From e1a05d30d6bf9594f487a5519c007c11751180ad Mon Sep 17 00:00:00 2001 From: Vincent de Saboulin Date: Mon, 9 Dec 2024 13:30:15 +0100 Subject: [PATCH] added playground tools certs-create --- .../active-mq-sink-mtls.sh | 7 +- .../security/certs-create.sh | 68 -- .../security/certs-create.sh | 68 -- .../connect-ibm-mq-sink/ibm-mq-sink-mtls.sh | 7 +- .../connect-ibm-mq-sink/ibm-mq-sink-ssl.sh | 7 +- .../security/certs-create.sh | 80 -- connect/connect-ibm-mq-source/ibm-mq-mtls.sh | 7 +- connect/connect-ibm-mq-source/ibm-mq-ssl.sh | 7 +- .../security/certs-create.sh | 80 -- connect/connect-mqtt-sink/mqtt-sink-mtls.sh | 7 +- .../security/certs-create.sh | 80 -- .../connect-mqtt-source/mqtt-source-mtls.sh | 7 +- .../security/certs-create.sh | 80 -- .../rabbitmq-sink-ssl.sh | 3 +- .../security/certs-create.sh | 80 -- .../rabbitmq-source-ssl.sh | 3 +- .../security/certs-create.sh | 80 -- .../docker-compose.plaintext.yml | 2 +- .../connect-splunk-source/splunk-source.sh | 40 +- environment/2way-ssl/start.sh | 6 +- environment/sasl-ssl/security/certs-create.sh | 10 +- environment/sasl-ssl/start.sh | 6 +- environment/ssl_kerberos/start.sh | 8 +- .../start-ldaps.sh | 6 +- reproduction-models | 2 +- scripts/cli/completions.bash | 862 +++++++++--------- scripts/cli/playground | 183 ++++ scripts/cli/playground.json | 43 + scripts/cli/playground.yaml | 32 + scripts/cli/src/bashly.yml | 35 + .../cli/src/commands/tools/certs-create.sh | 28 + scripts/cli/src/openssl.cnf | 392 ++++++++ scripts/cli/src/ssl/certs-create.sh | 95 ++ 33 files changed, 1291 insertions(+), 1130 deletions(-) delete mode 100755 connect/connect-active-mq-sink/security/certs-create.sh delete mode 100755 connect/connect-active-mq-source/security/certs-create.sh delete mode 100755 connect/connect-ibm-mq-sink/security/certs-create.sh delete mode 100755 connect/connect-ibm-mq-source/security/certs-create.sh delete mode 100755 connect/connect-mqtt-sink/security/certs-create.sh delete mode 100755 connect/connect-mqtt-source/security/certs-create.sh delete mode 100755 connect/connect-rabbitmq-sink/security/certs-create.sh delete mode 100755 connect/connect-rabbitmq-source/security/certs-create.sh create mode 100644 scripts/cli/src/commands/tools/certs-create.sh create mode 100644 scripts/cli/src/openssl.cnf create mode 100755 scripts/cli/src/ssl/certs-create.sh diff --git a/connect/connect-active-mq-sink/active-mq-sink-mtls.sh b/connect/connect-active-mq-sink/active-mq-sink-mtls.sh index b7f927a5a..cf9a414df 100755 --- a/connect/connect-active-mq-sink/active-mq-sink-mtls.sh +++ b/connect/connect-active-mq-sink/active-mq-sink-mtls.sh @@ -4,10 +4,9 @@ set -e DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" source ${DIR}/../../scripts/utils.sh -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL using rmohr/activemq:5.15.9 image" -docker run -u0 --rm -v $PWD:/tmp rmohr/activemq:5.15.9 bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/" -cd ${DIR} +cd ../../connect/connect-active-mq-sink/security +playground tools certs-create --output-folder "$PWD" --container connect --container activemq +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.mtls.yml" diff --git a/connect/connect-active-mq-sink/security/certs-create.sh b/connect/connect-active-mq-sink/security/certs-create.sh deleted file mode 100755 index bc2f48cab..000000000 --- a/connect/connect-active-mq-sink/security/certs-create.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect activemq -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > /tmp/${i}_sslkey_creds - echo "confluent" > /tmp/${i}_keystore_creds - echo "confluent" > /tmp/${i}_truststore_creds - - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore "/usr/local/openjdk-8/lib/security/cacerts" -srcstorepass changeit -deststorepass confluent -done diff --git a/connect/connect-active-mq-source/security/certs-create.sh b/connect/connect-active-mq-source/security/certs-create.sh deleted file mode 100755 index bc2f48cab..000000000 --- a/connect/connect-active-mq-source/security/certs-create.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect activemq -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > /tmp/${i}_sslkey_creds - echo "confluent" > /tmp/${i}_keystore_creds - echo "confluent" > /tmp/${i}_truststore_creds - - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore "/usr/local/openjdk-8/lib/security/cacerts" -srcstorepass changeit -deststorepass confluent -done diff --git a/connect/connect-ibm-mq-sink/ibm-mq-sink-mtls.sh b/connect/connect-ibm-mq-sink/ibm-mq-sink-mtls.sh index 5de5fc8b0..7402443c3 100755 --- a/connect/connect-ibm-mq-sink/ibm-mq-sink-mtls.sh +++ b/connect/connect-ibm-mq-sink/ibm-mq-sink-mtls.sh @@ -31,10 +31,9 @@ then fi cd - -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" -cd ${DIR} +cd ../../connect/connect-ibm-mq-sink/security +playground tools certs-create --output-folder "$PWD" --container connect --container ibmmq +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.mtls.yml" diff --git a/connect/connect-ibm-mq-sink/ibm-mq-sink-ssl.sh b/connect/connect-ibm-mq-sink/ibm-mq-sink-ssl.sh index 7ce278ff8..c04379eef 100755 --- a/connect/connect-ibm-mq-sink/ibm-mq-sink-ssl.sh +++ b/connect/connect-ibm-mq-sink/ibm-mq-sink-ssl.sh @@ -31,10 +31,9 @@ then fi cd - -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" -cd ${DIR} +cd ../../connect/connect-ibm-mq-sink/security +playground tools certs-create --output-folder "$PWD" --container connect --container ibmmq +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.ssl.yml" diff --git a/connect/connect-ibm-mq-sink/security/certs-create.sh b/connect/connect-ibm-mq-sink/security/certs-create.sh deleted file mode 100755 index e9e0733a3..000000000 --- a/connect/connect-ibm-mq-sink/security/certs-create.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect ibmmq -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > ${i}_sslkey_creds - echo "confluent" > ${i}_keystore_creds - echo "confluent" > ${i}_truststore_creds - - # Create pem files and keys used for Schema Registry HTTPS testing - # openssl x509 -noout -modulus -in client.certificate.pem | openssl md5 - # openssl rsa -noout -modulus -in client.key | openssl md5 - # log "GET /" | openssl s_client -connect localhost:8081/subjects -cert client.certificate.pem -key client.key -tls1 - keytool -export -alias $i -file /tmp/$i.der -keystore /tmp/kafka.$i.keystore.jks -storepass confluent - openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem - keytool -importkeystore -srckeystore /tmp/kafka.$i.keystore.jks -destkeystore /tmp/$i.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt - openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent - - - cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore $cacerts_path -srcstorepass changeit -deststorepass confluent - -done diff --git a/connect/connect-ibm-mq-source/ibm-mq-mtls.sh b/connect/connect-ibm-mq-source/ibm-mq-mtls.sh index 86868e639..cd58f5075 100755 --- a/connect/connect-ibm-mq-source/ibm-mq-mtls.sh +++ b/connect/connect-ibm-mq-source/ibm-mq-mtls.sh @@ -31,10 +31,9 @@ then fi cd - -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" -cd ${DIR} +cd ../../connect/connect-ibm-mq-source/security +playground tools certs-create --output-folder "$PWD" --container connect --container ibmmq +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.mtls.yml" diff --git a/connect/connect-ibm-mq-source/ibm-mq-ssl.sh b/connect/connect-ibm-mq-source/ibm-mq-ssl.sh index d49c8518a..aea02b60a 100755 --- a/connect/connect-ibm-mq-source/ibm-mq-ssl.sh +++ b/connect/connect-ibm-mq-source/ibm-mq-ssl.sh @@ -31,10 +31,9 @@ then fi cd - -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" -cd ${DIR} +cd ../../connect/connect-ibm-mq-source/security +playground tools certs-create --output-folder "$PWD" --container connect --container ibmmq +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.ssl.yml" diff --git a/connect/connect-ibm-mq-source/security/certs-create.sh b/connect/connect-ibm-mq-source/security/certs-create.sh deleted file mode 100755 index e9e0733a3..000000000 --- a/connect/connect-ibm-mq-source/security/certs-create.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect ibmmq -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > ${i}_sslkey_creds - echo "confluent" > ${i}_keystore_creds - echo "confluent" > ${i}_truststore_creds - - # Create pem files and keys used for Schema Registry HTTPS testing - # openssl x509 -noout -modulus -in client.certificate.pem | openssl md5 - # openssl rsa -noout -modulus -in client.key | openssl md5 - # log "GET /" | openssl s_client -connect localhost:8081/subjects -cert client.certificate.pem -key client.key -tls1 - keytool -export -alias $i -file /tmp/$i.der -keystore /tmp/kafka.$i.keystore.jks -storepass confluent - openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem - keytool -importkeystore -srckeystore /tmp/kafka.$i.keystore.jks -destkeystore /tmp/$i.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt - openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent - - - cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore $cacerts_path -srcstorepass changeit -deststorepass confluent - -done diff --git a/connect/connect-mqtt-sink/mqtt-sink-mtls.sh b/connect/connect-mqtt-sink/mqtt-sink-mtls.sh index 33e5e6126..6efa9a645 100755 --- a/connect/connect-mqtt-sink/mqtt-sink-mtls.sh +++ b/connect/connect-mqtt-sink/mqtt-sink-mtls.sh @@ -4,10 +4,9 @@ set -e DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" source ${DIR}/../../scripts/utils.sh -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" -cd ${DIR} +cd ../../connect/connect-mqtt-sink/security +playground tools certs-create --output-folder "$PWD" --container connect --container mosquitto +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.mtls.yml" diff --git a/connect/connect-mqtt-sink/security/certs-create.sh b/connect/connect-mqtt-sink/security/certs-create.sh deleted file mode 100755 index d047f0072..000000000 --- a/connect/connect-mqtt-sink/security/certs-create.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect mosquitto -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > ${i}_sslkey_creds - echo "confluent" > ${i}_keystore_creds - echo "confluent" > ${i}_truststore_creds - - # Create pem files and keys used for Schema Registry HTTPS testing - # openssl x509 -noout -modulus -in client.certificate.pem | openssl md5 - # openssl rsa -noout -modulus -in client.key | openssl md5 - # log "GET /" | openssl s_client -connect localhost:8081/subjects -cert client.certificate.pem -key client.key -tls1 - keytool -export -alias $i -file /tmp/$i.der -keystore /tmp/kafka.$i.keystore.jks -storepass confluent - openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem - keytool -importkeystore -srckeystore /tmp/kafka.$i.keystore.jks -destkeystore /tmp/$i.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt - openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent - - - cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore $cacerts_path -srcstorepass changeit -deststorepass confluent - -done diff --git a/connect/connect-mqtt-source/mqtt-source-mtls.sh b/connect/connect-mqtt-source/mqtt-source-mtls.sh index cc360fb1a..8b8c114ff 100755 --- a/connect/connect-mqtt-source/mqtt-source-mtls.sh +++ b/connect/connect-mqtt-source/mqtt-source-mtls.sh @@ -5,10 +5,9 @@ set -e DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" source ${DIR}/../../scripts/utils.sh -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" -cd ${DIR} +cd ../../connect/connect-mqtt-source/security +playground tools certs-create --output-folder "$PWD" --container connect --container mosquitto +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.mtls.yml" diff --git a/connect/connect-mqtt-source/security/certs-create.sh b/connect/connect-mqtt-source/security/certs-create.sh deleted file mode 100755 index d047f0072..000000000 --- a/connect/connect-mqtt-source/security/certs-create.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect mosquitto -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > ${i}_sslkey_creds - echo "confluent" > ${i}_keystore_creds - echo "confluent" > ${i}_truststore_creds - - # Create pem files and keys used for Schema Registry HTTPS testing - # openssl x509 -noout -modulus -in client.certificate.pem | openssl md5 - # openssl rsa -noout -modulus -in client.key | openssl md5 - # log "GET /" | openssl s_client -connect localhost:8081/subjects -cert client.certificate.pem -key client.key -tls1 - keytool -export -alias $i -file /tmp/$i.der -keystore /tmp/kafka.$i.keystore.jks -storepass confluent - openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem - keytool -importkeystore -srckeystore /tmp/kafka.