Secure Kafka Authentication

Implementation of kafka secure authentication : - SSL - SASL(SCRAM) & SSL Issue-ID: CCSDK-2313 Change-Id: I4b2fc7abab7478e360ebf461608a620d75708f54 Signed-off-by: Julien Fontaine <julien.fontaine@bell.ca>
author: Julien Fontaine <julien.fontaine@bell.ca> 2020-04-13 16:42:36 -0400
committer: Julien Fontaine <julien.fontaine@bell.ca> 2020-04-21 13:57:31 -0400
commit: 8a2eb4ae98beb70eac4e5fa4bb2e786c6a9513d2 (patch)
tree: d953dcfa97e409332553d58759beb34ae3efa7a7 /ms/blueprintsprocessor/application
parent: 6e7cbbbc4668c9d37d44bab6625ab7275043eb72 (diff)
2 files changed, 41 insertions, 14 deletions
diff --git a/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties b/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties
index ad38883f7..bf5e23bc9 100755
--- a/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties
+++ b/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties
@@ -131,19 +131,31 @@ blueprintsprocessor.messageconsumer.self-service-api.groupId=receiver-id
 blueprintsprocessor.messageconsumer.self-service-api.topic=receiver.t
 blueprintsprocessor.messageconsumer.self-service-api.clientId=request-receiver-client-id
 blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+#### Security settings
+#### SSL
+#blueprintsprocessor.messageconsumer.self-service-api.truststore=/path/to/truststore.jks
+#blueprintsprocessor.messageconsumer.self-service-api.truststorePassword=truststorePassword
+#blueprintsprocessor.messageconsumer.self-service-api.keystore=/path/to/keystore.jks
+#blueprintsprocessor.messageconsumer.self-service-api.keystorePassword=keystorePassword
+#### SCRAM
+#blueprintsprocessor.messageconsumer.self-service-api.scramUsername=test-user
+#blueprintsprocessor.messageconsumer.self-service-api.scramPassword=testUserPassword
 
 # Kafka audit service Configurations
+## Audit request
 blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
 blueprintsprocessor.messageproducer.self-service-api.audit.request.type=kafka-basic-auth
 blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers=127.0.0.1:9092
 blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId=audit-request-producer-client-id
 blueprintsprocessor.messageproducer.self-service-api.audit.request.topic=audit-request-producer.t
 
+## Audit response
 blueprintsprocessor.messageproducer.self-service-api.audit.response.type=kafka-basic-auth
 blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers=127.0.0.1:9092
 blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId=audit-response-producer-client-id
 blueprintsprocessor.messageproducer.self-service-api.audit.response.topic=audit-response-producer.t
 
+
 # Message prioritization kakfa properties, Enable if Prioritization service is needed
 # Deploy message-prioritization function along with blueprintsprocessor application.
 #blueprintsprocessor.messageconsumer.prioritize-input.type=kafka-streams-basic-auth
diff --git a/ms/blueprintsprocessor/application/src/main/resources/application.properties b/ms/blueprintsprocessor/application/src/main/resources/application.properties
index 74549b0ae..6fb737edc 100755
--- a/ms/blueprintsprocessor/application/src/main/resources/application.properties
+++ b/ms/blueprintsprocessor/application/src/main/resources/application.properties
@@ -103,20 +103,35 @@ blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-tr
 blueprintsprocessor.restclient.aai-data.additionalHeaders.X-FromAppId=cds-app-id
 blueprintsprocessor.restclient.aai-data.additionalHeaders.Accept=application/json
 
-# Kafka-message-lib Configuration
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=false
-blueprintsprocessor.messageconsumer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers=127.0.0.1:9092
-blueprintsprocessor.messageconsumer.self-service-api.topic=receiver.t
-blueprintsprocessor.messageconsumer.self-service-api.groupId=receiver-id
-blueprintsprocessor.messageconsumer.self-service-api.clientId=default-client-id
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
-
-blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=127.0.0.1:9092
-blueprintsprocessor.messageproducer.self-service-api.clientId=default-client-id
-blueprintsprocessor.messageproducer.self-service-api.topic=producer.t
-
+# Kafka audit service Configurations
+## Audit request
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=false
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type=kafka-basic-auth
+blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers=127.0.0.1:9092
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId=audit-request-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic=audit-request-producer.t
+#### Security settings
+#### SSL
+#blueprintsprocessor.messageproducer.self-service-api.audit.request.truststore=/path/to/truststore.jks
+#blueprintsprocessor.messageproducer.self-service-api.audit.request.truststorePassword=truststorePassword
+#blueprintsprocessor.messageproducer.self-service-api.audit.request.keystore=/path/to/keystore.jks
+#blueprintsprocessor.messageproducer.self-service-api.audit.request.keystorePassword=keystorePassword
+#### SCRAM
+#blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername=test-user
+#blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=testUserPassword
+
+## Audit response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type=kafka-basic-auth
+blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers=127.0.0.1:9092
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId=audit-response-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic=audit-response-producer.t
+
+# Message prioritization kakfa properties, Enable if Prioritization service is needed
+# Deploy message-prioritization function along with blueprintsprocessor application.
+#blueprintsprocessor.messageconsumer.prioritize-input.type=kafka-streams-basic-auth
+#blueprintsprocessor.messageconsumer.prioritize-input.bootstrapServers=127.0.0.1:9092
+#blueprintsprocessor.messageconsumer.prioritize-input.applicationId=cds-controller
+#blueprintsprocessor.messageconsumer.prioritize-input.topic=prioritize-input-topic
 
 blueprintprocessor.remoteScriptCommand.enabled=true
author	Julien Fontaine <julien.fontaine@bell.ca>	2020-04-13 16:42:36 -0400
committer	Julien Fontaine <julien.fontaine@bell.ca>	2020-04-21 13:57:31 -0400
commit	8a2eb4ae98beb70eac4e5fa4bb2e786c6a9513d2 (patch)
tree	d953dcfa97e409332553d58759beb34ae3efa7a7 /ms/blueprintsprocessor/application
parent	6e7cbbbc4668c9d37d44bab6625ab7275043eb72 (diff)