Add Kafka TLS support to the producer. #178

srikartati · 2021-04-29T18:10:25Z

Also, enhance the input consumption when initializing the
Kafka producer.

codecov · 2021-04-29T18:11:30Z

Codecov Report

Merging #178 (d1bdcff) into main (4fafcfb) will decrease coverage by 0.02%.
The diff coverage is 62.79%.

@@            Coverage Diff             @@
##             main     #178      +/-   ##
==========================================
- Coverage   79.36%   79.33%   -0.03%     
==========================================
  Files          17       17              
  Lines        2118     2149      +31     
==========================================
+ Hits         1681     1705      +24     
+ Misses        300      298       -2     
- Partials      137      146       +9

Flag	Coverage Δ
integration-tests	`55.55% <9.30%> (-1.71%)`	⬇️
unit-tests	`77.94% <53.48%> (-1.09%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/producer/kafka.go	`63.33% <62.79%> (+15.05%)`	⬆️

pkg/producer/kafka.go

zyiou · 2021-04-29T20:28:55Z

pkg/producer/kafka.go

+		if tlsConfig := setupTLSConfig(input.KafkaCAFile, input.KafkaTLSCertFile, input.KafkaTLSKeyFile); tlsConfig != nil {
+			kafkaConfig.Net.TLS.Config = tlsConfig
+			kafkaConfig.Net.TLS.Enable = true
+			if input.KafkaTLSSkipVerify {


Seems that input.KafkaTLSSkipVerify is not used other places other than here. Do we need to handle the case when input.KafkaTLSSkipVerify is set?

This can be used in testing, where we can create a tlsConfig with TLSSkipVerify set as true.
I wanted to use this insetupTLSConfig function, but gosec, which is part of golint is not letting me add this as parameter because they do not want to set this as false.

Got it. We can add code to ignore secure checking with proper reasoning description like:

// #nosec G402: only applicable for testing purpose t.InsecureSkipVerify = input.KafkaTLSSkipVerify

Why didn't we pass input.KafkaTLSSkipVerify to setupTLSConfig(), which returns a tls.Config object?
I thought that value can be directly assigned to the returning tls.Config, such as
tls.Config{InsecureSkipVerify: input.KafkaTLSSkipVerify} ?

golang lint test fails if we directly the value like above. However, I moved the assignment to setupTLSConfig.

Sorry for late response. I had put this PR on hold. Please take a look again.

pkg/producer/kafka.go

zyiou

Are we planning to add tests for this PR? Otherwise LGTM overall.

srikartati · 2021-05-03T23:06:16Z

Are we planning to add tests for this PR? Otherwise LGTM overall.

I do not have tests for InitKafkaProducer function. I think TLS certificates warrant some unit tests. Will add those.

pkg/producer/kafka_test.go

pkg/test/certs.go

pkg/collector/process_test.go

Also, enhance the input consumption when initializing the Kafka producer. Unit tests added for TLS cert based kafka connection.

zyiou

Thanks a lot for the changes. LGTM

srikartati requested a review from zyiou April 29, 2021 18:10

vmwclabot added the cla-not-required label Apr 29, 2021

srikartati force-pushed the add_kafka_tls branch 2 times, most recently from 356c876 to 5a8c108 Compare April 29, 2021 19:02

zyiou reviewed Apr 29, 2021

View reviewed changes

srikartati force-pushed the add_kafka_tls branch 2 times, most recently from 28142d7 to 7ca4dec Compare April 30, 2021 05:45

zyiou previously approved these changes Apr 30, 2021

View reviewed changes

srikartati dismissed zyiou’s stale review via 631f935 June 2, 2021 00:04

srikartati force-pushed the add_kafka_tls branch from 7ca4dec to 631f935 Compare June 2, 2021 00:04

srikartati changed the base branch from release-0.5.0 to main June 2, 2021 00:05

srikartati marked this pull request as draft June 2, 2021 00:48

srikartati force-pushed the add_kafka_tls branch 4 times, most recently from 2fe4000 to c61b1ed Compare June 2, 2021 17:14

srikartati marked this pull request as ready for review June 2, 2021 17:15

srikartati requested review from shihhaoli and zyiou June 2, 2021 17:15

zyiou reviewed Jun 2, 2021

View reviewed changes

pkg/producer/kafka_test.go Show resolved Hide resolved

pkg/test/certs.go Show resolved Hide resolved

pkg/collector/process_test.go Show resolved Hide resolved

srikartati force-pushed the add_kafka_tls branch from c61b1ed to 4e3bd7e Compare June 2, 2021 22:29

Add Kafka TLS support to the producer.

d1bdcff

Also, enhance the input consumption when initializing the Kafka producer. Unit tests added for TLS cert based kafka connection.

srikartati force-pushed the add_kafka_tls branch from 4e3bd7e to d1bdcff Compare June 2, 2021 22:39

zyiou approved these changes Jun 2, 2021

View reviewed changes

srikartati merged commit 67fed69 into vmware:main Jun 3, 2021

srikartati deleted the add_kafka_tls branch June 3, 2021 21:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Kafka TLS support to the producer. #178

Add Kafka TLS support to the producer. #178

srikartati commented Apr 29, 2021

codecov bot commented Apr 29, 2021 •

edited

Loading

zyiou Apr 29, 2021

srikartati Apr 29, 2021

zyiou Apr 30, 2021 •

edited

Loading

shihhaoli May 5, 2021

srikartati Jun 2, 2021

zyiou left a comment

srikartati commented May 3, 2021

zyiou left a comment

Add Kafka TLS support to the producer. #178

Add Kafka TLS support to the producer. #178

Conversation

srikartati commented Apr 29, 2021

codecov bot commented Apr 29, 2021 • edited Loading

Codecov Report

zyiou Apr 29, 2021

Choose a reason for hiding this comment

srikartati Apr 29, 2021

Choose a reason for hiding this comment

zyiou Apr 30, 2021 • edited Loading

Choose a reason for hiding this comment

shihhaoli May 5, 2021

Choose a reason for hiding this comment

srikartati Jun 2, 2021

Choose a reason for hiding this comment

zyiou left a comment

Choose a reason for hiding this comment

srikartati commented May 3, 2021

zyiou left a comment

Choose a reason for hiding this comment

codecov bot commented Apr 29, 2021 •

edited

Loading

zyiou Apr 30, 2021 •

edited

Loading