type":"KV","xerror":{"ref":"ae3ce600-7097-4077-9231-8ced290cd399"}} (com.couchbase.io:533)
[2021-12-02 11:50:19,580] WARN [com.couchbase.endpoint][EndpointConnectionFailedEvent][23ms] Connect attempt 9 failed because of AuthenticationFailureException: Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","type":"KV"} (com.couchbase.endpoint:523)
com.couchbase.client.core.error.AuthenticationFailureException: Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","status":"UNKNOWN","type":"KV","xerror":{"ref":"ae3ce600-7097-4077-9231-8ced290cd399"}}
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.failConnect(SaslAuthenticationHandler.java:488)
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.maybeFailConnect(SaslAuthenticationHandler.java:293)
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.channelRead(SaslAuthenticationHandler.java:250)
at com.couchbase.client.core.io.netty.kv.MemcacheProtocolVerificationHandler.channelRead(MemcacheProtocolVerificationHandler.java:84)
at java.lang.Thread.run(Thread.java:748)
它说了一些关于身份验证的内容,但在直接提供凭据时工作正常。如果屏蔽无法正常工作,它如何用于 JDBC 连接器?
看起来问题出在 pass.properties 文件中的引号。有趣的是,即使输入带有或不带引号的凭据,JDBC 连接器也能正常工作。可能是文件的第一行,但可能性很小。
因此,请勿在您的密码文件中使用引号,即使某些连接器以这种方式工作。
我们已将 Kafka Connect 设置为能够从文件中读取凭据,而不是直接在连接器配置中提供它们。这是连接器配置的登录部分的样子:
"connection.user": "${file:/kafka/pass.properties:username}",
"connection.password": "${file:/kafka/pass.properties:password}",
我们还将这两行添加到“connect-distributed.properties”文件中:
config.providers=file
config.providers.file.class=org.apache.kafka.common.config.provider.FileConfigProvider
请注意,它对 JDBC 连接器非常有效,因此 pass.properties 文件没有问题。但对于其他连接器,如 couchbase、rabbitmq、s3 等,它会导致问题。当我们直接提供凭据时,所有这些连接器都可以正常工作,但是当我们尝试让 Connect 从文件中读取它们时,它会出现一些错误。可能是什么原因?我在这里没有看到任何 JDBC 特定配置。
编辑:
connect.log 中关于 couchbase 的错误:
[2021-12-02 11:50:19,580] ERROR [com.couchbase.io][SaslAuthenticationFailedEvent][20ms] Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","status":"UNKNOWN","type":"KV","xerror":{"ref":"ae3ce600-7097-4077-9231-8ced290cd399"}} (com.couchbase.io:533)
[2021-12-02 11:50:19,580] WARN [com.couchbase.endpoint][EndpointConnectionFailedEvent][23ms] Connect attempt 9 failed because of AuthenticationFailureException: Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","type":"KV"} (com.couchbase.endpoint:523)
com.couchbase.client.core.error.AuthenticationFailureException: Authentication Failure - Potential causes: invalid credentials or if LDAP is enabled ensure PLAIN SASL mechanism is exclusively used on the PasswordAuthenticator (insecure) or TLS is used (recommended) {"circuitBreaker":"DISABLED","coreId":"0xbf785c7500000001","remote":"10.30.142.109:11210","status":"UNKNOWN","type":"KV","xerror":{"ref":"ae3ce600-7097-4077-9231-8ced290cd399"}}
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.failConnect(SaslAuthenticationHandler.java:488)
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.maybeFailConnect(SaslAuthenticationHandler.java:293)
at com.couchbase.client.core.io.netty.kv.SaslAuthenticationHandler.channelRead(SaslAuthenticationHandler.java:250)
at com.couchbase.client.core.io.netty.kv.MemcacheProtocolVerificationHandler.channelRead(MemcacheProtocolVerificationHandler.java:84)
at java.lang.Thread.run(Thread.java:748)
它说了一些关于身份验证的内容,但在直接提供凭据时工作正常。如果屏蔽无法正常工作,它如何用于 JDBC 连接器?
看起来问题出在 pass.properties 文件中的引号。有趣的是,即使输入带有或不带引号的凭据,JDBC 连接器也能正常工作。可能是文件的第一行,但可能性很小。
因此,请勿在您的密码文件中使用引号,即使某些连接器以这种方式工作。