Remove keystore/truststore pwd from kafka agent command (#10480)

Signed-off-by: Wang, Shu <[email protected]> Co-authored-by: Zhang, Henry <[email protected]>
strimzi · Aug 26, 2024 · 8c525a8 · 8c525a8
1 parent c34c14f
commit 8c525a8
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 6 deletions.
diff --git a/docker-images/kafka-based/kafka/scripts/kafka_run.sh b/docker-images/kafka-based/kafka/scripts/kafka_run.sh
@@ -110,7 +110,16 @@ fi
 
 KEY_STORE=/tmp/kafka/cluster.keystore.p12
 TRUST_STORE=/tmp/kafka/cluster.truststore.p12
-KAFKA_OPTS="${KAFKA_OPTS} -javaagent:$(ls "$KAFKA_HOME"/libs/kafka-agent*.jar)=$KAFKA_READY:$ZK_CONNECTED:$KEY_STORE:$CERTS_STORE_PASSWORD:$TRUST_STORE:$CERTS_STORE_PASSWORD"
+
+rm -f /tmp/kafka-agent.properties
+tee /tmp/kafka-agent.properties <<EOF
+sslKeyStorePath=${KEY_STORE}
+sslKeyStorePass=${CERTS_STORE_PASSWORD}
+sslTrustStorePath=${TRUST_STORE}
+sslTrustStorePass=${CERTS_STORE_PASSWORD}
+EOF
+
+KAFKA_OPTS="${KAFKA_OPTS} -javaagent:$(ls "$KAFKA_HOME"/libs/kafka-agent*.jar)=$KAFKA_READY:$ZK_CONNECTED:/tmp/kafka-agent.properties"
 export KAFKA_OPTS
 
 # Configure Garbage Collection logging

diff --git a/kafka-agent/src/main/java/io/strimzi/kafka/agent/KafkaAgent.java b/kafka-agent/src/main/java/io/strimzi/kafka/agent/KafkaAgent.java
@@ -30,12 +30,14 @@
 import javax.servlet.http.HttpServletResponse;
 
 import java.io.File;
+import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Properties;
 
 /**
  * A very simple Java agent which polls the value of the {@code kafka.server:type=KafkaServer,name=BrokerState}
@@ -452,7 +454,7 @@ private boolean isKRaftMode() {
      */
     public static void premain(String agentArgs) {
         String[] args = agentArgs.split(":");
-        if (args.length < 6) {
+        if (args.length < 3) {
             LOGGER.error("Not enough arguments to parse {}", agentArgs);
             System.exit(1);
         } else {
@@ -471,10 +473,23 @@ public static void premain(String agentArgs) {
                 }
             }
 
-            String sslKeyStorePath = args[2];
-            String sslKeyStorePass = args[3];
-            String sslTrustStorePath = args[4];
-            String sslTrustStorePass = args[5];
+            final Properties agentProperties = new Properties();
+            final Map<String, String> agentConfigs = new HashMap<>();
+
+            try (FileInputStream fis = new FileInputStream(args[2])) {
+                agentProperties.load(fis);
+                for (String key : agentProperties.stringPropertyNames()) {
+                    agentConfigs.put(key, agentProperties.getProperty(key));
+                }
+            } catch (IOException e) {
+                LOGGER.error("Could not read and parse properties file {}", args[2]);
+                System.exit(1);
+            }
+
+            final String sslKeyStorePath = agentConfigs.get("sslKeyStorePath");
+            final String sslKeyStorePass = agentConfigs.get("sslKeyStorePass");
+            final String sslTrustStorePath = agentConfigs.get("sslTrustStorePath");
+            final String sslTrustStorePass = agentConfigs.get("sslTrustStorePass");
             if (sslKeyStorePath.isEmpty() || sslTrustStorePath.isEmpty()) {
                 LOGGER.error("SSLKeyStorePath or SSLTrustStorePath is empty: sslKeyStorePath={} sslTrustStore={} ", sslKeyStorePath, sslTrustStorePath);
                 System.exit(1);