$i.keystore.jks -destkeystore /tmp/$i.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt - openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent - - - cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore $cacerts_path -srcstorepass changeit -deststorepass confluent - -done diff --git a/connect/connect-rabbitmq-sink/rabbitmq-sink-ssl.sh b/connect/connect-rabbitmq-sink/rabbitmq-sink-ssl.sh index c46bc74e5..05f9fff08 100755 --- a/connect/connect-rabbitmq-sink/rabbitmq-sink-ssl.sh +++ b/connect/connect-rabbitmq-sink/rabbitmq-sink-ssl.sh @@ -5,8 +5,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" source ${DIR}/../../scripts/utils.sh cd ../../connect/connect-rabbitmq-sink/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" +playground tools certs-create --output-folder "$PWD" --container connect --container rabbitmq cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} diff --git a/connect/connect-rabbitmq-sink/security/certs-create.sh b/connect/connect-rabbitmq-sink/security/certs-create.sh deleted file mode 100755 index 04573a38e..000000000 --- a/connect/connect-rabbitmq-sink/security/certs-create.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect rabbitmq -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > ${i}_sslkey_creds - echo "confluent" > ${i}_keystore_creds - echo "confluent" > ${i}_truststore_creds - - # Create pem files and keys used for Schema Registry HTTPS testing - # openssl x509 -noout -modulus -in client.certificate.pem | openssl md5 - # openssl rsa -noout -modulus -in client.key | openssl md5 - # log "GET /" | openssl s_client -connect localhost:8081/subjects -cert client.certificate.pem -key client.key -tls1 - keytool -export -alias $i -file /tmp/$i.der -keystore /tmp/kafka.$i.keystore.jks -storepass confluent - openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem - keytool -importkeystore -srckeystore /tmp/kafka.$i.keystore.jks -destkeystore /tmp/$i.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt - openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent - - - cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore $cacerts_path -srcstorepass changeit -deststorepass confluent - -done diff --git a/connect/connect-rabbitmq-source/rabbitmq-source-ssl.sh b/connect/connect-rabbitmq-source/rabbitmq-source-ssl.sh index 9f695c51d..642c42fc7 100755 --- a/connect/connect-rabbitmq-source/rabbitmq-source-ssl.sh +++ b/connect/connect-rabbitmq-source/rabbitmq-source-ssl.sh @@ -5,8 +5,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" source ${DIR}/../../scripts/utils.sh cd ../../connect/connect-rabbitmq-source/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/ && chmod a+r /tmp/*" +playground tools certs-create --output-folder "$PWD" --container connect --container rabbitmq cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} diff --git a/connect/connect-rabbitmq-source/security/certs-create.sh b/connect/connect-rabbitmq-source/security/certs-create.sh deleted file mode 100755 index 04573a38e..000000000 --- a/connect/connect-rabbitmq-source/security/certs-create.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/bash - -#set -o nounset \ -# -o errexit \ -# -o verbose \ -# -o xtrace - -# Cleanup files -rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile - -# Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent - -for i in connect rabbitmq -do - echo "------------------------------- $i -------------------------------" - - # Create host keystore - keytool -genkey -noprompt \ - -alias $i \ - -dname "CN=$i,OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ - -ext "SAN=dns:$i,dns:localhost" \ - -keystore /tmp/kafka.$i.keystore.jks \ - -keyalg RSA \ - -storepass confluent \ - -keypass confluent \ - -storetype pkcs12 - - # Create the certificate signing request (CSR) - keytool -keystore /tmp/kafka.$i.keystore.jks -alias $i -certreq -file /tmp/$i.csr -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #openssl req -in $i.csr -text -noout - -cat << EOF > /tmp/extfile -[req] -distinguished_name = req_distinguished_name -x509_extensions = v3_req -prompt = no -[req_distinguished_name] -CN = $i -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = $i -DNS.2 = localhost -EOF - # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile - - #openssl x509 -noout -text -in $i-ca1-signed.crt - - # Sign and import the CA cert into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Sign and import the host certificate into the keystore - keytool -noprompt -keystore /tmp/kafka.$i.keystore.jks -alias $i -import -file /tmp/$i-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:$i,dns:localhost" - #keytool -list -v -keystore kafka.$i.keystore.jks -storepass confluent - - # Create truststore and import the CA cert - keytool -noprompt -keystore /tmp/kafka.$i.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent - - # Save creds - echo "confluent" > ${i}_sslkey_creds - echo "confluent" > ${i}_keystore_creds - echo "confluent" > ${i}_truststore_creds - - # Create pem files and keys used for Schema Registry HTTPS testing - # openssl x509 -noout -modulus -in client.certificate.pem | openssl md5 - # openssl rsa -noout -modulus -in client.key | openssl md5 - # log "GET /" | openssl s_client -connect localhost:8081/subjects -cert client.certificate.pem -key client.key -tls1 - keytool -export -alias $i -file /tmp/$i.der -keystore /tmp/kafka.$i.keystore.jks -storepass confluent - openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem - keytool -importkeystore -srckeystore /tmp/kafka.$i.keystore.jks -destkeystore /tmp/$i.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt - openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent - - - cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" - keytool -noprompt -destkeystore /tmp/kafka.$i.truststore.jks -importkeystore -srckeystore $cacerts_path -srcstorepass changeit -deststorepass confluent - -done diff --git a/connect/connect-splunk-source/docker-compose.plaintext.yml b/connect/connect-splunk-source/docker-compose.plaintext.yml index 5cabefc74..473c4fb34 100644 --- a/connect/connect-splunk-source/docker-compose.plaintext.yml +++ b/connect/connect-splunk-source/docker-compose.plaintext.yml @@ -4,6 +4,6 @@ services: ports: - "8889:8889" volumes: - - ../../connect/connect-splunk-source/keystore.jks:/tmp/keystore.jks + - ../../connect/connect-splunk-source/security/kafka.splunk.keystore.jks:/tmp/kafka.splunk.keystore.jks environment: CONNECT_PLUGIN_PATH: /usr/share/confluent-hub-components/confluentinc-kafka-connect-splunk-source \ No newline at end of file diff --git a/connect/connect-splunk-source/splunk-source.sh b/connect/connect-splunk-source/splunk-source.sh index 8ce83f938..fb30561bb 100755 --- a/connect/connect-splunk-source/splunk-source.sh +++ b/connect/connect-splunk-source/splunk-source.sh @@ -4,19 +4,10 @@ set -e DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" source ${DIR}/../../scripts/utils.sh -KEYSTORE="${DIR}/keystore.jks" -if [ ! -f ${KEYSTORE} ] -then - OLDDIR=$PWD - - log "INFO: the file ${KEYSTORE} file is not present, generating it..." - cd ${DIR}/../../environment/sasl-ssl/security - - log "šŸ” Generate keys and certificates used for SSL" - docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/" - cd ${OLDDIR} - cp ${DIR}/../../environment/sasl-ssl/security/kafka.broker.keystore.jks ${DIR}/keystore.jks -fi +mkdir -p ../../connect/connect-splunk-source/security +cd ../../connect/connect-splunk-source/security +playground tools certs-create --output-folder "$PWD" --container splunk +cd - PLAYGROUND_ENVIRONMENT=${PLAYGROUND_ENVIRONMENT:-"plaintext"} playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker-compose-override-file "${PWD}/docker-compose.plaintext.yml" @@ -24,16 +15,16 @@ playground start-environment --environment "${PLAYGROUND_ENVIRONMENT}" --docker- log "Creating Splunk source connector" playground connector create-or-update --connector splunk-source << EOF { - "connector.class": "io.confluent.connect.SplunkHttpSourceConnector", - "tasks.max": "1", - "kafka.topic": "splunk-source", - "splunk.collector.index.default": "default-index", - "splunk.port": "8889", - "splunk.ssl.key.store.path": "/tmp/keystore.jks", - "splunk.ssl.key.store.password": "confluent", - "confluent.topic.bootstrap.servers": "broker:9092", - "confluent.topic.replication.factor": "1" - } + "connector.class": "io.confluent.connect.SplunkHttpSourceConnector", + "tasks.max": "1", + "kafka.topic": "splunk-source", + "splunk.collector.index.default": "default-index", + "splunk.port": "8889", + "splunk.ssl.key.store.path": "/tmp/kafka.splunk.keystore.jks", + "splunk.ssl.key.store.password": "confluent", + "confluent.topic.bootstrap.servers": "broker:9092", + "confluent.topic.replication.factor": "1" +} EOF sleep 5 @@ -44,5 +35,4 @@ curl -k -X POST https://localhost:8889/services/collector/event -d '{"event":"fr sleep 5 log "Verifying topic splunk-source" -playground topic consume --topic splunk-source --min-expected-messages 1 --timeout 60 - +playground topic consume --topic splunk-source --min-expected-messages 1 --timeout 60 \ No newline at end of file diff --git a/environment/2way-ssl/start.sh b/environment/2way-ssl/start.sh index 19a88488a..65d014ce3 100755 --- a/environment/2way-ssl/start.sh +++ b/environment/2way-ssl/start.sh @@ -23,11 +23,7 @@ then fi set_profiles -OLDDIR=$PWD -cd ${OLDDIR}/../../environment/2way-ssl/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/" -cd ${OLDDIR} +playground tools certs-create --output-folder "${PWD}/../../environment/2way-ssl/security" docker compose -f ../../environment/plaintext/docker-compose.yml -f ../../environment/2way-ssl/docker-compose.yml ${ENABLE_DOCKER_COMPOSE_FILE_OVERRIDE} build docker compose -f ../../environment/plaintext/docker-compose.yml -f ../../environment/2way-ssl/docker-compose.yml ${ENABLE_DOCKER_COMPOSE_FILE_OVERRIDE} down -v --remove-orphans diff --git a/environment/sasl-ssl/security/certs-create.sh b/environment/sasl-ssl/security/certs-create.sh index a2948f8ed..0a1687402 100755 --- a/environment/sasl-ssl/security/certs-create.sh +++ b/environment/sasl-ssl/security/certs-create.sh @@ -9,7 +9,7 @@ rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile # Generate CA key -openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent +openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent -provider base for i in broker broker2 broker3 client schema-registry restproxy connect connect2 connect3 control-center clientrestproxy ksqldb-server conduktor do @@ -44,7 +44,7 @@ DNS.1 = $i DNS.2 = localhost EOF # Sign the host certificate with the certificate authority (CA) - openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile + openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/$i.csr -out /tmp/$i-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile -provider base #openssl x509 -noout -text -in $i-ca1-signed.crt @@ -69,9 +69,9 @@ EOF # openssl rsa -noout -modulus -in client.key | openssl md5 # log "GET /" | openssl s_client -connect localhost:8081/subjects -cert client.certificate.pem -key client.key -tls1 keytool -export -alias $i -file /tmp/$i.der -keystore /tmp/kafka.$i.keystore.jks -storepass confluent - openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem + openssl x509 -inform der -in /tmp/$i.der -out /tmp/$i.certificate.pem -provider base keytool -importkeystore -srckeystore /tmp/kafka.$i.keystore.jks -destkeystore /tmp/$i.