You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Status

Current state: Under Discussion

Discussion threadtbd

JIRA: Not yet

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

Kafka Connect has a REST interface for managing and monitoring connectors. Currently this REST interface is using only plain HTTP without any encryption and authentication. This is not ideal because:

  • The interface might be used to transfer sensitive information (e.g. passwords in Kafka Connect connector configurations)
  • Anyone with access to the interface can add connectors (which can forward sensitive messages from Kafka brokers somewhere else)

Extending the REST interface with support for SSL / TLS encryption and SSL / TLS client authentication could address these issues.

Proposed Change

This KIP proposes adding 

Public Interfaces

  • New class org.apache.kafka.common.serialization.UUIDSerializer which implements the Serializer<UUID> interface
  • New class org.apache.kafka.common.serialization.UUIDDeserializer which implements the Deserializer<UUID> interface
  • New method static public Serde<UUID> UUID() in org.apache.kafka.common.serialization.Serdes class
  • New subclass UUIDSerde in org.apache.kafka.common.serialization.Serdes which creates a new serde based on the UUIDSerializer and UUIDDeserializer classes

Migration Plan and Compatibility

This KIP is a new implementation and doesn't have any backwards compatibility issues or special requirements on migration from older versions. Existing Kafka Connect installation would work in the same way as before this change. Without the SSL configuration, the REST interface will continue to be configured as today - i.e. without SSL / TLS.

Rejected Alternatives

n/a

  • No labels