From 7a9ca2cac96f8d038bcdcf2d3aa9fed47ed7e339 Mon Sep 17 00:00:00 2001 From: aidanmelen Date: Sun, 13 Nov 2022 21:55:00 +0000 Subject: [PATCH] updated configOverrides for hybrid-aws-msk sasl/iam example --- Makefile | 2 +- README.md | 2 +- examples/complete/.main.tf.docs | 2 +- examples/complete/README.md | 2 +- .../README.md | 62 +++++++++++++------ .../images/Dockerfile.connect | 7 +-- .../images/Dockerfile.controlcenter | 5 +- .../images/Dockerfile.kafkarestproxy | 5 +- .../images/Dockerfile.schemaregistry | 5 +- .../main.tf | 61 ++++++++++++------ .../variables.tf | 6 ++ test/.terratest.docs | 2 +- 12 files changed, 110 insertions(+), 51 deletions(-) diff --git a/Makefile b/Makefile index ed78967..fcafbf5 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ NAME := confluent HOSTNAME := aidanmelen PROVIDER := kubernetes -VERSION := 0.9.3 +VERSION := 0.9.4 SHELL := /bin/bash .PHONY: help all diff --git a/README.md b/README.md index 08dc9e7..7dedee3 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ Run Terratest using the [Makefile](https://github.com/aidanmelen/terraform-aws-s ### Results ``` -Terratest Suite (Module v0.9.3) (Terraform v1.2.6) +Terratest Suite (Module v0.9.4) (Terraform v1.2.6) --- PASS: TestTerraformCompleteExample (175.48s) --- PASS: TestTerraformConfluentOperatorExample (22.24s) --- PASS: TestTerraformConfluentPlatformExample (236.10s) diff --git a/examples/complete/.main.tf.docs b/examples/complete/.main.tf.docs index bee8ab5..dd1a4b0 100644 --- a/examples/complete/.main.tf.docs +++ b/examples/complete/.main.tf.docs @@ -1,6 +1,6 @@ module "confluent_platform" { source = "aidanmelen/confluent/kubernetes" - version = ">= 0.9.3" + version = ">= 0.9.4" namespace = var.namespace diff --git a/examples/complete/README.md b/examples/complete/README.md index 7e29762..2dbac87 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -22,7 +22,7 @@ kubectl apply -f ./crds/2.4.0 ```hcl module "confluent_platform" { source = "aidanmelen/confluent/kubernetes" - version = ">= 0.9.3" + version = ">= 0.9.4" namespace = var.namespace diff --git a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/README.md b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/README.md index 488fd42..e573366 100644 --- a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/README.md +++ b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/README.md @@ -34,14 +34,12 @@ module "confluent_platform" { create_zookeeper = false create_kafka = false - # Confluent Platform components working with AWS MSK with SASL/IAM + # Confluent Platform components working with AWS MSK and SASL/IAM create_connect = true create_schemaregistry = true create_ksqldb = true create_kafkarestproxy = true - - # NotImplemented - create_controlcenter = false + create_controlcenter = var.create_controlcenter # Configuring a Kafka client to use AWS IAM # https://github.com/aws/aws-msk-iam-auth#configuring-a-kafka-client-to-use-aws-iam @@ -49,16 +47,25 @@ module "confluent_platform" { connect = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-server-connect-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-server-connect-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - - "admin.security.protocol=SASL_SSL" - - "producer.security.protocol=SASL_SSL" - - "consumer.security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "admin.security.protocol=SASL_SSL" + - "admin.sasl.mechanism=AWS_MSK_IAM" + - "admin.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "admin.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "producer.security.protocol=SASL_SSL" + - "producer.sasl.mechanism=AWS_MSK_IAM" + - "producer.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "producer.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "consumer.security.protocol=SASL_SSL" + - "consumer.sasl.mechanism=AWS_MSK_IAM" + - "consumer.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "consumer.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: @@ -79,18 +86,23 @@ module "confluent_platform" { ksqldb = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-ksqldb-server-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-ksqldb-server-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "ksql.streams.security.protocol=SASL_SSL" + - "ksql.streams.sasl.mechanism=AWS_MSK_IAM" + - "ksql.streams.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "ksql.streams.