From 8b81aa89d708a96e2677ce056fc164111e3f742f Mon Sep 17 00:00:00 2001 From: Julien Clarysse Date: Wed, 4 Dec 2024 12:03:18 +0100 Subject: [PATCH] (fix): Format of key/cert upon creation of external kafka integration endpoint The documentation mistakenly suggested to pass a path to SSL key/cert when calling ServiceIntegrationEndpointCreate via API or CLI. Moreover the format of these values should match RFC-1421. [DOC-1245] [EH-1434] --- .../flink/howto/ext-kafka-flink-integration.md | 17 ++++++++++++++--- docs/tools/cli/service/integration.md | 4 ++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/docs/products/flink/howto/ext-kafka-flink-integration.md b/docs/products/flink/howto/ext-kafka-flink-integration.md index bd70aaace..77a7a10fe 100644 --- a/docs/products/flink/howto/ext-kafka-flink-integration.md +++ b/docs/products/flink/howto/ext-kafka-flink-integration.md @@ -117,13 +117,24 @@ Where: and ports to connect to. - `security_protocol`: The type of security protocol to use for the connection, which is `SASL` in this case. - - `ssl_ca_cert`: The path to the SSL CA certificate. - - `ssl_client_cert`: The path to the SSL client certificate. - - `ssl_client_key`: The path to the SSL client key. + - `ssl_ca_cert`: The content of the SSL CA certificate. + - `ssl_client_cert`: The content of the SSL client certificate. + - `ssl_client_key`: The content of the SSL client key. - `ssl_endpoint_identification_algorithm`: The endpoint identification algorithm to use for SSL verification. For example, `https`. +:::important +After downloading your keys or certificates, ensure the cipher is on its own line, +and the PEM markers are delimited by a line feed, following the +guidelines in [RFC 1421](https://www.rfc-editor.org/rfc/rfc1421#section-4.4). + +Use the following bash command to format the content correctly: +``` +cat $downloaded_cert_or_key | tr -d '\n' | sed 's/\([EY]---[-]*\)\([^-]\)/\1\n\2/g;s/\(=\)\(---[-]*\)/\1\n\2/g' +``` +::: + #### SASL_PLAINTEXT To create a SASL_PLAINTEXT protocol type endpoint, use the following diff --git a/docs/tools/cli/service/integration.md b/docs/tools/cli/service/integration.md index 2cfd0e0be..d87bf423a 100644 --- a/docs/tools/cli/service/integration.md +++ b/docs/tools/cli/service/integration.md @@ -86,6 +86,10 @@ avn service integration-endpoint-create --endpoint-name demo-ext-kafka \ --user-config-json '{"bootstrap_servers":"servertest:123","security_protocol":"PLAINTEXT"}' ``` +:::note +For more examples of creating external Apache Kafka® endpoints, see [Integrate Aiven for Apache Flink® with Apache Kafka®](/docs/products/flink/howto/ext-kafka-flink-integration#step-4-create-an-external-apache-kafka-endpoint). +::: + **Example:** Create an external Loggly endpoint named `Loggly-ext`. ```bash