I’m trying to use ACL for schema registry. The requirements say i must have some form of authentication in place. So i decided to use HTTP basic authentication. When i look at its documentation:
https://docs.confluent.io/platform/current/security/basic-auth.html
It says i have to do this setting:
export SCHEMA_REGISTRY_OPTS=-Djava.security.auth.login.config=/path/to/the/jaas_config.conf
(path-to-confluent)/bin/schema-registry-start (path-to-confluent)/etc/schema-registry/schema-registry.properties
The problem is i don’t use confluent, how do i replace this directory?
(path-to-confluent)/bin/schema-registry-start
This is my current docker compose:
services:
schema-registry:
image: confluentinc/cp-schema-registry:5.4.1
hostname: schema-registry
depends_on:
- kafka-broker-1
- kafka-broker-2
- kafka-broker-3
ports:
- “8081:8081”
environment:
SCHEMA_REGISTRY_HOST_NAME: schema-registry
SCHEMA_REGISTRY_KAFKASTORE_CONNECTION_URL: ‘zookeeper:2181’
SCHEMA_REGISTRY_LISTENERS: http://schema-registry:8081
SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: EXTERNAL://kafka-broker-2:9092,INTERNAL://localhost:29093,PLAINTEXT://kafka-broker-2:9292
SCHEMA_REGISTRY_DEBUG: ‘true’
SCHEMA_REGISTRY_CONFLUENT_SCHEMA_REGISTRY_AUTHORIZER_CLASS: io.confluent.kafka.schemaregistry.security.authorizer.schemaregistryacl.SchemaRegistryAclAuthorizer
SCHEMA_REGISTRY_SCHEMA_REGISTRY_RESOURCE_EXTENSION_CLASS: io.confluent.kafka.schemaregistry.security.SchemaRegistrySecurityResourceExtension
SCHEMA_REGISTRY_AUTHENTICATION_METHOD: BASIC
SCHEMA_REGISTRY_AUTHENTICATION_ROLES: admin
SCHEMA_REGISTRY_OPTS: ‘-Djava.security.auth.login.config=/opt/security/schema-registry.jaas /bin/schema-registry-start /etc/schema-registry/schema-registry.properties’
volumes:
- “./volumes/jaas:/opt/security”
networks:
- ${GLOBAL_NETWORK:-kafka}