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} - # https://docs.confluent.io/operator/current/co-troubleshooting.html#issue-ksqldb-cannot-use-auto-generated-certificates-for-ccloud - # tls: - # autoGeneratedCerts: true + tls: + # https://docs.confluent.io/operator/current/co-troubleshooting.html#issue-ksqldb-cannot-use-auto-generated-certificates-for-ccloud + autoGeneratedCerts: false + secretRef: ${kubernetes_secret_v1.ca_pair_sslcerts.metadata[0].name} dependencies: kafka: bootstrapEndpoint: ${data.aws_msk_cluster.msk.bootstrap_brokers_sasl_iam} @@ -104,17 +116,23 @@ module "confluent_platform" { EOF ) - # ~~~ NOT WORKING ~~~ + # MSK does not support the Confluent Metrics Reporter; therefore, Grafana dashboards are a better alternative. + # https://grafana.com/grafana/dashboards/11773-confluent-open-source/ + # https://grafana.com/grafana/dashboards/16082-msk-overview/ controlcenter = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-enterprise-control-center-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-enterprise-control-center-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "confluent.controlcenter.streams.security.protocol=SASL_SSL" + - "confluent.controlcenter.streams.sasl.mechanism=AWS_MSK_IAM" + - "confluent.controlcenter.streams.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "confluent.controlcenter.streams.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: @@ -131,7 +149,7 @@ module "confluent_platform" { enabled: true ksqldb: - name: ksql-dev - url: http://ksqldb.${var.namespace}.svc.cluster.local:8088 + url: https://ksqldb.${var.namespace}.svc.cluster.local:8088 tls: enabled: true connect: @@ -145,15 +163,18 @@ module "confluent_platform" { schemaregistry = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-schema-registry-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-schema-registry-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" + - "sasl.mechanism=AWS_MSK_IAM" + - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" - "kafkastore.security.protocol=SASL_SSL" - - "kafkastore.bootstrap.servers=${data.aws_msk_cluster.msk.bootstrap_brokers_sasl_iam}" - "kafkastore.sasl.mechanism=AWS_MSK_IAM" - "kafkastore.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "kafkastore.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "kafkastore.bootstrap.servers=${data.aws_msk_cluster.msk.bootstrap_brokers_sasl_iam}" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: @@ -170,13 +191,17 @@ module "confluent_platform" { kafkarestproxy = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-kafka-rest-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-kafka-rest-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "client.security.protocol=SASL_SSL" + - "client.sasl.mechanism=AWS_MSK_IAM" + - "client.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "client.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: @@ -215,6 +240,7 @@ module "confluent_platform" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [aws\_region](#input\_aws\_region) | The AWS region name. | `string` | `"us-west-2"` | no | +| [create\_controlcenter](#input\_create\_controlcenter) | Controls if the ControlCenter component of the Confluent Platform should be created. | `bool` | `true` | no | | [name](#input\_name) | The project name. | `string` | `"hybrid-aws-msk"` | no | | [namespace](#input\_namespace) | The namespace to release the Confluent Platform into. | `string` | `"confluent"` | no | ## Outputs diff --git a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.connect b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.connect index 964d49d..b8ddfd1 100644 --- a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.connect +++ b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.connect @@ -1,12 +1,11 @@ # https://github.com/aws/aws-msk-iam-auth ARG TAG=7.2.0 FROM confluentinc/cp-server-connect:${TAG} +USER root +RUN curl -sSL -o /usr/share/java/kafka/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" +USER appuser # https://docs.confluent.io/platform/current/installation/docker/development.html#extend-cp-images # RUN confluent-hub install --no-prompt hpgrahsl/kafka-connect-mongodb:1.1.0 \ # && confluent-hub install --no-prompt microsoft/kafka-connect-iothub:0.6 \ # && confluent-hub install --no-prompt wepay/kafka-connect-bigquery:1.1.0 - -# this must be run after confluent-hub cmds -ENV CLASSPATH=/usr/share/java/aws-msk-iam-auth-1.1.4-all.jar -RUN curl -sSL -o /usr/share/java/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" diff --git a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.controlcenter b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.controlcenter index cb14127..a62b9c8 100644 --- a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.controlcenter +++ b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.controlcenter @@ -1,5 +1,6 @@ # https://github.com/aws/aws-msk-iam-auth ARG TAG=7.2.0 FROM confluentinc/cp-enterprise-control-center:${TAG} -ENV CLASSPATH=/usr/share/java/aws-msk-iam-auth-1.1.4-all.jar -RUN curl -sSL -o /usr/share/java/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" +USER root +RUN curl -sSL -o /usr/share/java/confluent-control-center/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" +USER appuser diff --git a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.kafkarestproxy b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.kafkarestproxy index 69e5ea1..8284e8c 100644 --- a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.kafkarestproxy +++ b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.kafkarestproxy @@ -1,5 +1,6 @@ # https://github.com/aws/aws-msk-iam-auth ARG TAG=7.2.0 FROM confluentinc/cp-kafka-rest:${TAG} -ENV CLASSPATH=/usr/share/java/aws-msk-iam-auth-1.1.4-all.jar -RUN curl -sSL -o /usr/share/java/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" +USER root +RUN curl -sSL -o /usr/share/java/kafka-rest-lib/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" +USER appuser diff --git a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.schemaregistry b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.schemaregistry index 3502485..b9b36de 100644 --- a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.schemaregistry +++ b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/images/Dockerfile.schemaregistry @@ -1,5 +1,6 @@ # https://github.com/aws/aws-msk-iam-auth ARG TAG=7.2.0 FROM confluentinc/cp-schema-registry:${TAG} -ENV CLASSPATH=/usr/share/java/aws-msk-iam-auth-1.1.4-all.jar -RUN curl -sSL -o /usr/share/java/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" +USER root +RUN curl -sSL -o /usr/share/java/schema-registry/aws-msk-iam-auth-1.1.4-all.jar "https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.4/aws-msk-iam-auth-1.1.4-all.jar" +USER appuser diff --git a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/main.tf b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/main.tf index 06536b5..ea0ca81 100644 --- a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/main.tf +++ b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/main.tf @@ -21,14 +21,12 @@ module "confluent_platform" { create_zookeeper = false create_kafka = false - # Confluent Platform components working with AWS MSK with SASL/IAM + # Confluent Platform components working with AWS MSK and SASL/IAM create_connect = true create_schemaregistry = true create_ksqldb = true create_kafkarestproxy = true - - # NotImplemented - create_controlcenter = false + create_controlcenter = var.create_controlcenter # Configuring a Kafka client to use AWS IAM # https://github.com/aws/aws-msk-iam-auth#configuring-a-kafka-client-to-use-aws-iam @@ -36,16 +34,25 @@ module "confluent_platform" { connect = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-server-connect-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-server-connect-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - - "admin.security.protocol=SASL_SSL" - - "producer.security.protocol=SASL_SSL" - - "consumer.security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "admin.security.protocol=SASL_SSL" + - "admin.sasl.mechanism=AWS_MSK_IAM" + - "admin.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "admin.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "producer.security.protocol=SASL_SSL" + - "producer.sasl.mechanism=AWS_MSK_IAM" + - "producer.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "producer.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "consumer.security.protocol=SASL_SSL" + - "consumer.sasl.mechanism=AWS_MSK_IAM" + - "consumer.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "consumer.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: @@ -66,18 +73,23 @@ module "confluent_platform" { ksqldb = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-ksqldb-server-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-ksqldb-server-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "ksql.streams.security.protocol=SASL_SSL" + - "ksql.streams.sasl.mechanism=AWS_MSK_IAM" + - "ksql.streams.