Update Kafka authentication to use SCRAM-SHA-512 (#454)

spring-cloud · Jan 5, 2024 · 2e497f9 · 2e497f9
1 parent e61682f
commit 2e497f9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/scdf_cf_setup/src/cloudfoundry/platform/config/dataflow.py b/scdf_cf_setup/src/cloudfoundry/platform/config/dataflow.py
@@ -91,10 +91,10 @@ def add_kafka_application_properties(self, kafka_config):
         kafka_binder_key = 'spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.'
         env = {
             kafka_binder_key + 'brokers': kafka_config.broker_address,
-            kafka_binder_key + 'jaas.loginModule': 'org.apache.kafka.common.security.plain.PlainLoginModule',
+            kafka_binder_key + 'jaas.loginModule': 'org.apache.kafka.common.security.scram.ScramLoginModule',
             kafka_binder_key + 'jaas.options.username': kafka_config.username,
             kafka_binder_key + 'jaas.options.password': kafka_config.password,
             kafka_binder_key + 'configuration.security.protocol': 'SASL_PLAINTEXT',
-            kafka_binder_key + 'configuration.sasl.mechanism': 'PLAIN'
+            kafka_binder_key + 'configuration.sasl.mechanism': 'SCRAM-SHA-512'
         }
         self.kafka_binder_configuration = env
diff --git a/scdf_cf_setup/test/tile-config.json b/scdf_cf_setup/test/tile-config.json
@@ -4,11 +4,11 @@
   "SPRING_CLOUD_DATAFLOW_FEATURES_TASKS_ENABLED": true,
   "SPRING_CLOUD_DATAFLOW_FEATURES_SCHEDULES_ENABLED": false,
   "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.brokers": "broker",
-  "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.jaas.loginModule": "org.apache.kafka.common.security.plain.PlainLoginModule",
+  "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.jaas.loginModule": "org.apache.kafka.common.security.scram.ScramLoginModule",
   "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.jaas.options.username": "user",
   "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.jaas.options.password": "password",
   "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.configuration.security.protocol": "SASL_PLAINTEXT",
-  "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.configuration.sasl.mechanism": "PLAIN",
+  "spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.configuration.sasl.mechanism": "SCRAM-SHA-512",
   "spring.cloud.dataflow.applicationProperties.stream.trustCerts": "uaa.sys.somehost.cf-app.com",
   "spring.cloud.dataflow.applicationProperties.task.trustCerts": "uaa.sys.somehost.cf-app.com",
   "skipper-relational": {