Kafka policy
Attach a Kafka policy to one or more Kafka nodes in a message flow to control, at run time, the properties used to connect to the Kafka cluster.
You can use the KafkaProducer, KafkaConsumer, and KafkaRead nodes in a message flow to publish, subscribe to, and read messages on a Kafka topic. You can use a Kafka policy to set, at run time, the address of the bootstrap server and the authentication mechanism used to connect to the Kafka cluster from a Kafka node.
To attach a Kafka policy to a KafkaProducer, KafkaConsumer, or KafkaReadnode, set the Policy property of the node to the name of
the policy, in the format
{policyProjectName}:policyName. You must
deploy this policy before the associated message flow is started.
If you redeploy a Kafka policy, all message flows that are using the policy will be stopped and restarted.
The properties of this policy are described in the following table.
| Property | Property name in .policyxml file | Value |
|---|---|---|
| Bootstrap servers | bootstrapServers | This property overrides the Bootstrap servers property on the Kafka node, and sets the hostname of the Kafka server that the node will connect to. You can specify a single hostname:port value or a comma-separated list of multiple hostname:port values. |
| Security protocol | securityProtocol | This property overrides the Security protocol
property on the Kafka node, and sets the type of security to be used for the Kafka connection. The
value can be one of PLAINTEXT, SSL,
SASL_PLAINTEXT, or SASL_SSL. |
| SASL mechanism | saslMechanism | This property sets the SASL mechanism to be used when connecting to the Kafka server. If this value is not specified, it is calculated from the value of the Security protocol property. |
| SSL protocol | sslProtocol | This property overrides the SSL protocol property
on the Kafka node, and sets the SSL protocol to be used when connecting using SSL. This value is
ignored if the Security protocol is set to
PLAINTEXT or SASL_PLAINTEXT. |
| Security identity (DSN) | securityIdentity | This property overrides the Security identity
property on the Kafka node, and sets the App Connect Enterprise security identity to
be used for authentication. This value is ignored if the Security
protocol is set to PLAINTEXT or SSL. |
| SASL config | saslConfig | This property can be used to set the SASL configuration to be used when connecting to the
Kafka server. This value is ignored if the Security
protocol is set to PLAINTEXT or SSL. If this value is
not specified, SASL authentication will use the identity configured by the Security identity property. |
| SSL keystore location | sslKeystoreLocation | This property specifies the fully-qualified path to the location of the keystore that is to be used when using an SSL connection. If this value is not specified, the keystore that is configured for the integration server is used. |
| SSL keystore type | sslKeystoreType | This property specifies the type of keystore that is specified in the SSL keystore location property. Possible values are
JKS and PKCS12. If this value is not specified, the default value
of JKS is used. |
| SSL keystore security identity | sslKeystoreSecurityIdentity | This property specifies the security identity to be used for accessing the keystore. This value is used only if the SSL keystore location property has been specified. |
| SSL key security identity | sslKeySecurityIdentity | This property specifies the security identity to be used for accessing the key within the keystore. If this value is not specified, the security identity that is used for accessing the keystore is used. |
| SSL truststore location | sslTruststoreLocation | This property specifies the fully-qualified path to the location of the truststore that is to be used when using an SSL connection. If this value is not specified, the truststore that is configured for the integration server is used. |
| SSL truststore type | sslTruststoreType | This property specifies the type of truststore that is specified in the SSL truststore location property. Possible values are
JKS and PKCS12. If this value is not specified, the default value
of JKS is used. |
| SSL truststore security identity | sslTruststoreSecurityIdentity | This property specifies the security identity to be used for accessing the truststore. This value is used only if the SSL truststore location has been specified. |
| Enable SSL certificate hostname checking | sslEnableCertificateHostnameChecking | This property specifies whether the hostname of the Kafka server is to be checked against the
hostname in the Kafka server's certificate. When set to true, the Kafka server
hostname must match the hostname in the Kafka server’s certificate. To disable checking, set this
value to false. |