Skip to content

Instantly share code, notes, and snippets.

@tvainika
Created April 14, 2021 10:17
Show Gist options
  • Save tvainika/ac946caabac77f064e49ed03e19c2585 to your computer and use it in GitHub Desktop.
Save tvainika/ac946caabac77f064e49ed03e19c2585 to your computer and use it in GitHub Desktop.
#!/bin/bash
set -euo pipefail
if [ $# -lt 1 ];
then
echo Usage: $0 servicename
exit 1
fi
rm -f ca.pem service.key service.cert
echo Dowloading ca.pem
avn project ca-get --target-filepath ca.pem
tempjson=$(mktemp)
echo Using temp file ${tempjson}
avn service get $1 --json > ${tempjson}
jq -r .connection_info.kafka_access_cert "${tempjson}" > service.cert
jq -r .connection_info.kafka_access_key "${tempjson}" > service.key
openssl pkcs12 -export -inkey service.key -in service.cert -out client.keystore.p12 -name service_key -passout pass:secret
keytool -import -file ca.pem -alias CA -keystore client.truststore.jks -storepass secret -noprompt
current_dir=$(pwd)
service_uri=$(avn service get $1 --json| jq -r .service_uri)
cat > kafka.properties <<EOF
security.protocol=SSL
ssl.keystore.type=PKCS12
ssl.keystore.location=${current_dir}/client.keystore.p12
ssl.keystore.password=secret
ssl.key.password=secret
ssl.truststore.location=${current_dir}/client.truststore.jks
ssl.truststore.password=secret
EOF
cat > kcat.sh <<EOF
#!/bin/bash
kafkacat \
-X security.protocol=ssl \
-X ssl.ca.location=${current_dir}/ca.pem \
-X ssl.certificate.location=${current_dir}/service.cert \
-X ssl.key.location=${current_dir}/service.key \
-b ${service_uri} \
\$@
EOF
chmod a+x kcat.sh
rm -f $tempjson
@tvainika
Copy link
Author

If one does not need Java style keystore files, one can also use simply avn service user-creds-download --username avnadmin [SERVICE_NAME]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment