confluentinc#72 don't check store credentials when type is PEM

Qubitza · Jul 10, 2023 · c5ee1b6 · c5ee1b6
1 parent 63af253
commit c5ee1b6
Showing 1 changed file with 17 additions and 11 deletions.
diff --git a/kafka/include/etc/confluent/docker/configure b/kafka/include/etc/confluent/docker/configure
@@ -76,25 +76,31 @@ then
   export KAFKA_SSL_KEY_PASSWORD
   KAFKA_SSL_KEY_PASSWORD=$(cat "$KAFKA_SSL_KEY_CREDENTIALS_LOCATION")
 
-  dub ensure KAFKA_SSL_KEYSTORE_CREDENTIALS
-  KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_KEYSTORE_CREDENTIALS"
-  dub path "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION" exists
-  export KAFKA_SSL_KEYSTORE_PASSWORD
-  KAFKA_SSL_KEYSTORE_PASSWORD=$(cat "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION")
+  if [[ -n "${KAFKA_SSL_KEYSTORE_TYPE-}" ]] && [[ $KAFKA_SSL_KEYSTORE_TYPE != *"PEM"* ]]
+  then
+      dub ensure KAFKA_SSL_KEYSTORE_CREDENTIALS
+      KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_KEYSTORE_CREDENTIALS"
+      dub path "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION" exists
+      export KAFKA_SSL_KEYSTORE_PASSWORD
+      KAFKA_SSL_KEYSTORE_PASSWORD=$(cat "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION")
+  fi
 
   if [[ -n "${KAFKA_SSL_CLIENT_AUTH-}" ]] && ( [[ $KAFKA_SSL_CLIENT_AUTH == *"required"* ]] || [[ $KAFKA_SSL_CLIENT_AUTH == *"requested"* ]] )
   then
       dub ensure KAFKA_SSL_TRUSTSTORE_FILENAME
       export KAFKA_SSL_TRUSTSTORE_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_TRUSTSTORE_FILENAME"
       dub path "$KAFKA_SSL_TRUSTSTORE_LOCATION" exists
 
-      dub ensure KAFKA_SSL_TRUSTSTORE_CREDENTIALS
-      KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_TRUSTSTORE_CREDENTIALS"
-      dub path "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION" exists
-      export KAFKA_SSL_TRUSTSTORE_PASSWORD
-      KAFKA_SSL_TRUSTSTORE_PASSWORD=$(cat "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION")
+      if [[ -n "${KAFKA_SSL_TRUSTSTORE_TYPE-}" ]] && [[ $KAFKA_SSL_TRUSTSTORE_TYPE != *"PEM"* ]]
+      then
+          dub ensure KAFKA_SSL_TRUSTSTORE_CREDENTIALS
+          KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_TRUSTSTORE_CREDENTIALS"
+          dub path "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION" exists
+          export KAFKA_SSL_TRUSTSTORE_PASSWORD
+          KAFKA_SSL_TRUSTSTORE_PASSWORD=$(cat "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION")
+      fi
   fi
-  
+
 fi
 
 # Set if KAFKA_ADVERTISED_LISTENERS has SASL_PLAINTEXT:// or SASL_SSL:// endpoints.