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "ksql.streams.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} - # https://docs.confluent.io/operator/current/co-troubleshooting.html#issue-ksqldb-cannot-use-auto-generated-certificates-for-ccloud - # tls: - # autoGeneratedCerts: true + tls: + # https://docs.confluent.io/operator/current/co-troubleshooting.html#issue-ksqldb-cannot-use-auto-generated-certificates-for-ccloud + autoGeneratedCerts: false + secretRef: ${kubernetes_secret_v1.ca_pair_sslcerts.metadata[0].name} dependencies: kafka: bootstrapEndpoint: ${data.aws_msk_cluster.msk.bootstrap_brokers_sasl_iam} @@ -91,17 +103,23 @@ module "confluent_platform" { EOF ) - # ~~~ NOT WORKING ~~~ + # MSK does not support the Confluent Metrics Reporter; therefore, Grafana dashboards are a better alternative. + # https://grafana.com/grafana/dashboards/11773-confluent-open-source/ + # https://grafana.com/grafana/dashboards/16082-msk-overview/ controlcenter = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-enterprise-control-center-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-enterprise-control-center-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "confluent.controlcenter.streams.security.protocol=SASL_SSL" + - "confluent.controlcenter.streams.sasl.mechanism=AWS_MSK_IAM" + - "confluent.controlcenter.streams.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "confluent.controlcenter.streams.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: @@ -118,7 +136,7 @@ module "confluent_platform" { enabled: true ksqldb: - name: ksql-dev - url: http://ksqldb.${var.namespace}.svc.cluster.local:8088 + url: https://ksqldb.${var.namespace}.svc.cluster.local:8088 tls: enabled: true connect: @@ -132,15 +150,18 @@ module "confluent_platform" { schemaregistry = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-schema-registry-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-schema-registry-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" + - "sasl.mechanism=AWS_MSK_IAM" + - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" - "kafkastore.security.protocol=SASL_SSL" - - "kafkastore.bootstrap.servers=${data.aws_msk_cluster.msk.bootstrap_brokers_sasl_iam}" - "kafkastore.sasl.mechanism=AWS_MSK_IAM" - "kafkastore.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "kafkastore.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "kafkastore.bootstrap.servers=${data.aws_msk_cluster.msk.bootstrap_brokers_sasl_iam}" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: @@ -157,13 +178,17 @@ module "confluent_platform" { kafkarestproxy = yamldecode(<<-EOF spec: image: - application: aidanmelen/cp-kafka-rest-with-aws-msk-iam-auth:7.2.0 + application: aidanmelen/cp-kafka-rest-with-aws-msk-iam-auth:7.2.2 configOverrides: server: - "security.protocol=SASL_SSL" - "sasl.mechanism=AWS_MSK_IAM" - "sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" - "sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" + - "client.security.protocol=SASL_SSL" + - "client.sasl.mechanism=AWS_MSK_IAM" + - "client.sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;" + - "client.sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler" podTemplate: serviceAccountName: ${kubernetes_service_account_v1.confluent_platform.metadata[0].name} tls: diff --git a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/variables.tf b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/variables.tf index db50188..6351067 100644 --- a/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/variables.tf +++ b/examples/hybrid_aws_msk/confluent_platform_sasl_iam_secure/variables.tf @@ -15,3 +15,9 @@ variable "namespace" { type = string default = "confluent" } + +variable "create_controlcenter" { + description = "Controls if the ControlCenter component of the Confluent Platform should be created." + type = bool + default = true +} diff --git a/test/.terratest.docs b/test/.terratest.docs index fb7a005..ff4ecb2 100644 --- a/test/.terratest.docs +++ b/test/.terratest.docs @@ -1,4 +1,4 @@ -Terratest Suite (Module v0.9.3) (Terraform v1.2.6) +Terratest Suite (Module v0.9.4) (Terraform v1.2.6) --- PASS: TestTerraformCompleteExample (175.48s) --- PASS: TestTerraformConfluentOperatorExample (22.24s) --- PASS: TestTerraformConfluentPlatformExample (236.10s)