[Do-not-review][ANSIENG-4255] | Adding first class support for file based mds user store #1958
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
roles/variables/defaults/main.yml
Outdated
| @@ -1559,7 +1559,16 @@ sso_cli: false | |||
| ### Device Authorization endpoint of Idp, Required to enable SSO in cli. | |||
| sso_device_authorization_uri: none | |||
|
|
|||
| ### Authorization mode on all cp components. Possible values are ldap, oauth, ldap_with_oauth and none. Set this to oauth for OAuth cluster and ldap_with_oauth for cluster with both ldap and oauth support. When set to oauth or ldap_with_oauth, you must set oauth_jwks_uri, oauth_token_uri, oauth_issuer_url, oauth_superuser_client_id, oauth_superuser_client_password. | |||
| ### Path to the file containing the user store for MDS. This must be definde when auth_mode is set to file. | |||
There was a problem hiding this comment.
Typo found: 'definde' should be 'defined'.
Suggested change
| ### Path to the file containing the user store for MDS. This must be definde when auth_mode is set to file. | |
| ### Path to the file containing the user store for MDS. This must be defined when auth_mode is set to file. |
Copilot uses AI. Check for mistakes.
There was a problem hiding this comment.
let's correct the typo here
rrbadiani
commented
Apr 8, 2025
| confluent.metadata.server.user.store.file.path: /tmp/credentials | ||
| confluent_metadata_server_user_store_file_src: /tmp/credentials | ||
| confluent_metadata_server_user_store_file_dest_path: /etc/kafka | ||
| confluent_metadata_server_user_store_file_remote_src: true # credentials file already on target node |
There was a problem hiding this comment.
To test when credentials file is already on mds server
rrbadiani
commented
Apr 8, 2025
| confluent.metadata.server.user.store.file.path: /tmp/credentials | ||
| confluent_metadata_server_user_store_file_src: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/credentials" | ||
| confluent_metadata_server_user_store_file_dest_path: /etc/kafka | ||
| confluent_metadata_server_user_store_file_remote_src: false # credentials file on ansible control node |
There was a problem hiding this comment.
to test when credentials file is on ansible control node
rrbadiani
changed the title
…ing config validations
… directory for keeping mds user store file
rrbadiani
changed the title
mansi-jain-1206
requested changes
Apr 15, 2025
…on along with mds_file_based_user_store_enable
rrbadiani
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
To use file based mds user store earlier kafka broker custom properties needed to be used and the credentials file needed to be present on all brokers where mds was running.
Adding this first class support allows user to define these variables
confluent_metadata_server_user_store_file_src, confluent_metadata_server_user_store_file_dest_path, confluent_metadata_server_user_store_file_remote_srcand it would either send the credentials from ansible control node to broker or from one path to another in broker based onconfluent_metadata_server_user_store_file_remote_src's value.Fixes # (issue)
Type of change
How Has This Been Tested?
semaphore
Checklist: