Fix Schema Registry usage with references

Author: Jerome Revillard

Dockerfile

@@ -8,4 +8,4 @@ RUN apt-get update && apt-get --yes upgrade && \
     apt-get install -y python3 python3-pip curl && \
     rm -rf /var/lib/apt/lists/*
 
-COPY --from=build /home/gradle/src/build/output/kafka-gitops /usr/local/bin/kafka-gitops
+COPY --from=build /home/gradle/src/build/output/kafka-gitops /usr/local/bin/kafka-gitops

build.gradle

@@ -22,33 +22,33 @@ repositories {
     maven {
         url "https://packages.confluent.io/maven/"
     }
+    maven {
+        url "https://jitpack.io"
+    }
 }
 
 dependencies {
-    compile group: 'org.apache.kafka', name: 'kafka-clients', version: '2.4.0'
-    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.1'
-    compile "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.9.8"
-    compile "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.10.2"
-    compile 'info.picocli:picocli:4.1.4'
-
-    implementation ('io.confluent:kafka-schema-registry-client:6.1.1')
-<<<<<<< HEAD
-    implementation('com.flipkart.zjsonpatch:zjsonpatch:0.4.11')
-=======
-    implementation ('io.confluent:kafka-json-schema-provider:6.1.1')
-    implementation ('io.confluent:kafka-protobuf-serializer:6.1.1')
->>>>>>> a208542 (Tests)
-
-    compile 'org.slf4j:slf4j-api:1.7.30'
-    compile group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.3'
-    compile group: 'ch.qos.logback', name: 'logback-core', version: '1.2.3'
+    compile group: 'org.apache.kafka', name: 'kafka-clients', version: '2.8.1'
+    compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.13.2.2'
+    compile "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.13.2"
+    compile "com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.13.2"
+    compile 'info.picocli:picocli:4.6.3'
+
+    implementation ('io.confluent:kafka-schema-registry-client:7.1.1')
+    implementation ('io.confluent:kafka-json-schema-provider:7.1.1')
+    implementation ('io.confluent:kafka-protobuf-serializer:7.1.1')
+    implementation ('io.github.java-diff-utils:java-diff-utils:4.11')
+
+    compile 'org.slf4j:slf4j-api:1.7.36'
+    compile group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.11'
+    compile group: 'ch.qos.logback', name: 'logback-core', version: '1.2.11'
 
     processor 'org.inferred:freebuilder:2.7.0'
 
-    testCompile group: 'junit', name: 'junit', version: '4.12'
-    testCompile group: 'org.codehaus.groovy', name: 'groovy-all', version: '2.5.14'
-    testCompile group: 'org.spockframework', name: 'spock-core', version: '1.2-groovy-2.5'
-    testCompile group: 'cglib', name: 'cglib-nodep', version: '2.2'
+    testCompile group: 'junit', name: 'junit', version: '4.13.2'
+    testCompile group: 'org.codehaus.groovy', name: 'groovy-all', version: '2.5.16'
+    testCompile group: 'org.spockframework', name: 'spock-core', version: '1.3-groovy-2.5'
+    testCompile group: 'cglib', name: 'cglib-nodep', version: '2.2.2'
     testCompile group: 'com.github.stefanbirkner', name: 'system-rules', version: '1.19.0'
     testCompile group: 'org.skyscreamer', name: 'jsonassert', version: '1.5.0'
 }
@@ -88,4 +88,4 @@ task buildRelease(type: Zip, group: "build") {
 }
 
 buildRelease.dependsOn buildExecutableJar
-buildExecutableJar.dependsOn shadowJar
+buildExecutableJar.dependsOn shadowJar

docker/config/registry_jaas.conf

@@ -0,0 +1,5 @@
+KafkaClient {
+  org.apache.kafka.common.security.plain.PlainLoginModule required
+  username="test"
+  password="test-secret";
+};

docker/docker-compose.yml

@@ -1,24 +1,33 @@
-version: '2.1'
+version: '3.3'
 
 services:
   zoo1:
-    image: zookeeper:3.4.9
+    image: zookeeper:3.8.0
     hostname: zoo1
     ports:
       - "2181:2181"
+    healthcheck:
+      test: echo stat | nc localhost 2181
+      interval: 10s
+      timeout: 10s
+      retries: 3
     environment:
-      ZOO_MY_ID: 1
-      ZOO_PORT: 2181
-      ZOO_SERVERS: server.1=zoo1:2888:3888
-    volumes:
-      - ./data/zoo1/data:/data
-      - ./data/zoo1/datalog:/datalog
+      - ZOOKEEPER_SERVER_ID=1
+      - ZOOKEEPER_CLIENT_PORT=2181
+      - ZOOKEEPER_TICK_TIME=2000
+      - ZOOKEEPER_INIT_LIMIT=5
+      - ZOOKEEPER_SYNC_LIMIT=2
+      - ZOOKEEPER_SERVERS=zoo1:2888:3888
 
   kafka1:
-    image: confluentinc/cp-kafka:5.5.3
+    image: confluentinc/cp-kafka:7.1.1
+    user: "0:0"
     hostname: kafka1
     ports:
       - "9092:9092"
+    restart: on-failure:3
+    healthcheck:
+      test: ps augwwx | egrep [S]upportedKafka
     environment:
       KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_INTERNAL://kafka1:19092,LISTENER_DOCKER_EXTERNAL://${DOCKER_HOST_IP:-127.0.0.1}:9092
       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_INTERNAL:SASL_PLAINTEXT,LISTENER_DOCKER_EXTERNAL:SASL_PLAINTEXT
@@ -27,24 +36,28 @@ services:
       KAFKA_BROKER_ID: 1
       KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf"
       KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"
+      KAFKA_DELETE_TOPIC_ENABLE: "true"
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       ZOOKEEPER_SASL_ENABLED: "false"
-      KAFKA_AUTHORIZER_CLASS_NAME: "kafka.security.auth.SimpleAclAuthorizer"
+      KAFKA_AUTHORIZER_CLASS_NAME: "kafka.security.authorizer.AclAuthorizer"
       KAFKA_SUPER_USERS: "User:test;User:kafka"
       KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: "false"
     volumes:
-      - ./data/kafka1/data:/var/lib/kafka/data
       - ./config/kafka_server_jaas.conf:/etc/kafka/kafka_server_jaas.conf
     depends_on:
       - zoo1
 
   kafka2:
-    image: confluentinc/cp-kafka:5.5.3
+    image: confluentinc/cp-kafka:7.1.1
+    user: "0:0"
     hostname: kafka2
     ports:
       - "9093:9093"
+    restart: on-failure:3
+    healthcheck:
+      test: ps augwwx | egrep [S]upportedKafka
     environment:
       KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_INTERNAL://kafka2:19092,LISTENER_DOCKER_EXTERNAL://${DOCKER_HOST_IP:-127.0.0.1}:9093
       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_INTERNAL:SASL_PLAINTEXT,LISTENER_DOCKER_EXTERNAL:SASL_PLAINTEXT
@@ -53,24 +66,28 @@ services:
       KAFKA_BROKER_ID: 2
       KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf"
       KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"
+      KAFKA_DELETE_TOPIC_ENABLE: "true"
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       ZOOKEEPER_SASL_ENABLED: "false"
-      KAFKA_AUTHORIZER_CLASS_NAME: "kafka.security.auth.SimpleAclAuthorizer"
+      KAFKA_AUTHORIZER_CLASS_NAME: "kafka.security.authorizer.AclAuthorizer"
       KAFKA_SUPER_USERS: "User:test;User:kafka"
       KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: "false"
     volumes:
-      - ./data/kafka2/data:/var/lib/kafka/data
       - ./config/kafka_server_jaas.conf:/etc/kafka/kafka_server_jaas.conf
     depends_on:
       - zoo1
 
   kafka3:
-    image: confluentinc/cp-kafka:5.5.3
+    image: confluentinc/cp-kafka:7.1.1
+    user: "0:0"
     hostname: kafka3
     ports:
       - "9094:9094"
+    restart: on-failure:3
+    healthcheck:
+      test: ps augwwx | egrep [S]upportedKafka
     environment:
       KAFKA_ADVERTISED_LISTENERS: LISTENER_DOCKER_INTERNAL://kafka3:19092,LISTENER_DOCKER_EXTERNAL://${DOCKER_HOST_IP:-127.0.0.1}:9094
       KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: LISTENER_DOCKER_INTERNAL:SASL_PLAINTEXT,LISTENER_DOCKER_EXTERNAL:SASL_PLAINTEXT
@@ -79,24 +96,25 @@ services:
       KAFKA_BROKER_ID: 3
       KAFKA_OPTS: "-Djava.security.auth.login.config=/etc/kafka/kafka_server_jaas.conf"
       KAFKA_LOG4J_LOGGERS: "kafka.controller=INFO,kafka.producer.async.DefaultEventHandler=INFO,state.change.logger=INFO"
+      KAFKA_DELETE_TOPIC_ENABLE: "true"
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
       KAFKA_SASL_ENABLED_MECHANISMS: PLAIN
       KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL: PLAIN
       ZOOKEEPER_SASL_ENABLED: "false"
-      KAFKA_AUTHORIZER_CLASS_NAME: "kafka.security.auth.SimpleAclAuthorizer"
+      KAFKA_AUTHORIZER_CLASS_NAME: "kafka.security.authorizer.AclAuthorizer"
       KAFKA_SUPER_USERS: "User:test;User:kafka"
       KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: "false"
     volumes:
-      - ./data/kafka3/data:/var/lib/kafka/data
       - ./config/kafka_server_jaas.conf:/etc/kafka/kafka_server_jaas.conf
     depends_on:
       - zoo1
 
   schema-registry:
-    image: confluentinc/cp-schema-registry:6.1.1
+    image: confluentinc/cp-schema-registry:7.1.1
     hostname: schema-registry
     ports:
       - "8082:8082"
+    restart: on-failure:5
     environment:
       SCHEMA_REGISTRY_HOST_NAME: schema-registry
       SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: "kafka1:19092,kafka2:19092,kafka3:19092"

src/main/java/com/devshawn/kafka/gitops/MainCommand.java

@@ -84,4 +84,4 @@ public static void main(String[] args) {
         int exitCode = new CommandLine(new MainCommand()).execute(args);
         System.exit(exitCode);
     }
-}
+}

src/main/java/com/devshawn/kafka/gitops/StateManager.java

@@ -78,7 +78,9 @@ public DesiredStateFile getAndValidateStateFile() {
         DesiredStateFile desiredStateFile = parserService.parseStateFile();
         validateTopics(desiredStateFile);
         validateCustomAcls(desiredStateFile);
-        validateSchemas(desiredStateFile);
+        if (schemaRegistryService.isEnabled()) {
+            validateSchemas(desiredStateFile);
+        }
         this.describeAclEnabled = StateUtil.isDescribeTopicAclEnabled(desiredStateFile);
         return desiredStateFile;
     }
@@ -97,7 +99,9 @@ private DesiredPlan generatePlan() {
             planManager.planAcls(desiredState, desiredPlan);
         }
         planManager.planTopics(desiredState, desiredPlan);
-        planManager.planSchemas(desiredState, desiredPlan);
+        if (schemaRegistryService.isEnabled()) {
+          planManager.planSchemas(desiredState, desiredPlan);
+        }
         return desiredPlan.build();
     }
 
@@ -113,7 +117,9 @@ public DesiredPlan apply() {
         if (!managerConfig.isSkipAclsDisabled()) {
             applyManager.applyAcls(desiredPlan);
         }
-        applyManager.applySchemas(desiredPlan);
+        if (schemaRegistryService.isEnabled()) {
+          applyManager.applySchemas(desiredPlan);
+        }
 
         return desiredPlan;
     }
@@ -345,14 +351,12 @@ private void validateTopics(DesiredStateFile desiredStateFile) {
 
     private void validateSchemas(DesiredStateFile desiredStateFile) {
         Optional<SchemaCompatibility> defaultSchemaCompatibility = StateUtil.fetchDefaultSchemasCompatibility(desiredStateFile);
-        if (!defaultSchemaCompatibility.isPresent()) {
-            desiredStateFile.getSchemas().forEach((subject, details) -> {
-                if (!details.getCompatibility().isPresent()) {
-                    throw new ValidationException(String.format("Not set: [compatibility] in state file definition: schema -> %s", subject));
-                }
-                schemaRegistryService.validateSchema(subject, details);
-            });
-        }
+        desiredStateFile.getSchemas().forEach((subject, details) -> {
+            if (!defaultSchemaCompatibility.isPresent() && !details.getCompatibility().isPresent()) {
+                throw new ValidationException(String.format("Not set: [compatibility] in state file definition: schema -> %s", subject));
+            }
+            //Schema parsing is deferred in the PlanManager in order not to do it more than one time.
+        });
     }
 
     private boolean isConfluentCloudEnabled(DesiredStateFile desiredStateFile) {

src/main/java/com/devshawn/kafka/gitops/cli/ApplyCommand.java

@@ -48,6 +48,8 @@ public Integer call() {
             LogUtil.printKafkaExecutionError(ex, true);
         } catch (SchemaRegistryExecutionException ex) {
             LogUtil.printSchemaRegistryExecutionError(ex, true);
+        } catch (Exception ex) {
+            LogUtil.printGenericError(ex, true);
         }
         return 2;
     }

src/main/java/com/devshawn/kafka/gitops/cli/PlanCommand.java

@@ -52,6 +52,8 @@ public Integer call() {
             LogUtil.printPlanOutputError(ex);
         } catch (SchemaRegistryExecutionException ex) {
             LogUtil.printSchemaRegistryExecutionError(ex);
+        } catch (Exception ex) {
+            LogUtil.printGenericError(ex, false);
         }
         return 2;
     }

src/main/java/com/devshawn/kafka/gitops/config/SchemaRegistryConfigLoader.java

@@ -1,89 +1,62 @@
 package com.devshawn.kafka.gitops.config;
 
-import com.devshawn.kafka.gitops.exception.MissingConfigurationException;
-import com.devshawn.kafka.gitops.exception.MissingMultipleConfigurationException;
-import org.slf4j.LoggerFactory;
-
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.atomic.AtomicReference;
 
+import org.slf4j.LoggerFactory;
+
 public class SchemaRegistryConfigLoader {
 
     private static org.slf4j.Logger log = LoggerFactory.getLogger(SchemaRegistryConfigLoader.class);
 
     public static final String SCHEMA_REGISTRY_URL_KEY = "SCHEMA_REGISTRY_URL";
     public static final String SCHEMA_DIRECTORY_KEY = "SCHEMA_DIRECTORY";
-    public static final String SCHEMA_REGISTRY_SASL_JAAS_USERNAME_KEY = "SCHEMA_REGISTRY_SASL_JAAS_USERNAME";
-    public static final String SCHEMA_REGISTRY_SASL_JAAS_PASSWORD_KEY = "SCHEMA_REGISTRY_SASL_JAAS_PASSWORD";
-    public static final String SCHEMA_REGISTRY_SASL_CONFIG_KEY = "SCHEMA_REGISTRY_SASL_CONFIG";
+    public static final AtomicReference<SchemaRegistryConfig> instance = new AtomicReference<>();
 
-    private SchemaRegistryConfigLoader() {}
+    private SchemaRegistryConfigLoader() {
+    }
 
     public static SchemaRegistryConfig load() {
-        SchemaRegistryConfig.Builder builder = new SchemaRegistryConfig.Builder();
-        setConfig(builder);
-        return builder.build();
+        return instance.updateAndGet(v -> {
+            if (v != null) {
+                return v;
+            }
+            SchemaRegistryConfig.Builder builder = new SchemaRegistryConfig.Builder();
+            setConfig(builder);
+            return builder.build();
+        });
     }
 
     private static void setConfig(SchemaRegistryConfig.Builder builder) {
         Map<String, Object> config = new HashMap<>();
-        AtomicReference<String> username = new AtomicReference<>();
-        AtomicReference<String> password = new AtomicReference<>();
 
         Map<String, String> environment = System.getenv();
 
         environment.forEach((key, value) -> {
-            if (key.equals(SCHEMA_REGISTRY_SASL_JAAS_USERNAME_KEY)) {
-                username.set(value);
-            } else if (key.equals(SCHEMA_REGISTRY_SASL_JAAS_PASSWORD_KEY)) {
-                password.set(value);
-            } else if (key.equals(SCHEMA_REGISTRY_URL_KEY)) {
+            if (key.equals(SCHEMA_REGISTRY_URL_KEY)) {
                 config.put(SCHEMA_REGISTRY_URL_KEY, value);
             } else if (key.equals(SCHEMA_DIRECTORY_KEY)) {
                 config.put(SCHEMA_DIRECTORY_KEY, value);
+            } else if (key.startsWith("SCHEMA_REGISTRY_")) {
+                String newKey = key.substring("SCHEMA_REGISTRY_".length()).replace("_", ".").toLowerCase();
+                config.put(newKey, value);
             }
         });
 
         handleDefaultConfig(config);
-        handleAuthentication(username, password, config);
 
         log.info("Schema Registry Config: {}", config);
 
         builder.putAllConfig(config);
     }
 
     private static void handleDefaultConfig(Map<String, Object> config) {
-        final String DEFAULT_URL = "http://localhost:8081";
         final String CURRENT_WORKING_DIR = System.getProperty("user.dir");
-        if (!config.containsKey(SCHEMA_REGISTRY_URL_KEY)) {
-            log.info("{} not set.  Using default value of {}", SCHEMA_REGISTRY_URL_KEY, DEFAULT_URL);
-            config.put(SCHEMA_REGISTRY_URL_KEY, DEFAULT_URL);
-        }
         if (!config.containsKey(SCHEMA_DIRECTORY_KEY)) {
-            log.info("{} not set.  Defaulting to current working directory: {}", SCHEMA_DIRECTORY_KEY, CURRENT_WORKING_DIR);
+            log.info("{} not set. Defaulting to current working directory: {}", SCHEMA_DIRECTORY_KEY,
+                    CURRENT_WORKING_DIR);
             config.put(SCHEMA_DIRECTORY_KEY, CURRENT_WORKING_DIR);
         }
     }
-
-    private static void handleAuthentication(AtomicReference<String> username, AtomicReference<String> password, Map<String, Object> config) {
-        if (username.get() != null && password.get() != null) {
-            String loginModule = "org.apache.kafka.common.security.plain.PlainLoginModule";
-            String value = String.format("%s required username=\"%s\" password=\"%s\";",
-                    loginModule, escape(username.get()), escape(password.get()));
-            config.put(SCHEMA_REGISTRY_SASL_CONFIG_KEY, value);
-        } else {
-          if(config.get(SCHEMA_REGISTRY_SASL_CONFIG_KEY) == null) {
-              log.info("{} or {} not set. No authentication configured for the Schema Registry",
-                  SCHEMA_REGISTRY_SASL_JAAS_USERNAME_KEY, SCHEMA_REGISTRY_SASL_JAAS_PASSWORD_KEY);
-          }
-        }
-    }
-
-    private static String escape(String value) {
-        if (value != null) {
-            return value.replace("\"", "\\\"");
-        }
-        return null;
-    }
 }