feat: ssl connections to kafka brokers

2025-09-13 17:22:52 +00:00 · 2025-08-21 21:13:20 +02:00
parent 7f182efe4f
commit 28e7a1e762
10 changed files with 230 additions and 8 deletions
--- a/src/cli.rs
+++ b/src/cli.rs
@@ -34,4 +34,22 @@ pub struct Cli {
        help = "Address and port for HTTP requests"
    )]
    pub listen: String,
+    #[arg(
+        long,
+        env = "APP_SSL_CA_FILE",
+        help = "CA file for SSL connection to Kafka"
+    )]
+    pub ssl_ca_file: Option<String>,
+    #[arg(
+        long,
+        env = "APP_SSL_CERT_FILE",
+        help = "Certificate file for SSL connection to Kafka"
+    )]
+    pub ssl_cert_file: Option<String>,
+    #[arg(
+        long,
+        env = "APP_SSL_KEY_FILE",
+        help = "Key file for SSL connection to Kafka"
+    )]
+    pub ssl_key_file: Option<String>,
 }
--- a/src/main.rs
+++ b/src/main.rs
@@ -73,11 +73,34 @@ async fn main() -> Result<(), ()> {
            .init();
    }

-    let producer = ClientConfig::new()
-        .set("bootstrap.servers", &CONFIG.bootstrap_server)
-        .set("message.timeout.ms", "5000")
-        .create::<FutureProducer>()
-        .map_err(|_| ())?;
+    let producer = if CONFIG.ssl_cert_file.is_some() || CONFIG.ssl_key_file.is_some() {
+        // Use SSL
+        ClientConfig::new()
+            .set("bootstrap.servers", &CONFIG.bootstrap_server)
+            .set("message.timeout.ms", "5000")
+            .set("security.protocol", "ssl")
+            .set(
+                "ssl.ca.location",
+                CONFIG.ssl_ca_file.clone().unwrap_or_default(),
+            )
+            .set(
+                "ssl.certificate.location",
+                CONFIG.ssl_cert_file.clone().unwrap_or_default(),
+            )
+            .set(
+                "ssl.key.location",
+                CONFIG.ssl_key_file.clone().unwrap_or_default(),
+            )
+            .create::<FutureProducer>()
+            .map_err(|_| ())?
+    } else {
+        // Plain
+        ClientConfig::new()
+            .set("bootstrap.servers", &CONFIG.bootstrap_server)
+            .set("message.timeout.ms", "5000")
+            .create::<FutureProducer>()
+            .map_err(|_| ())?
+    };

    let sender = Arc::new(DefaultMtbFileSender::new(&CONFIG.topic, producer));

@@ -102,6 +125,9 @@ static CONFIG: LazyLock<Cli> = LazyLock::new(|| Cli {
    // Basic dG9rZW46dmVyeS1zZWNyZXQ=
    token: "$2y$05$LIIFF4Rbi3iRVA4UIqxzPeTJ0NOn/cV2hDnSKFftAMzbEZRa42xSG".to_string(),
    listen: "0.0.0.0:3000".to_string(),
+    ssl_ca_file: None,
+    ssl_cert_file: None,
+    ssl_key_file: None,
 });

 #[cfg(test)]