Add a SSL listener to the local kafka

README.md

@@ -8,4 +8,7 @@ To try the project locally:
 ```sh
 # This will run a kafka cluster configured with your current IP
 ./scripts/dockerComposeUp.sh
+yarn test:local
 ```
+
+Password for test keystore and certificates: `testtest`

docker-compose.yml

@@ -8,41 +8,65 @@ services:
     image: wurstmeister/kafka:0.10.2.1
     ports:
       - "9092:9092"
+      - "9093:9093"
     links:
       - zk
     environment:
       KAFKA_BROKER_ID: 0
       KAFKA_ADVERTISED_HOST_NAME: ${HOST_IP}
-      KAFKA_ADVERTISED_PORT: 9092
       KAFKA_ZOOKEEPER_CONNECT: zk:2181
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
+      KAFKA_LISTENERS: "PLAINTEXT://:9092,SSL://:9093"
+      KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://${HOST_IP}:9092,SSL://${HOST_IP}:9093"
+      KAFKA_SSL_KEYSTORE_LOCATION: "/var/private/ssl/certs/kafka.server.keystore.jks"
+      KAFKA_SSL_KEYSTORE_PASSWORD: "testtest"
+      KAFKA_SSL_KEY_PASSWORD: "testtest"
+      KAFKA_SSL_TRUSTSTORE_LOCATION: "/var/private/ssl/certs/kafka.server.truststore.jks"
+      KAFKA_SSL_TRUSTSTORE_PASSWORD: "testtest"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ./testHelpers/certs:/var/private/ssl/certs
   kafka2:
     image: wurstmeister/kafka:0.10.2.1
     ports:
-      - "9093:9092"
+      - "9094:9094"
+      - "9095:9095"
     links:
       - zk
     environment:
       KAFKA_BROKER_ID: 1
       KAFKA_ADVERTISED_HOST_NAME: ${HOST_IP}
-      KAFKA_ADVERTISED_PORT: 9093
       KAFKA_ZOOKEEPER_CONNECT: zk:2181
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
+      KAFKA_LISTENERS: "PLAINTEXT://:9094,SSL://:9095"
+      KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://${HOST_IP}:9094,SSL://${HOST_IP}:9095"
+      KAFKA_SSL_KEYSTORE_LOCATION: "/var/private/ssl/certs/kafka.server.keystore.jks"
+      KAFKA_SSL_KEYSTORE_PASSWORD: "testtest"
+      KAFKA_SSL_KEY_PASSWORD: "testtest"
+      KAFKA_SSL_TRUSTSTORE_LOCATION: "/var/private/ssl/certs/kafka.server.truststore.jks"
+      KAFKA_SSL_TRUSTSTORE_PASSWORD: "testtest"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ./testHelpers/certs:/var/private/ssl/certs
   kafka3:
     image: wurstmeister/kafka:0.10.2.1
     ports:
-      - "9094:9092"
+      - "9096:9096"
+      - "9097:9097"
     links:
       - zk
     environment:
       KAFKA_BROKER_ID: 2
       KAFKA_ADVERTISED_HOST_NAME: ${HOST_IP}
-      KAFKA_ADVERTISED_PORT: 9094
       KAFKA_ZOOKEEPER_CONNECT: zk:2181
       KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
+      KAFKA_LISTENERS: "PLAINTEXT://:9096,SSL://:9097"
+      KAFKA_ADVERTISED_LISTENERS: "PLAINTEXT://${HOST_IP}:9096,SSL://${HOST_IP}:9097"
+      KAFKA_SSL_KEYSTORE_LOCATION: "/var/private/ssl/certs/kafka.server.keystore.jks"
+      KAFKA_SSL_KEYSTORE_PASSWORD: "testtest"
+      KAFKA_SSL_KEY_PASSWORD: "testtest"
+      KAFKA_SSL_TRUSTSTORE_LOCATION: "/var/private/ssl/certs/kafka.server.truststore.jks"
+      KAFKA_SSL_TRUSTSTORE_PASSWORD: "testtest"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ./testHelpers/certs:/var/private/ssl/certs

