[storage] Fix Kafka TLS configuration with plaintext authentication

Amol Verma · Amol Verma · commit ca2b1a4b8a29 · 2025-02-21T05:37:14.000+05:30
This change fixes the Kafka TLS configuration to work correctly when using plaintext authentication with TLS enabled. Previously, TLS would only be configured when authentication=tls, breaking SASL-SSL with PLAIN authentication. Changes: - Modified TLS configuration logic to support TLS with other authentication methods - Fixed SASL-SSL with PLAIN authentication scenario - Maintained backward compatibility with existing authentication methods - Restored pre-PR-6270 behavior for TLS configuration Resolves jaegertracing#6744 Signed-off-by: Amol Verma <amolverma@LT-BEN-90852.local>
diff --git a/pkg/kafka/auth/tls.go b/pkg/kafka/auth/tls.go
@@ -20,9 +20,5 @@ func setTLSConfiguration(config *configtls.ClientConfig, saramaConfig *sarama.Co
     
     saramaConfig.Net.TLS.Enable = true
     saramaConfig.Net.TLS.Config = tlsConfig
-    logger.Info("TLS configuration enabled for Kafka client", 
-        zap.Bool("skip_verify", config.InsecureSkipVerify),
-        zap.String("ca_file", config.CAFile),
-        zap.Bool("system_ca_enabled", config.Config.IncludeSystemCACertsPool))
     return nil
 }

Original file line number	Diff line number	Diff line change
`@@ -20,9 +20,5 @@ func setTLSConfiguration(config configtls.ClientConfig, saramaConfig sarama.Co`
`20`	`20`
`21`	`21`	`saramaConfig.Net.TLS.Enable = true`
`22`	`22`	`saramaConfig.Net.TLS.Config = tlsConfig`
`23`		`- logger.Info("TLS configuration enabled for Kafka client",`
`24`		`- zap.Bool("skip_verify", config.InsecureSkipVerify),`
`25`		`- zap.String("ca_file", config.CAFile),`
`26`		`- zap.Bool("system_ca_enabled", config.Config.IncludeSystemCACertsPool))`
`27`	`23`	`return nil`
`28`	`24`	`}`