apache-kafkaconfluent-platformapache-kafka-security

ClassNotFoundException exception occurred: io.confluent.kafka.security.config.provider.SecurePassConfigProvider (kafka.server.KafkaConfig)

The broker is failed on start-up and I can see the following errors :

INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
ERROR ClassNotFoundException exception occurred: io.confluent.kafka.security.config.provider.SecurePassConfigProvider (kafka.server.KafkaConfig)
INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
ERROR ClassNotFoundException exception occurred: io.confluent.kafka.security.config.provider.SecurePassConfigProvider (kafka.server.KafkaConfig)
INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
ERROR ClassNotFoundException exception occurred: io.confluent.kafka.security.config.provider.SecurePassConfigProvider (kafka.server.KafkaConfig)
INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
ERROR ClassNotFoundException exception occurred: io.confluent.kafka.security.config.provider.SecurePassConfigProvider (kafka.server.KafkaConfig)
INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
INFO KafkaConfig values:
----------------------------

I did a secret setup for one of the property(i.e., ssl.truststore.password) in server.properties file and tried re-starting the server and observed the above error.

Any help would be appreciated. Thanks!!!

---server.properties---
##
ssl.truststore.password = ${securepass:/home/secret/secrets.txt:server.properties/ssl.truststore.password}

config.providers = securepass
config.providers.securepass.class = io.confluent.kafka.security.config.provider.SecurePassConfigProvider

Confluent Community version used - 5.5.2

Solution

  • The community edition of Confluent Platform 5.5.2 does not come with this class...

    $ find ./confluent-5.5.2 -name 'kafka-client-plugins*.jar'

    Download the file here and make sure it is in the Kafka broker classpath, e.g. /usr/share/java/kafka if installed directly to the OS, or the share/java/kafka folder of the Confluent tarball.

    https://packages.confluent.io/maven/io/confluent/kafka-client-plugins/5.5.2-ce/kafka-client-plugins-5.5.2-ce.jar

    Verified with

    $ jar -tf kafka-client-plugins-5.5.2-ce.jar| grep SecurePassConfigProvider
io/confluent/kafka/security/config/provider/SecurePassConfigProvider.class

    Overall, if someone has file-system access to your brokers, you have bigger problems, and obscuring the file with a direct reference to another is not "secure"