testHelpers/certs/ca-cert

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCApSgAwIBAgIJAKjCLQfDK7s4MA0GCSqGSIb3DQEBBQUAMG0xCzAJBgNV
+BAYTAlRFMQ0wCwYDVQQIEwR0ZXN0MQ0wCwYDVQQHEwR0ZXN0MQ0wCwYDVQQKEwR0
+ZXN0MQ0wCwYDVQQLEwR0ZXN0MQ0wCwYDVQQDEwR0ZXN0MRMwEQYJKoZIhvcNAQkB
+FgR0ZXN0MB4XDTE3MTAwODEzMjIxMloXDTE4MTAwODEzMjIxMlowbTELMAkGA1UE
+BhMCVEUxDTALBgNVBAgTBHRlc3QxDTALBgNVBAcTBHRlc3QxDTALBgNVBAoTBHRl
+c3QxDTALBgNVBAsTBHRlc3QxDTALBgNVBAMTBHRlc3QxEzARBgkqhkiG9w0BCQEW
+BHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAK9Jx6Sl3JyWAIAlBHiR
+ONLcXjbwpuT8D+LlMpCnCAjQNvtrwopLJC7SAmS9ebY8nU2P/cVH2b8AGhdC++cK
+JAXv79e7R25zu/gFXayH+PYY006gUj+zG7/i024EBk/szPfw5tXIn47bczYeK+d3
+c5VtywblCPPuuSdk+MkX0sPDAgMBAAGjgdIwgc8wHQYDVR0OBBYEFKkLw34wvFQN
+w7l+dv768D3RlIhyMIGfBgNVHSMEgZcwgZSAFKkLw34wvFQNw7l+dv768D3RlIhy
+oXGkbzBtMQswCQYDVQQGEwJURTENMAsGA1UECBMEdGVzdDENMAsGA1UEBxMEdGVz
+dDENMAsGA1UEChMEdGVzdDENMAsGA1UECxMEdGVzdDENMAsGA1UEAxMEdGVzdDET
+MBEGCSqGSIb3DQEJARYEdGVzdIIJAKjCLQfDK7s4MAwGA1UdEwQFMAMBAf8wDQYJ
+KoZIhvcNAQEFBQADgYEAaClaolZWEATgZFxuwILanspvjRUe3q1FUsPQoo8zgKWo
+8YREbhkJVLyrIXgEIebRnT5t23/OHkTrDX3DJy2XKHHrUiyrrVpkVDIdPypKtTyn
+Xnnwh2Vsm7z1f36pnMHRlqLYSkCcjinxpFSDMfTezaJS9YGrSOTiZGfs3L+EUzw=
+-----END CERTIFICATE-----

testHelpers/certs/ca-cert.srl

@@ -0,0 +1 @@
+C7568E0414479032

testHelpers/certs/ca-key

@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,5A03089D44526EC9
+
+j8nfHiiDYx2XoW38YetipKSDyhP5TaTOEkff8YF2JEYNL7E/iYbalpodHEtjNWvR
+pJWFbExDkfB9VJPhdNHVV5EdrP24V+G4df35aKRn4zQiS3e5eYpvsBRr9ojBofRR
+7C4viLqpCoSxf7QDk439w8busAPGQS0rsLCHS+KRryVQZV10AQavXlaUuES2Jo8X
+AK8OBlWjB4gPhPEr2/0kc6FoCG5D46bnS4RckXuvV736Zw/HMkux3FFdzY2acZms
+1ecvP7HeYzqCnAk221FtDWZVpz/IyaKW0xPjhJNHBe6SUt6CnBPZu5lMS2NGBdzv
+T3UDtdCboFbQrxdMBS8XIE2K78dpq1FA169Ali/A0lzsl7BzrnO3x7CW3g0biBQu
+YTU64TqMnceND+yEz2kBP6SOGzk5mhFOyJ83KPhXyzGczOyJHpgQ2GGU8q3iQwwk
+f+TVlgBvCQnIpz7XwY+tmYVL1lqycssY+Igi4xyxWSL4c+vLDfUTVEFEqhY54wOQ
+a2y/PclwIRl+KAVxAsdRPrrIjH4cKIzsAcKAuECzcNDEmgtkeVnKcYtXcIuzTG9F
+yLTmT2ewX3tJVHFnOb2PSjv+XVQ8xRrBOvvnJ4lmZoE3ZH7iiWD9wb1dwB299x+t
+9pkzCBcpD7W4fa01Hi+2oWuniX7NsMiIg1NVgRAuusYvhnYSSsrHWNwsO7sS5TBz
+QtQPZQtK/+1DotSvF347v+OXgNtFzdpc9n9fASXfzI77OixxriDcEQ2Ijr6b5qCq
++KNxSEkZLqncnhWw8WMAQVJownVK+ZZuXdEsa995Y8V7y27JHoYLMA==
+-----END RSA PRIVATE KEY-----

