Skip to content

Commit

Permalink
(fix): Format of key/cert upon creation of external kafka integration…
Browse files Browse the repository at this point in the history
… endpoint

The documentation mistakenly suggested to pass a path to SSL key/cert
when calling ServiceIntegrationEndpointCreate via API or CLI.
Moreover the format of these values should match RFC-1421.

[EH-1434]
  • Loading branch information
jclarysse committed Dec 4, 2024
1 parent 0b66f99 commit 4149bc4
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 3 deletions.
15 changes: 12 additions & 3 deletions docs/products/flink/howto/ext-kafka-flink-integration.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,13 +117,22 @@ Where:
and ports to connect to.
- `security_protocol`: The type of security protocol to use
for the connection, which is `SASL` in this case.
- `ssl_ca_cert`: The path to the SSL CA certificate.
- `ssl_client_cert`: The path to the SSL client certificate.
- `ssl_client_key`: The path to the SSL client key.
- `ssl_ca_cert`: The content of the SSL CA certificate.
- `ssl_client_cert`: The content of the SSL client certificate.
- `ssl_client_key`: The content of the SSL client key.
- `ssl_endpoint_identification_algorithm`: The endpoint
identification algorithm to use for SSL verification. For
example, `https`.

:::important
After downloading your keys/certificates, the cypher should be in its own line
while the PEM markers delimited by a line feed, as per [RFC 1421](https://www.rfc-editor.org/rfc/rfc1421#section-4.4).
The following bash command should help producing the expected content:
```
cat $downloaded_cert_or_key | tr -d '\n' | sed 's/\([EY]---[-]*\)\([^-]\)/\1\n\2/g;s/\(=\)\(---[-]*\)/\1\n\2/g'
```
:::

#### SASL_PLAINTEXT

To create a SASL_PLAINTEXT protocol type endpoint, use the following
Expand Down
4 changes: 4 additions & 0 deletions docs/tools/cli/service/integration.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,10 @@ avn service integration-endpoint-create --endpoint-name demo-ext-kafka \
--user-config-json '{"bootstrap_servers":"servertest:123","security_protocol":"PLAINTEXT"}'
```

:::note
Further examples of external Apache Kafka® endpoint creations are documented [here](/docs/products/flink/howto/ext-kafka-flink-integration#step-4-create-an-external-apache-kafka-endpoint).
:::

**Example:** Create an external Loggly endpoint named `Loggly-ext`.

```bash
Expand Down

0 comments on commit 4149bc4

Please sign in to comment.