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt - openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent + openssl pkcs12 -in /tmp/$i.keystore.p12 -nodes -nocerts -out /tmp/$i.key -passin pass:confluent -provider base -nomacver cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" @@ -82,7 +82,7 @@ done # https://stackoverflow.com/a/8224863 openssl pkcs12 -export -in /tmp/clientrestproxy-ca1-signed.crt -inkey /tmp/clientrestproxy.key \ -out /tmp/clientrestproxy.p12 -name clientrestproxy \ - -CAfile /tmp/snakeoil-ca-1.crt -caname CARoot -passout pass:confluent + -CAfile /tmp/snakeoil-ca-1.crt -caname CARoot -passout pass:confluent -provider base --nomac keytool -importkeystore \ -deststorepass confluent -destkeypass confluent -destkeystore /tmp/kafka.restproxy.keystore.jks \ diff --git a/environment/sasl-ssl/start.sh b/environment/sasl-ssl/start.sh index 860be87f5..70f30046d 100755 --- a/environment/sasl-ssl/start.sh +++ b/environment/sasl-ssl/start.sh @@ -11,11 +11,7 @@ check_docker_compose_version check_bash_version check_playground_version -OLDDIR=$PWD -cd ${OLDDIR}/../../environment/sasl-ssl/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/" -cd ${OLDDIR}/../../environment/sasl-ssl +playground tools certs-create --output-folder "${PWD}/../../environment/sasl-ssl/security" nb_connect_services=0 ENABLE_DOCKER_COMPOSE_FILE_OVERRIDE="" diff --git a/environment/ssl_kerberos/start.sh b/environment/ssl_kerberos/start.sh index dc1d3dd91..30396b17d 100755 --- a/environment/ssl_kerberos/start.sh +++ b/environment/ssl_kerberos/start.sh @@ -11,13 +11,7 @@ check_docker_compose_version check_bash_version check_playground_version - -OLDDIR=$PWD -cd ${OLDDIR}/../../environment/ssl_kerberos/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/" -cd ${OLDDIR}/../../environment/ssl_kerberos - +playground tools certs-create --output-folder "${PWD}/../../environment/ssl_kerberos/security" # Starting kerberos, # Avoiding starting up all services at the begining to generate the keytab first diff --git a/other/ldap-authorizer-with-ldap-failover/start-ldaps.sh b/other/ldap-authorizer-with-ldap-failover/start-ldaps.sh index b3f8e539f..9e93c60c0 100755 --- a/other/ldap-authorizer-with-ldap-failover/start-ldaps.sh +++ b/other/ldap-authorizer-with-ldap-failover/start-ldaps.sh @@ -4,10 +4,8 @@ set -e DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" source ${DIR}/../../scripts/utils.sh -cd ${DIR}/security -log "šŸ” Generate keys and certificates used for SSL" -docker run -u0 --rm -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh > /dev/null 2>&1 && chown -R $(id -u $USER):$(id -g $USER) /tmp/" -cd ${DIR} + +playground tools certs-create --output-folder "${PWD}/../../other/ldap-authorizer-with-ldap-failover/security" playground start-environment --environment ldap-authorizer-sasl-plain --docker-compose-override-file "${PWD}/docker-compose.ldap-authorizer-sasl-plain.ldaps.yml" diff --git a/reproduction-models b/reproduction-models index d25236aac..4c3704b92 160000 --- a/reproduction-models +++ b/reproduction-models @@ -1 +1 @@ -Subproject commit d25236aacc23f7f1196c77af6b995c2bfa715689 +Subproject commit 4c3704b920973dc5a677b6f7b84a49004031f0ac diff --git a/scripts/cli/completions.bash b/scripts/cli/completions.bash index 01399aa3f..01381e2cd 100644 --- a/scripts/cli/completions.bash +++ b/scripts/cli/completions.bash @@ -32,14 +32,14 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'connector open-ccloud-connector-in-browser'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") - ;; - *'config open-ccloud-connector-in-browser automatically'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; + *'connector open-ccloud-connector-in-browser'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + ;; + *'config open-ccloud-connector-in-browser browser'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; @@ -48,28 +48,32 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; + *'tcp-proxy toggle-writes-service'*'--connection-id') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") + ;; + *'connector offsets get-offsets-request-status'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'tcp-proxy toggle-writes-service'*'--connection-id') + *'tcp-proxy toggle-writes-client'*'--connection-id') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") ;; - *'topic set-schema-compatibility'*'--compatibility') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "BACKWARD BACKWARD_TRANSITIVE FORWARD FORWARD_TRANSITIVE FULL FULL_TRANSITIVE NONE")" -- "$cur") + *'tcp-proxy toggle-reads-service'*'--connection-id') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") ;; *'connector-plugin search-jar'*'--connector-plugin') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-plugin "$cur")")" -- "$cur") ;; - *'tcp-proxy toggle-writes-client'*'--connection-id') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") + *'topic set-schema-compatibility'*'--compatibility') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "BACKWARD BACKWARD_TRANSITIVE FORWARD FORWARD_TRANSITIVE FULL FULL_TRANSITIVE NONE")" -- "$cur") ;; - *'tcp-proxy toggle-reads-service'*'--connection-id') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") + *'connector offsets get-offsets-request-status'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; *'connector open-ccloud-connector-in-browser'*'-c') @@ -84,10 +88,6 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; - *'connector offsets get-offsets-request-status'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") - ;; - *'ec2 sync-repro-folder ec2-to-local'*'--instance') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; @@ -120,10 +120,6 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") ;; - *'topic produce'*'--key-subject-name-strategy') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "TopicNameStrategy RecordNameStrategy TopicRecordNameStrategy")" -- "$cur") - ;; - *'debug enable-remote-debugging'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; @@ -132,35 +128,35 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") ;; - *'schema set-compatibility'*'--compatibility') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "BACKWARD BACKWARD_TRANSITIVE FORWARD FORWARD_TRANSITIVE FULL FULL_TRANSITIVE NONE")" -- "$cur") + *'topic produce'*'--key-subject-name-strategy') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "TopicNameStrategy RecordNameStrategy TopicRecordNameStrategy")" -- "$cur") ;; *'config open-ccloud-connector-in-browser'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h automatically browser")" -- "$cur") ;; - *'topic set-schema-compatibility'*'--topic') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") + *'schema set-compatibility'*'--compatibility') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "BACKWARD BACKWARD_TRANSITIVE FORWARD FORWARD_TRANSITIVE FULL FULL_TRANSITIVE NONE")" -- "$cur") ;; - *'container set-environment-variables'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'connector create-or-update'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; *'debug generate-diagnostics'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector create-or-update'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'topic set-schema-compatibility'*'--topic') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'ec2 sync-repro-folder ec2-to-local'*'-i') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") + *'container set-environment-variables'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'ec2 sync-repro-folder local-to-ec2'*'-i') + *'ec2 sync-repro-folder ec2-to-local'*'-i') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; @@ -168,20 +164,20 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'container set-environment-variables'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --env --help --restore-original-values -c -h")" -- "$cur") + *'ec2 sync-repro-folder local-to-ec2'*'-i') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; - *'container get-properties'*'--container') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'container set-environment-variables'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --env --help --restore-original-values -c -h")" -- "$cur") ;; *'tcp-proxy toggle-accept-connections'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'ec2 sync-repro-folder ec2-to-local'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance -h -i")" -- "$cur") + *'container get-properties'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; *'connector offsets reset'*'--connector') @@ -196,14 +192,22 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance -h -i")" -- "$cur") ;; - *'connector show-config-parameters'*'-c') + *'connector select-config'*'--connector') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'connector select-config'*'--connector') + *'connector show-config-parameters'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; + *'ec2 sync-repro-folder ec2-to-local'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance -h -i")" -- "$cur") + ;; + + *'cleanup-cloud-resources'*'--resource') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "aws gcp azure ccloud salesforce")" -- "$cur") + ;; + *'schema get-compatibility'*'--subject') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; @@ -212,60 +216,48 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; - *'cleanup-cloud-resources'*'--resource') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "aws gcp azure ccloud salesforce")" -- "$cur") - ;; - *'connector create-or-update'*'--level') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") ;; - *'connector show-config-parameters'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --force-refresh --help --only-show-json --open --verbose -c -h -o -v")" -- "$cur") + *'connector offsets get'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'connector show-config'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'topic produce'*'--compression-codec') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "gzip snappy lz4 zstd")" -- "$cur") ;; *'debug flight-recorder'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector offsets get'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") - ;; - *'topic set-schema-compatibility'*'-t') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'topic produce'*'--compression-codec') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "gzip snappy lz4 zstd")" -- "$cur") + *'connector show-config-parameters'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --force-refresh --help --only-show-json --open --verbose -c -h -o -v")" -- "$cur") ;; - *'tcp-proxy toggle-writes-service'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") + *'connector show-config'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'debug enable-remote-debugging'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'topic get-number-records'*'--topic') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; *'container change-jdk'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'topic get-number-records'*'--topic') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") - ;; - - *'tcp-proxy delay'*'--connection-id') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") + *'debug enable-remote-debugging'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'topic produce'*'--validate-config') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "scrub.invalid.names=true enhanced.avro.schema.support=true connect.meta.data=false object.additional.properties=false use.optional.for.nonrequired=true ignore.default.for.nullables=true generalized.sum.type.support=true enhanced.protobuf.schema.support=true generate.index.for.unions=false int.for.enums=true optional.for.nullables=true generate.struct.for.nulls=true wrapper.for.nullables=true wrapper.for.raw.primitives=false")" -- "$cur") + *'tcp-proxy toggle-writes-service'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") ;; *'tcp-proxy break'*'--connection-id') @@ -276,32 +268,36 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") ;; - *'debug block-traffic'*'--container') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'tcp-proxy toggle-writes-client'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") ;; - *'connector log-level'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'tcp-proxy delay'*'--connection-id') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zazkia-connection-list)")" -- "$cur") ;; - *'topic set-schema-compatibility'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--compatibility --help --topic --verbose -h -t -v")" -- "$cur") + *'tools install-vscode-extension'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'topic display-consumer-offsets'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --verbose -h -v")" -- "$cur") + *'connector log-level'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'tcp-proxy toggle-writes-client'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") + *'topic produce'*'--validate-config') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "scrub.invalid.names=true enhanced.avro.schema.support=true connect.meta.data=false object.additional.properties=false use.optional.for.nonrequired=true ignore.default.for.nullables=true generalized.sum.type.support=true enhanced.protobuf.schema.support=true generate.index.for.unions=false int.for.enums=true optional.for.nullables=true generate.struct.for.nulls=true wrapper.for.nullables=true wrapper.for.raw.primitives=false")" -- "$cur") ;; - *'tools install-vscode-extension'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + *'debug block-traffic'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'tcp-proxy toggle-reads-client'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") + *'topic set-schema-compatibility'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--compatibility --help --topic --verbose -h -t -v")" -- "$cur") + ;; + + *'topic display-consumer-offsets'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --verbose -h -v")" -- "$cur") ;; *'tools read-parquet-file'*'--file') @@ -312,26 +308,30 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") ;; - *'connector show-lag'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") - ;; - *'connector-plugin search-jar'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-plugin "$cur")")" -- "$cur") ;; - *'debug flight-recorder'*'--action') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "start stop")" -- "$cur") + *'tcp-proxy toggle-reads-client'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") ;; - *'connector snippets'*'--converter') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "avro protobuf json-schema json json-schema-enabled string bytearray")" -- "$cur") + *'debug flight-recorder'*'--action') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "start stop")" -- "$cur") ;; *'container change-jdk'*'--version') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "8 11 17 21 22")" -- "$cur") ;; + *'connector show-lag'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + ;; + + *'connector snippets'*'--converter') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "avro protobuf json-schema json json-schema-enabled string bytearray")" -- "$cur") + ;; + *'update-version'*'--connector-zip') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zip-or-jar-with-fzf --type zip "$cur")")" -- "$cur") ;; @@ -340,15 +340,11 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zip-or-jar-with-fzf --type jar "$cur")")" -- "$cur") ;; - *'debug generate-diagnostics'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") - ;; - *'connector restart'*'--connector') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'debug thread-dump'*'--container') + *'debug generate-diagnostics'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; @@ -356,12 +352,8 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'topic produce'*'--compatibility') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "BACKWARD BACKWARD_TRANSITIVE FORWARD FORWARD_TRANSITIVE FULL FULL_TRANSITIVE NONE")" -- "$cur") - ;; - - *'connector create-or-update'*'-l') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") + *'debug thread-dump'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; *'container restart'*'--container') @@ -372,36 +364,40 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; - *'connector unpause'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") - ;; - *'connector create-or-update'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'connector delete'*'--connector') + *'connector unpause'*'--connector') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'container resume'*'--container') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'connector create-or-update'*'-l') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") ;; - *'connector-plugin versions'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-plugin "$cur")")" -- "$cur") + *'topic produce'*'--compatibility') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "BACKWARD BACKWARD_TRANSITIVE FORWARD FORWARD_TRANSITIVE FULL FULL_TRANSITIVE NONE")" -- "$cur") ;; *'connector resume'*'--connector') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; + *'connector-plugin search-jar'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--class --connector-plugin --connector-tag --help -c -h")" -- "$cur") + ;; + + *'connector update'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + ;; + *'connector status'*'--connector') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'schema set-normalize'*'--value') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "true false")" -- "$cur") + *'connector-plugin versions'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-plugin "$cur")")" -- "$cur") ;; *'debug block-traffic'*'--action') @@ -412,32 +408,44 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector-plugin search-jar'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--class --connector-plugin --connector-tag --help -c -h")" -- "$cur") + *'schema set-normalize'*'--value') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "true false")" -- "$cur") ;; - *'connector update'*'--connector') + *'container resume'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + ;; + + *'connector delete'*'--connector') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'container pause'*'--container') + *'debug heap-dump'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector pause'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'topic get-number-records'*'-t') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; *'debug log-level set'*'--level') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") ;; + *'topic consume'*'--key-subject') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") + ;; + *'get-jmx-metrics'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'debug heap-dump'*'--container') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'debug generate-diagnostics'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") + ;; + + *'connector pause'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; *'container get-properties'*'-c') @@ -448,44 +456,36 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'connector log-level'*'--level') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") - ;; - - *'debug generate-diagnostics'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") + *'container pause'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; *'tcp-proxy close-connection'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --help -h")" -- "$cur") ;; + *'tools read-avro-file'*'--file') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-specific-file-extension "$cur" --extension "avro")")" -- "$cur") + ;; + *'connector create-or-update'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --initial-state --level --offsets --package --skip-automatic-connector-config --validate --verbose --wait-for-zero-lag -c -h -l -p -v")" -- "$cur") ;; - *'topic get-number-records'*'-t') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") - ;; - - *'tools read-avro-file'*'--file') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-specific-file-extension "$cur" --extension "avro")")" -- "$cur") - ;; - - *'topic consume'*'--key-subject') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") + *'connector log-level'*'--level') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") ;; *'connector offsets reset'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'container exec'*'--container') + *'tcp-proxy start'*'--hostname') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector stop'*'--connector') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'container logs'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; *'tcp-proxy get-connections'*) @@ -496,58 +496,54 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'repro bootstrap'*'--pipeline') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-examples-list-with-fzf --without-repro --sink-only "$cur")")" -- "$cur") - ;; - - *'container logs'*'--container') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") - ;; - *'repro bootstrap'*'--producer') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "none avro avro-with-key protobuf protobuf-with-key json-schema json-schema-with-key")" -- "$cur") ;; - *'ec2 create'*'--instance-type') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "c1.medium c1.xlarge c3.2xlarge c3.4xlarge c3.8xlarge c3.large c3.xlarge c4.2xlarge c4.4xlarge c4.large c4.xlarge m1.large m1.medium m1.small m1.xlarge m2.2xlarge m2.4xlarge m2.xlarge m3.2xlarge m3.large m3.medium m3.xlarge m4.10xlarge m4.2xlarge m4.4xlarge m4.large m4.xlarge t1.micro t2.large t2.medium t2.micro t2.nano t2.small t3.2xlarge")" -- "$cur") + *'connector offsets alter'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; *'debug block-traffic'*'--port') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-docker-ports)")" -- "$cur") ;; - *'tcp-proxy start'*'--hostname') + *'debug tcp-dump'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; + *'tools read-parquet-file'*'-f') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-specific-file-extension "$cur" --extension "parquet")")" -- "$cur") + ;; + + *'ec2 create'*'--instance-type') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "c1.medium c1.xlarge c3.2xlarge c3.4xlarge c3.8xlarge c3.large c3.xlarge c4.2xlarge c4.4xlarge c4.large c4.xlarge m1.large m1.medium m1.small m1.xlarge m2.2xlarge m2.4xlarge m2.xlarge m3.2xlarge m3.large m3.medium m3.xlarge m4.10xlarge m4.2xlarge m4.4xlarge m4.large m4.xlarge t1.micro t2.large t2.medium t2.micro t2.nano t2.small t3.2xlarge")" -- "$cur") + ;; + *'config check-repo-version'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; + *'container exec'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + ;; + *'connector-plugin versions'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector-plugin --force-refresh --help --last -c -h")" -- "$cur") ;; - *'debug tcp-dump'*'--container') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'connector stop'*'--connector') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'connector offsets alter'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'repro bootstrap'*'--pipeline') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-examples-list-with-fzf --without-repro --sink-only "$cur")")" -- "$cur") ;; *'container kill'*'--container') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'tools read-parquet-file'*'-f') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-specific-file-extension "$cur" --extension "parquet")")" -- "$cur") - ;; - - *'run'*'--cluster-environment') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ccloud-environment-list "$cur")")" -- "$cur") - ;; - *'topic produce'*'--reference') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-predefined-schemas "$cur")")" -- "$cur") ;; @@ -560,60 +556,60 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; - *'remove-all-docker-images'*) + *'config folder_zip_or_jar'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'schema get-mode'*'--subject') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") + *'container ssh'*'--container') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'schema get-compatibility'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --subject --verbose -h -v")" -- "$cur") + *'run'*'--cluster-environment') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ccloud-environment-list "$cur")")" -- "$cur") ;; - *'debug java-debug'*'--action') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "enable disable")" -- "$cur") + *'topic get-number-records'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --topic -h -t")" -- "$cur") ;; - *'container ssh'*'--container') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'remove-all-docker-images'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + ;; + + *'debug java-debug'*'--action') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "enable disable")" -- "$cur") ;; *'schema set-mode'*'--subject') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; - *'topic get-number-records'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --topic -h -t")" -- "$cur") + *'schema get-compatibility'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --subject --verbose -h -v")" -- "$cur") ;; - *'schema set-compatibility'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--compatibility --help --subject --verbose -h -v")" -- "$cur") + *'schema get-mode'*'--subject') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; - *'config folder_zip_or_jar'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + *'schema set-compatibility'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--compatibility --help --subject --verbose -h -v")" -- "$cur") ;; - *'connector offsets alter'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") + *'debug flight-recorder'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector show-config'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'schema register'*'--schema') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-predefined-schemas "$cur")")" -- "$cur") ;; *'connector select-config'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help -c -h")" -- "$cur") ;; - *'schema register'*'--schema') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-predefined-schemas "$cur")")" -- "$cur") - ;; - - *'debug flight-recorder'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'connector offsets get'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; *'cleanup-cloud-resources'*) @@ -624,84 +620,92 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'connector offsets get'*'-c') + *'tools read-parquet-file'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--file --help -f -h")" -- "$cur") + ;; + + *'connector offsets alter'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") + ;; + + *'connector show-config'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'tools read-parquet-file'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--file --help -f -h")" -- "$cur") + *'container change-jdk'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; *'schema delete'*'--subject') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; - *'container change-jdk'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'tools read-avro-file'*'-f') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-specific-file-extension "$cur" --extension "avro")")" -- "$cur") ;; *'debug java-debug'*'--type') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "ssl_all ssl_handshake class_loading kerberos")" -- "$cur") ;; - *'tools read-avro-file'*'-f') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-specific-file-extension "$cur" --extension "avro")")" -- "$cur") + *'tcp-proxy start'*'--port') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-docker-ports)")" -- "$cur") ;; - *'container exec'*'--shell') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "bash sh ksh zsh")" -- "$cur") + *'connector log-level'*'-l') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") ;; - *'connector show-config'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --force-rest-endpoint --help --verbose -c -h -v")" -- "$cur") + *'schema set-mode'*'--mode') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "IMPORT READONLY READWRITE")" -- "$cur") ;; - *'cleanup-cloud-details'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + *'connector log-level'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'topic describe'*'--topic') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") + *'container exec'*'--shell') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "bash sh ksh zsh")" -- "$cur") ;; - *'ec2 sync-repro-folder'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h ec2-to-local local-to-ec2")" -- "$cur") + *'connector offsets get'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'schema set-mode'*'--mode') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "IMPORT READONLY READWRITE")" -- "$cur") + *'ec2 sync-repro-folder'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h ec2-to-local local-to-ec2")" -- "$cur") ;; - *'connector log-level'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'debug block-traffic'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'tcp-proxy start'*'--port') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-docker-ports)")" -- "$cur") + *'debug flight-recorder'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--action --container --help -c -h")" -- "$cur") ;; *'repro bootstrap'*'--file') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-examples-list-with-fzf --without-repro "$cur")")" -- "$cur") ;; - *'debug log-level set'*'-l') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") + *'cleanup-cloud-details'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'connector offsets get'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") + *'debug log-level set'*'-l') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") ;; - *'debug block-traffic'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'topic describe'*'--topic') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'connector log-level'*'-l') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN DEBUG TRACE")" -- "$cur") + *'connector show-config'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --force-rest-endpoint --help --verbose -c -h -v")" -- "$cur") ;; - *'debug flight-recorder'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--action --container --help -c -h")" -- "$cur") + *'ec2 delete'*'--instance') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-cloudformation-list $cur)")" -- "$cur") ;; *'topic produce'*'--topic') @@ -712,24 +716,24 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-predefined-schemas "$cur")")" -- "$cur") ;; - *'connector show-lag'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'topic consume'*'--topic') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'tools read-avro-file'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--file --help -f -h")" -- "$cur") + *'connector show-lag'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; *'schema set-normalize'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --value --verbose -h -v")" -- "$cur") ;; - *'ec2 delete'*'--instance') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-cloudformation-list $cur)")" -- "$cur") + *'tools read-avro-file'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--file --help -f -h")" -- "$cur") ;; - *'topic consume'*'--topic') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") + *'debug tcp-dump'*'--port') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-docker-ports)")" -- "$cur") ;; *'container ssh'*'--shell') @@ -740,115 +744,119 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help --version -c -h")" -- "$cur") ;; - *'debug tcp-dump'*'--port') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-docker-ports)")" -- "$cur") + *'connector open-docs'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --only-show-url -h")" -- "$cur") ;; - *'update-version'*'--tag') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-tag-list "$cur")")" -- "$cur") + *'debug log-level set'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --level --package -h -l -p")" -- "$cur") ;; - *'schema get'*'--subject') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") + *'connector log-level'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --level -c -h -l")" -- "$cur") ;; - *'ec2 start'*'--instance') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") + *'debug log-level get'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --package -h -p")" -- "$cur") ;; *'run'*'--cluster-region') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-kafka-region-list "$cur")")" -- "$cur") ;; - *'connector restart'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'update-version'*'--tag') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-tag-list "$cur")")" -- "$cur") ;; - *'connector unpause'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'debug block-traffic'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--action --container --destination --help --port -c -h")" -- "$cur") ;; *'topic delete'*'--topic') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'connector open-docs'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --only-show-url -h")" -- "$cur") + *'connector unpause'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'debug log-level set'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --level --package -h -l -p")" -- "$cur") + *'schema get'*'--subject') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-subject-list)")" -- "$cur") ;; - *'debug log-level get'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --package -h -p")" -- "$cur") + *'ec2 start'*'--instance') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; - *'connector log-level'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --level -c -h -l")" -- "$cur") + *'connector restart'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'debug thread-dump'*'-c') + *'container restart'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'container restart'*'-c') + *'container unpause'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'container unpause'*'-c') + *'debug thread-dump'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'debug block-traffic'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--action --container --destination --help --port -c -h")" -- "$cur") + *'connector show-lag'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --interval --max-wait --verbose -c -h -v")" -- "$cur") ;; - *'run'*'--cluster-cloud') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "aws gcp azure")" -- "$cur") + *'repro import'*'--file') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-playground-repro-export-with-fzf "$cur")")" -- "$cur") ;; - *'topic alter'*'--topic') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") + *'connector status'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'connector versions'*) + *'get-docker-compose'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'connector status'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'debug java-debug'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector resume'*'-c') + *'connector delete'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'topic produce'*'--key') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-predefined-schemas "$cur")")" -- "$cur") + *'connector snippets'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--converter --dlq --help -h")" -- "$cur") ;; - *'ec2 stop'*'--instance') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") + *'tools certs-create'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help --output-folder --verbose -h -v")" -- "$cur") ;; - *'ec2 open'*'--instance') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") + *'topic alter'*'--topic') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'connector delete'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'topic produce'*'--key') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-predefined-schemas "$cur")")" -- "$cur") ;; - *'connector show-lag'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --interval --max-wait --verbose -c -h -v")" -- "$cur") + *'connector versions'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'connector update'*'-c') + *'connector resume'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'get-docker-compose'*) + *'container recreate'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --ignore-current-versions -h")" -- "$cur") + ;; + + *'container kill-all'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; @@ -856,128 +864,128 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'debug java-debug'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'run'*'--cluster-cloud') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "aws gcp azure")" -- "$cur") ;; - *'connector snippets'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--converter --dlq --help -h")" -- "$cur") + *'connector update'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; - *'container recreate'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --ignore-current-versions -h")" -- "$cur") + *'ec2 open'*'--instance') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; - *'repro import'*'--file') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-playground-repro-export-with-fzf "$cur")")" -- "$cur") + *'ec2 stop'*'--instance') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") + ;; + + *'run'*'--connector-jar') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zip-or-jar-with-fzf --type jar "$cur")")" -- "$cur") ;; *'run'*'--connector-zip') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zip-or-jar-with-fzf --type zip "$cur")")" -- "$cur") ;; - *'container kill-all'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + *'run'*'--cluster-name') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ccloud-cluster-list "$cur")")" -- "$cur") ;; - *'run'*'--connector-jar') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-zip-or-jar-with-fzf --type jar "$cur")")" -- "$cur") + *'debug thread-dump'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") ;; - *'connector plugins'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--all --help --verbose -h -v")" -- "$cur") + *'connector unpause'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'debug heap-dump'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'repro bootstrap'*'-p') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "none avro avro-with-key protobuf protobuf-with-key json-schema json-schema-with-key")" -- "$cur") ;; - *'get-jmx-metrics'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'connector offsets'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h alter get get-offsets-request-status reset")" -- "$cur") ;; - *'debug thread-dump'*) + *'container restart'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") ;; - *'connector offsets'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h alter get get-offsets-request-status reset")" -- "$cur") + *'container unpause'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") ;; - *'repro