我们有一个启用SSL的kafka代理,通过Keycapture访问架构注册表。从外部机器,我可以使用kafka控制台生成器发送数据,下面是我的配置。
ssl.properties:
security.protocol=SASL_SSL
ssl.truststore.location=truststore.jks
ssl.truststore.password=password
sasl.mechanism=PLAIN
jaas.conf:
KafkaClient
{
org.apache.kafka.common.security.plain.PlainLoginModule required
username="<user-name>"
password="<password>";
};
export KAFKA_OPTS="-Djavax.net.ssl.trustStore=truststore.jks -Djavax.net.ssl.trustStorePassword=password -Djava.security.auth.login.config=jaas.conf"
./kafka-console-producer --bootstrap-server broker-url:<external_port> --topic sample.data --producer.config ssl.properties
发送的高样本数据
我能够使用消费者看到它们
现在,对于模式注册表,我需要获得如下所示的令牌:
curl -k --data 'grant_type=password&client_id=schema-registry-client&username=username&password=password' https://<keycloakurl>/auth/realms/<namespace>/protocol/openid-connect/token
输出:
{"access_token":"<access_token>","expires_in":600,"refresh_expires_in":1800,"refresh_token":"<refresh_token>","token_type":"bearer","not-before-policy":0,"session_state":"4117e69c-afe9-43ae-9756-90b151f0b536","scope":"profile email"}
curl -k -H "Authorization: Bearer <access_token>"
https://<sc_url>/schemaregistry/subjects
输出:
["test.data-value"]
问题是,如何在avro控制台生产者中使用access_token?我想不通。
基于RegistryREST客户端的源代码,类似于这些属性的东西应该是您想要的(未测试的(
bearer.auth.credentials.source="STATIC_TOKEN"
bearer.auth.token="your token"