testHelpers/certs/cert-file

@@ -0,0 +1,14 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIICjDCCAkoCAQAwWDELMAkGA1UEBhMCVEUxDTALBgNVBAgTBHRlc3QxDTALBgNVBAcTBHRlc3Qx
+DTALBgNVBAoTBHRlc3QxDTALBgNVBAsTBHRlc3QxDTALBgNVBAMTBHRlc3QwggG3MIIBLAYHKoZI
+zjgEATCCAR8CgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F
+9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7D
+AjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF
+1ps93su8q1w2uFe5eZSvu/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKM
+yKbhPBZ6i1R8jSjgo64eK7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7
+VSVkAUw7/s9JKgOBhAACgYA3ICi/ucAFuprjZWHQzwtTYhoy7b94lPWXWdN7EmlqcYSMpnehz/NV
+BU3U1UWFTLW8lkJxSD/J+QqZGLHRLELz1SgxuicUgYr9ePM2ZJdsYfqC+YSUYvxG1BXR6eJOWJc3
+8pFRPMYdBhUc1iHO1ThUjcDxDaFLg/fpByjVR16xUKAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0O
+BBYEFEiGHq6LLh1VNA6tAyAp1TKhxxVkMAsGByqGSM44BAMFAAMvADAsAhQ7WE+TZA6tAndytrno
+kSpG/GGApgIUZu16jRQwn/MNKj5XnuIbdIxHu8A=
+-----END NEW CERTIFICATE REQUEST-----

testHelpers/certs/cert-signed

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAr4CCQDHVo4EFEeQMjANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJU
+RTENMAsGA1UECBMEdGVzdDENMAsGA1UEBxMEdGVzdDENMAsGA1UEChMEdGVzdDEN
+MAsGA1UECxMEdGVzdDENMAsGA1UEAxMEdGVzdDETMBEGCSqGSIb3DQEJARYEdGVz
+dDAeFw0xNzEwMDgxMzIzMzFaFw0zNzA2MjUxMzIzMzFaMFgxCzAJBgNVBAYTAlRF
+MQ0wCwYDVQQIEwR0ZXN0MQ0wCwYDVQQHEwR0ZXN0MQ0wCwYDVQQKEwR0ZXN0MQ0w
+CwYDVQQLEwR0ZXN0MQ0wCwYDVQQDEwR0ZXN0MIIBtzCCASwGByqGSM44BAEwggEf
+AoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/
+xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqim
+FQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yy
+krmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdR
+WVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWR
+bqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoD
+gYQAAoGANyAov7nABbqa42Vh0M8LU2IaMu2/eJT1l1nTexJpanGEjKZ3oc/zVQVN
+1NVFhUy1vJZCcUg/yfkKmRix0SxC89UoMbonFIGK/XjzNmSXbGH6gvmElGL8RtQV
+0eniTliXN/KRUTzGHQYVHNYhztU4VI3A8Q2hS4P36Qco1UdesVAwDQYJKoZIhvcN
+AQEFBQADgYEAkNwLz2kblyjIbwSScubxzY9xHJugI79Y/n/Fdyy6QabQRJXH7C9I
+yecJ7elCDoK2VWAaM0+joGwZkWeUcqJsjNPEg/Bqu/QHHe/wJPy2UP7kxVbVbSLZ
+z5+RfaC0wfbs0mMWWbWYhj9P0m/ZowlRIMWBuG6JRNmZmzWs8kRtMQk=
+-----END CERTIFICATE-----