bootstrap'*'-f') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-examples-list-with-fzf --without-repro "$cur")")" -- "$cur") + *'connector restart'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") + ;; + + *'connector pause'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + ;; + + *'connector plugins'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--all --help --verbose -h -v")" -- "$cur") ;; - *'repro bootstrap'*'-p') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "none avro avro-with-key protobuf protobuf-with-key json-schema json-schema-with-key")" -- "$cur") + *'container pause'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'run'*'--cluster-name') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ccloud-cluster-list "$cur")")" -- "$cur") + *'get-jmx-metrics'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; *'run'*'--cluster-type') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "basic standard dedicated")" -- "$cur") ;; - *'connector unpause'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") - ;; - - *'connector pause'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") + *'repro bootstrap'*'-f') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-examples-list-with-fzf --without-repro "$cur")")" -- "$cur") ;; - *'connector restart'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") + *'debug heap-dump'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'container unpause'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") + *'config clipboard'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'container restart'*) + *'container resume'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") ;; - *'container pause'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'debug java-debug'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--action --container --help --type -c -h")" -- "$cur") ;; *'topic describe'*'-t') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'connector delete'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") + *'debug tcp-dump'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'container kill'*'-c') + *'container logs'*'-c') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; - *'connector update'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help -c -h")" -- "$cur") + *'connector stop'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") ;; *'connector resume'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'container resume'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") - ;; - - *'connector stop'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-connector-list)")" -- "$cur") - ;; - - *'config clipboard'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + *'connector update'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help -c -h")" -- "$cur") ;; - *'run'*'--environment') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "ccloud plaintext sasl-ssl sasl-plain 2way-ssl sasl-scram kraft-external-plaintext kraft-plaintext kerberos ssl_kerberos ldap-authorizer-sasl-plain ldap-sasl-plain rbac-sasl-plain")" -- "$cur") + *'container kill'*'-c') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") ;; *'container exec'*'-c') @@ -988,44 +996,36 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'container logs'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") - ;; - - *'debug tcp-dump'*'-c') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(docker ps --format '{{.Names}}')")" -- "$cur") + *'connector delete'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'debug java-debug'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--action --container --help --type -c -h")" -- "$cur") + *'run'*'--environment') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "ccloud plaintext sasl-ssl sasl-plain 2way-ssl sasl-scram kraft-external-plaintext kraft-plaintext kerberos ssl_kerberos ldap-authorizer-sasl-plain ldap-sasl-plain rbac-sasl-plain")" -- "$cur") ;; *'connector-plugin'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h search-jar versions")" -- "$cur") ;; - *'connector pause'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") - ;; - - *'get-jmx-metrics'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --domain --help --open -c -d -h -o")" -- "$cur") + *'repro bootstrap'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--custom-smt --description --file --help --pipeline -d -f -h")" -- "$cur") ;; - *'tcp-proxy break'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--break-service-response --connection-id --help -h")" -- "$cur") + *'connector pause'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'tcp-proxy delay'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --delay-service-response --help -h")" -- "$cur") + *'topic consume'*'-t') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'tcp-proxy start'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--break-service-response --delay-service-response --help --hostname --port --service-response-corrupt --skip-automatic-connector-config --throttle-service-response -h")" -- "$cur") + *'debug heap-dump'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help --histo --live -c -h")" -- "$cur") ;; - *'debug log-level'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h get set")" -- "$cur") + *'container pause'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") ;; *'container ssh'*'-c') @@ -1036,126 +1036,130 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "bash sh ksh zsh")" -- "$cur") ;; - *'container pause'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") - ;; - - *'schema register'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --id --metadata-property --schema --subject --verbose -h -v")" -- "$cur") - ;; - - *'debug heap-dump'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help --histo --live -c -h")" -- "$cur") + *'tcp-proxy break'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--break-service-response --connection-id --help -h")" -- "$cur") ;; - *'schema set-mode'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --mode --subject --verbose -h -v")" -- "$cur") + *'tcp-proxy delay'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connection-id --delay-service-response --help -h")" -- "$cur") ;; - *'repro bootstrap'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--custom-smt --description --file --help --pipeline -d -f -h")" -- "$cur") + *'get-jmx-metrics'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --domain --help --open -c -d -h -o")" -- "$cur") ;; - *'topic consume'*'-t') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") + *'tcp-proxy start'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--break-service-response --delay-service-response --help --hostname --port --service-response-corrupt --skip-automatic-connector-config --throttle-service-response -h")" -- "$cur") ;; *'topic produce'*'-t') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'schema get-mode'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --subject --verbose -h -v")" -- "$cur") + *'debug log-level'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h get set")" -- "$cur") ;; - *'update-version'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector-jar --connector-tag --connector-zip --help --tag -h")" -- "$cur") + *'schema set-mode'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --mode --subject --verbose -h -v")" -- "$cur") ;; - *'topic describe'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --topic --verbose -h -t -v")" -- "$cur") + *'schema get-mode'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --subject --verbose -h -v")" -- "$cur") ;; - *'container logs'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help --max-wait --open --wait-for-log -c -h -m -o -w")" -- "$cur") + *'schema register'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --id --metadata-property --schema --subject --verbose -h -v")" -- "$cur") ;; - *'connector stop'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") + *'container kill'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") ;; *'connector logs'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --lcc-id --max-wait --open --wait-for-log -h -m -o -w")" -- "$cur") ;; + *'update-version'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector-jar --connector-tag --connector-zip --help --tag -h")" -- "$cur") + ;; + *'debug tcp-dump'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --duration --help --port -c -h")" -- "$cur") ;; - *'container kill'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help -c -h")" -- "$cur") + *'repro import'*'-f') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-playground-repro-export-with-fzf "$cur")")" -- "$cur") ;; - *'container exec'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--command --container --help --root --shell -c -h")" -- "$cur") + *'container logs'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help --max-wait --open --wait-for-log -c -h -m -o -w")" -- "$cur") ;; - *'topic delete'*'-t') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") + *'topic describe'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --topic --verbose -h -t -v")" -- "$cur") ;; - *'repro import'*'-f') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-playground-repro-export-with-fzf "$cur")")" -- "$cur") + *'topic delete'*'-t') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'--output-level') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN ERROR")" -- "$cur") + *'connector stop'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--connector --help --verbose -c -h -v")" -- "$cur") ;; - *'config editor'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + *'container exec'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--command --container --help --root --shell -c -h")" -- "$cur") ;; *'container ssh'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--container --help --shell -c -h -s")" -- "$cur") ;; - *'switch-ccloud'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") + *'topic consume'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--grep --help --key-subject --max-characters --max-messages --min-expected-messages --plot-latencies-timestamp-field --tail --timeout --topic --value-subject --verbose -h -t -v")" -- "$cur") ;; *'topic alter'*'-t') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-topic-list)")" -- "$cur") ;; - *'schema delete'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --id --permanent --subject --verbose --version -h -v")" -- "$cur") + *'debug testssl'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'debug testssl'*) + *'config editor'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'topic consume'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--grep --help --key-subject --max-characters --max-messages --min-expected-messages --plot-latencies-timestamp-field --tail --timeout --topic --value-subject --verbose -h -t -v")" -- "$cur") + *'switch-ccloud'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; *'topic produce'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--compatibility --compression-codec --consume --delete-topic --forced-key --forced-value --generate-only --headers --help --key --key-subject-name-strategy --max-nb-messages-per-batch --max-nb-messages-to-generate --nb-messages --nb-partitions --no-null --producer-property --record-size --sleep-time-between-batch --tombstone --topic --validate --validate-config --value --value-subject-name-strategy --verbose -h -t -v")" -- "$cur") ;; - *'repro export'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--all --help -h")" -- "$cur") + *'--output-level') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "INFO WARN ERROR")" -- "$cur") ;; - *'repro import'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--file --help -f -h")" -- "$cur") + *'schema delete'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --id --permanent --subject --verbose --version -h -v")" -- "$cur") ;; *'ec2 delete'*'-i') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-cloudformation-list $cur)")" -- "$cur") ;; + *'repro export'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--all --help -h")" -- "$cur") + ;; + + *'repro import'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--file --help -f -h")" -- "$cur") + ;; + *'topic create'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --nb-partitions --topic --verbose -h -t -v")" -- "$cur") ;; @@ -1164,52 +1168,44 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --skip-delete-schema --topic --verbose -h -t -v")" -- "$cur") ;; - *'ec2 start'*'-i') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") - ;; - *'switch-back'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; + *'ec2 start'*'-i') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") + ;; + *'topic alter'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --topic --verbose -h -t -v")" -- "$cur") ;; - *'ec2 create'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance-type --size --suffix -h")" -- "$cur") + *'schema get'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--deleted --help --id --subject --verbose -h -v")" -- "$cur") ;; *'ec2 delete'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance -h -i")" -- "$cur") ;; - *'ec2 open'*'-i') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") + *'ec2 create'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance-type --size --suffix -h")" -- "$cur") ;; - *'ec2 stop'*'-i') + *'ec2 open'*'-i') while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; - *'schema get'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--deleted --help --id --subject --verbose -h -v")" -- "$cur") - ;; - *'topic list'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'open'*'--file') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-any-file-with-fzf "$cur")")" -- "$cur") - ;; - - *'connector'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h create-or-update delete log-level logs offsets open-ccloud-connector-in-browser open-docs pause plugins restart resume select-config show-config show-config-parameters show-lag snippets status stop unpause update versions")" -- "$cur") + *'ec2 stop'*'-i') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-ec2-instance-list $cur)")" -- "$cur") ;; - *'ec2 start'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance -h -i")" -- "$cur") + *'open'*'--file') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-any-file-with-fzf "$cur")")" -- "$cur") ;; *'container'*) @@ -1224,12 +1220,16 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-examples-list-with-fzf "$cur")")" -- "$cur") ;; + *'connector'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h create-or-update delete log-level logs offsets open-ccloud-connector-in-browser open-docs pause plugins restart resume select-config show-config show-config-parameters show-lag snippets status stop unpause update versions")" -- "$cur") + ;; + *'tcp-proxy'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h break close-all-connection-with-error close-connection delay get-connections start toggle-accept-connections toggle-reads-client toggle-reads-service toggle-writes-client toggle-writes-service")" -- "$cur") ;; - *'ec2 open'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--disable-sync-repro-folder --help --instance -h -i")" -- "$cur") + *'ec2 start'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance -h -i")" -- "$cur") ;; *'run'*'--tag') @@ -1244,32 +1244,36 @@ _playground_completions() { while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help --instance -h -i")" -- "$cur") ;; + *'ec2 open'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--disable-sync-repro-folder --help --instance -h -i")" -- "$cur") + ;; + *'history'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'config'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h check-repo-version clipboard container-kill-all-before-run editor folder_zip_or_jar open-ccloud-connector-in-browser")" -- "$cur") + *'schema'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h delete get get-compatibility get-mode register set-compatibility set-mode set-normalize")" -- "$cur") ;; *'status'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; - *'schema'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h delete get get-compatibility get-mode register set-compatibility set-mode set-normalize")" -- "$cur") - ;; - - *'open'*'-f') - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-any-file-with-fzf "$cur")")" -- "$cur") + *'config'*) + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h check-repo-version clipboard container-kill-all-before-run editor folder_zip_or_jar open-ccloud-connector-in-browser")" -- "$cur") ;; *'re-run'*) while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h")" -- "$cur") ;; + *'open'*'-f') + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "$(playground get-any-file-with-fzf "$cur")")" -- "$cur") + ;; + *'tools'*) - while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h install-vscode-extension read-avro-file read-parquet-file")" -- "$cur") + while read -r; do COMPREPLY+=("$REPLY"); done < <(compgen -W "$(_playground_completions_filter "--help -h certs-create install-vscode-extension read-avro-file read-parquet-file")" -- "$cur") ;; *'debug'*) diff --git a/scripts/cli/playground b/scripts/cli/playground index cdfe04c4f..cbedeb2ea 100755 --- a/scripts/cli/playground +++ b/scripts/cli/playground @@ -89,6 +89,7 @@ playground_usage() { printf " %s šŸŖ„ Install a slightly modified version of \"Shell Script Command Completion\" Visual Studio Code extension (https://marketplace.visualstudio.com/items?itemName=tetradresearch.vscode-h2o)\n" "$(green "tools install-vscode-extension") " printf " %s šŸ”– Read provided avro file\n" "$(green "tools read-avro-file") " printf " %s šŸ”– Read provided parquet file\n" "$(green "tools read-parquet-file") " + printf " %s šŸ” Generate keys and certificates used for SSL\n" "$(green "tools certs-create") " echo printf "%s\n" "$(bold "Debug commands:")" printf " %s šŸž Debug commands\n" "$(green "debug") " @@ -3032,6 +3033,7 @@ playground_tools_usage() { printf " %s šŸŖ„ Install a slightly modified version of \"Shell Script Command Completion\" Visual Studio Code extension (https://marketplace.visualstudio.com/items?itemName=tetradresearch.vscode-h2o)\n" "$(green "install-vscode-extension")" printf " %s šŸ”– Read provided avro file\n" "$(green "read-avro-file") " printf " %s šŸ”– Read provided parquet file\n" "$(green "read-parquet-file") " + printf " %s šŸ” Generate keys and certificates used for SSL\n" "$(green "certs-create") " echo # :command.long_usage @@ -3131,6 +3133,44 @@ playground_tools_read_parquet_file_usage() { fi } +# :command.usage +playground_tools_certs_create_usage() { + printf "playground tools certs-create - šŸ” Generate keys and certificates used for SSL\n\n" + + printf "%s\n" "$(bold "== Usage ==")" + printf " playground tools certs-create [OPTIONS]\n" + printf " playground tools certs-create --help | -h\n" + echo + + # :command.long_usage + if [[ -n "$long_usage" ]]; then + printf "%s\n" "$(bold "== Options ==")" + + # :command.usage_flags + # :flag.usage + printf " %s\n" "$(magenta "--container CONTAINER (repeatable)")" + printf " šŸ³ container name\n \n šŸŽ“ Tip: you can pass multiple containers by specifying --container multiple\n times\n" + printf " %s\n" "Default: broker, broker2, broker3, client, schema-registry, restproxy, connect, connect2, connect3, control-center, clientrestproxy, ksqldb-server, conduktor" + echo + + # :flag.usage + printf " %s\n" "$(magenta "--verbose, -v")" + printf " šŸž Show command being ran.\n" + echo + + # :flag.usage + printf " %s\n" "$(magenta "--output-folder FOLDER (required)")" + printf " šŸ“ Folder where certificates are created\n" + echo + + # :command.usage_fixed_flags + printf " %s\n" "$(magenta "--help, -h")" + printf " Show this help\n" + echo + + fi +} + # :command.usage playground_debug_usage() { printf "playground debug - šŸž Debug commands\n\n" @@ -18817,6 +18857,39 @@ playground_tools_read_parquet_file_command() { } +# :command.function +playground_tools_certs_create_command() { + # src/commands/tools/certs-create.sh + output_folder="${args[--output-folder]}" + verbose="${args[--verbose]}" + # Convert the space delimited string to an array + eval "containers=(${args[--container]})" + + function cleanup { + set +e + rm -f "${output_folder}/certs-create.sh" + } + trap cleanup EXIT + + maybe_redirect_output="> /dev/null 2>&1" + if [[ -n "$verbose" ]] + then + maybe_redirect_output="" + fi + + container_list="${containers[*]}" + + new_open_ssl=0 + if version_gt $CONNECT_TAG "7.7.99" + then + new_open_ssl=1 + fi + cd "${output_folder}" + cp $root_folder/scripts/cli/src/ssl/certs-create.sh . + log "šŸ” Generate keys and certificates in folder ${output_folder}" + docker run -u0 --rm -v $root_folder/scripts/cli/src/openssl.cnf:/usr/local/ssl/openssl.cnf -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh $maybe_redirect_output \"$container_list\" $new_open_ssl && chown -R $(id -u $USER):$(id -g $USER) /tmp/" +} + # :command.function playground_debug_enable_remote_debugging_command() { # src/commands/debug/enable-remote-debugging.sh @@ -32093,6 +32166,13 @@ playground_tools_parse_requirements() { shift $# ;; + certs-create) + action="certs-create" + shift + playground_tools_certs_create_parse_requirements "$@" + shift $# + ;; + # :command.command_fallback "") playground_tools_usage >&2 @@ -32313,6 +32393,108 @@ playground_tools_read_parquet_file_parse_requirements() { } +# :command.parse_requirements +playground_tools_certs_create_parse_requirements() { + # :command.fixed_flags_filter + while [[ $# -gt 0 ]]; do + key="$1" + case "$key" in + --help | -h) + long_usage=yes + playground_tools_certs_create_usage + exit + ;; + + *) + break + ;; + + esac + done + + # :command.command_filter + action="tools certs-create" + + # :command.parse_requirements_while + while [[ $# -gt 0 ]]; do + key="$1" + case "$key" in + # :flag.case + --container) + + # :flag.case_arg + if [[ -n ${2+x} ]]; then + escaped="$(printf '%q' "$2")" + if [[ -z ${args['--container']+x} ]]; then + args['--container']="$escaped" + elif [[ -z "${unique_lookup["--container:${escaped}"]:-}" ]]; then + args['--container']="${args['--container']} $escaped" + fi + unique_lookup["--container:${escaped}"]=1 + shift + shift + else + printf "%s\n" "--container requires an argument: --container CONTAINER" >&2 + exit 1 + fi + ;; + + # :flag.case + --verbose | -v) + + # :flag.case_no_arg + args['--verbose']=1 + shift + ;; + + # :flag.case + --output-folder) + + # :flag.case_arg + if [[ -n ${2+x} ]]; then + args['--output-folder']="$2" + shift + shift + else + printf "%s\n" "--output-folder requires an argument: --output-folder FOLDER" >&2 + exit 1 + fi + ;; + + -?*) + printf "invalid option: %s\n" "$key" >&2 + exit 1 + ;; + + *) + # :command.parse_requirements_case + # :command.parse_requirements_case_simple + printf "invalid argument: %s\n" "$key" >&2 + exit 1 + + ;; + + esac + done + + # :command.required_flags_filter + if [[ -z ${args['--output-folder']+x} ]]; then + printf "missing required flag: --output-folder FOLDER\n" >&2 + exit 1 + fi + + # :command.default_assignments + [[ -n ${args['--container']:-} ]] || args['--container']="broker broker2 broker3 client schema-registry restproxy connect connect2 connect3 control-center clientrestproxy ksqldb-server conduktor" + + # :command.validations + # :flag.validations + if [[ -v args['--output-folder'] && -n $(validate_dir_exists "${args['--output-folder']:-}") ]]; then + printf "validation error in %s:\n%s\n" "--output-folder FOLDER" "$(validate_dir_exists "${args['--output-folder']:-}")" >&2 + exit 1 + fi + +} + # :command.parse_requirements playground_debug_parse_requirements() { # :command.fixed_flags_filter @@ -39466,6 +39648,7 @@ run() { "tools install-vscode-extension") playground_tools_install_vscode_extension_command ;; "tools read-avro-file") playground_tools_read_avro_file_command ;; "tools read-parquet-file") playground_tools_read_parquet_file_command ;; + "tools certs-create") playground_tools_certs_create_command ;; "debug") playground_debug_command ;; "debug enable-remote-debugging") playground_debug_enable_remote_debugging_command ;; "debug testssl") playground_debug_testssl_command ;; diff --git a/scripts/cli/playground.json b/scripts/cli/playground.json index 0fa67f4ee..75c828ac7 100644 --- a/scripts/cli/playground.json +++ b/scripts/cli/playground.json @@ -1050,6 +1050,49 @@ "description": "šŸ”– Parquet file to read\n\nā• It must be absolute full path\n\nšŸŽ“ Tip: use completion to trigger fzf completion\n" } ] + }, + { + "name": "certs-create", + "description": "šŸ” Generate keys and certificates used for SSL\n", + "usage": "playground tools certs-create [OPTIONS]", + "options": [ + { + "names": [ + "--container" + ], + "argument": [ + "broker", + "broker2", + "broker3", + "client", + "schema-registry", + "restproxy", + "connect", + "connect2", + "connect3", + "control-center", + "clientrestproxy", + "ksqldb-server", + "conduktor" + ], + "description": "šŸ³ container name\n\nšŸŽ“ Tip: you can pass multiple containers by specifying --container multiple times\n\nRepeatable: āœ“ Yes\n\nDefault value: [\"broker\", \"broker2\", \"broker3\", \"client\", \"schema-registry\", \"restproxy\", \"connect\", \"connect2\", \"connect3\", \"control-center\", \"clientrestproxy\", \"ksqldb-server\", \"conduktor\"]\n" + }, + { + "names": [ + "--verbose", + "-v" + ], + "argument": "", + "description": "šŸž Show command being ran.\n" + }, + { + "names": [ + "--output-folder" + ], + "argument": "FOLDER", + "description": "šŸ“ Folder where certificates are created\n\nRequired: āœ“ Yes\n" + } + ] } ] }, diff --git a/scripts/cli/playground.yaml b/scripts/cli/playground.yaml index 3aa80e67b..170d47ff8 100644 --- a/scripts/cli/playground.yaml +++ b/scripts/cli/playground.yaml @@ -1183,6 +1183,38 @@ subcommands: šŸŽ“ Tip: use completion to trigger fzf completion + - name: certs-create + description: | + šŸ” Generate keys and certificates used for SSL + usage: playground tools certs-create [OPTIONS] + options: + - names: + - --container + argument: ["broker", "broker2", "broker3", "client", "schema-registry", "restproxy", "connect", "connect2", "connect3", "control-center", "clientrestproxy", "ksqldb-server", "conduktor"] + description: | + šŸ³ container name + + šŸŽ“ Tip: you can pass multiple containers by specifying --container multiple times + + Repeatable: āœ“ Yes + + Default value: ["broker", "broker2", "broker3", "client", "schema-registry", "restproxy", "connect", "connect2", "connect3", "control-center", "clientrestproxy", "ksqldb-server", "conduktor"] + + - names: + - --verbose + - -v + argument: "" + description: | + šŸž Show command being ran. + + - names: + - --output-folder + argument: FOLDER + description: | + šŸ“ Folder where certificates are created + + Required: āœ“ Yes + - name: debug description: | šŸž Debug commands diff --git a/scripts/cli/src/bashly.yml b/scripts/cli/src/bashly.yml index d587d3f59..bfb257c7c 100644 --- a/scripts/cli/src/bashly.yml +++ b/scripts/cli/src/bashly.yml @@ -1580,6 +1580,41 @@ commands: šŸŽ“ Tip: use completion to trigger fzf completion + - name: certs-create + help: |- + šŸ” Generate keys and certificates used for SSL + flags: + - long: --container + arg: container + help: |- + šŸ³ container name + + šŸŽ“ Tip: you can pass multiple containers by specifying --container multiple times + required: false + repeatable: true + unique: true + default: + - broker + - broker2 + - broker3 + - client + - schema-registry + - restproxy + - connect + - connect2 + - connect3 + - control-center + - clientrestproxy + - ksqldb-server + - conduktor + - *verbose + - long: --output-folder + required: true + validate: dir_exists + arg: folder + help: |- + šŸ“ Folder where certificates are created + - name: debug expose: always group: Debug diff --git a/scripts/cli/src/commands/tools/certs-create.sh b/scripts/cli/src/commands/tools/certs-create.sh new file mode 100644 index 000000000..c0d7ed4c8 --- /dev/null +++ b/scripts/cli/src/commands/tools/certs-create.sh @@ -0,0 +1,28 @@ +output_folder="${args[--output-folder]}" +verbose="${args[--verbose]}" +# Convert the space delimited string to an array +eval "containers=(${args[--container]})" + +function cleanup { + set +e + rm -f "${output_folder}/certs-create.sh" +} +trap cleanup EXIT + +maybe_redirect_output="> /dev/null 2>&1" +if [[ -n "$verbose" ]] +then + maybe_redirect_output="" +fi + +container_list="${containers[*]}" + +new_open_ssl=0 +if version_gt $CONNECT_TAG "7.7.99" +then + new_open_ssl=1 +fi +cd "${output_folder}" +cp $root_folder/scripts/cli/src/ssl/certs-create.sh . +log "šŸ” Generate keys and certificates in folder ${output_folder}" +docker run -u0 --rm -v $root_folder/scripts/cli/src/openssl.cnf:/usr/local/ssl/openssl.cnf -v $PWD:/tmp ${CP_CONNECT_IMAGE}:${CONNECT_TAG} bash -c "/tmp/certs-create.sh $maybe_redirect_output \"$container_list\" $new_open_ssl && chown -R $(id -u $USER):$(id -g $USER) /tmp/" \ No newline at end of file diff --git a/scripts/cli/src/openssl.cnf b/scripts/cli/src/openssl.cnf new file mode 100644 index 000000000..6c1bd1cb8 --- /dev/null +++ b/scripts/cli/src/openssl.cnf @@ -0,0 +1,392 @@ +# OpenSSL example configuration file. +# See doc/man5/config.pod for more info. +# +# This is mostly being used for generation of certificate requests, +# but may be used for auto loading of providers + +# Note that you can include other files from the main configuration +# file using the .include directive. +#.include filename + +# This definition stops the following lines choking if HOME isn't +# defined. +HOME = . + + # Use this in order to automatically load providers. +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +# Extra OBJECT IDENTIFIER info: +# oid_file = $ENV::HOME/.oid +oid_section = new_oids + +# To use this configuration file with the "-extfile" option of the +# "openssl x509" utility, name here the section containing the +# X.509v3 extensions to use: +# extensions = +# (Alternatively, use a configuration file that has only +# X.509v3 extensions in its main [= default] section.) + +[ new_oids ] +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. +# Add a simple OID like this: +# testoid1=1.2.3.4 +# Or use config file substitution like this: +# testoid2=${testoid1}.5.6 + +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + +# For FIPS +# Optionally include a file that is generated by the OpenSSL fipsinstall +# application. This file contains configuration data required by the OpenSSL +# fips provider. It contains a named section e.g. [fips_sect] which is +# activate=0 +# referenced from the [provider_sect] below. +# Refer to the OpenSSL security policy for more information. +# .include fipsmodule.cnf +.include /usr/local/ssl/fipsmodule.cnf + +[openssl_init] +providers = provider_sect + +# List of providers to load +[provider_sect] +fips = fips_sect +# The fips section name should match the section name inside the +# included fipsmodule.cnf. +# fips = fips_sect + +# If no providers are activated explicitly, the default one is activated implicitly. +# See man 7 OSSL_PROVIDER-default for more details. +# +# If you add a section explicitly activating any other provider(s), you most +# probably need to explicitly activate the default provider, otherwise it +# becomes unavailable in openssl. As a consequence applications depending on +# OpenSSL may not work correctly which could lead to significant system +# problems including inability to remotely access the system. +[fips_sect] +activate = 1 +# activate = 1 + + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +#################################################################### +[ CA_default ] + +dir = ./demoCA # Where everything is kept +certs = $dir/certs # Where the issued certs are kept +crl_dir = $dir/crl # Where the issued crl are kept +database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several certs with same subject. +new_certs_dir = $dir/newcerts # default place for new certs. + +certificate = $dir/cacert.pem # The CA certificate +serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL +crl = $dir/crl.pem # The current CRL +private_key = $dir/private/cakey.pem# The private key + +x509_extensions = usr_cert # The extensions to add to the cert + +# Comment out the following two lines for the "traditional" +# (and highly broken) format. +name_opt = ca_default # Subject Name options +cert_opt = ca_default # Certificate field options + +# Extension copying option: use with caution. +# copy_extensions = copy + +# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs +# so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. +# crl_extensions = crl_ext + +default_days = 365 # how long to certify for +default_crl_days= 30 # how long before next CRL +default_md = default # use public key default MD +preserve = no # keep passed DN ordering + +# A few difference way of specifying how similar the request should look +# For type CA, the listed attributes must be the same, and the optional +# and supplied fields are just that :-) +policy = policy_match + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +# For the 'anything' policy +# At this point in time, you must list all acceptable 'object' +# types. +[ policy_anything ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes +x509_extensions = v3_ca # The extensions to add to the self signed cert + +# Passwords for private keys if not present they will be prompted for +# input_password = secret +# output_password = secret + +# This sets a mask for permitted string types. There are several options. +# default: PrintableString, T61String, BMPString. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). +# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). +# MASK:XXXX a literal mask value. +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only + +# req_extensions = v3_req # The extensions to add to a certificate request + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = AU +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = Some-State + +localityName = Locality Name (eg, city) + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = Internet Widgits Pty Ltd + +# we can do this but it is not needed normally :-) +#1.organizationName = Second Organization Name (eg, company) +#1.organizationName_default = World Wide Web Pty Ltd + +organizationalUnitName = Organizational Unit Name (eg, section) +#organizationalUnitName_default = + +commonName = Common Name (e.g. server FQDN or YOUR name) +commonName_max = 64 + +emailAddress = Email Address +emailAddress_max = 64 + +# SET-ex3 = SET extension number 3 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 + +unstructuredName = An optional company name + +[ usr_cert ] + +# These extensions are added when 'ca' signs a request. + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + +[ v3_req ] + +# Extensions to add to a certificate request + +basicConstraints = CA:FALSE +keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +[ v3_ca ] + + +# Extensions for a typical CA + + +# PKIX recommendation. + +subjectKeyIdentifier=hash + +authorityKeyIdentifier=keyid:always,issuer + +basicConstraints = critical,CA:true + +# Key usage: this is typical for a CA certificate. However since it will +# prevent it being used as an test self-signed certificate it is best +# left out by default. +# keyUsage = cRLSign, keyCertSign + +# Include email address in subject alt name: another PKIX recommendation +# subjectAltName=email:copy +# Copy issuer details +# issuerAltName=issuer:copy + +# DER hex encoding of an extension: beware experts only! +# obj=DER:02:03 +# Where 'obj' is a standard or added object +# You can even override a supported extension: +# basicConstraints= critical, DER:30:03:01:01:FF + +[ crl_ext ] + +# CRL extensions. +# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. + +# issuerAltName=issuer:copy +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) +signer_digest = sha256 # Signing digest to use. (Optional) +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) +ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) + +[insta] # CMP using Insta Demo CA +# Message transfer +server = pki.certificate.fi:8700 +# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 +# tls_use = 0 +path = pkix/ + +# Server authentication +recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer +ignore_keyusage = 1 # potentially needed quirk +unprotected_errors = 1 # potentially needed quirk +extracertsout = insta.extracerts.pem + +# Client authentication +ref = 3078 # user identification +secret = pass:insta # can be used for both client and server side + +# Generic message options +cmd = ir # default operation, can be overridden on cmd line with, e.g., kur + +# Certificate enrollment +subject = "/CN=openssl-cmp-test" +newkey = insta.priv.pem +out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature +certout = insta.cert.pem + +[pbm] # Password-based protection for Insta CA +# Server and client authentication +ref = $insta::ref # 3078 +secret = $insta::secret # pass:insta + +[signature] # Signature-based protection for Insta CA +# Server authentication +trusted = $insta::out_trusted # apps/insta.ca.crt + +# Client authentication +secret = # disable PBM +key = $insta::newkey # insta.priv.pem +cert = $insta::certout # insta.cert.pem + +[ir] +cmd = ir + +[cr] +cmd = cr + +[kur] +# Certificate update +cmd = kur +oldcert = $insta::certout # insta.cert.pem + +[rr] +# Certificate revocation +cmd = rr +oldcert = $insta::certout # insta.cert.pem diff --git a/scripts/cli/src/ssl/certs-create.sh b/scripts/cli/src/ssl/certs-create.sh new file mode 100755 index 000000000..a2f173351 --- /dev/null +++ b/scripts/cli/src/ssl/certs-create.sh @@ -0,0 +1,95 @@ +#!/bin/bash + +# Split the argument into an array +IFS=' ' read -r -a containers <<< "$1" +new_open_ssl=$2 + +if [[ $new_open_ssl -eq 1 ]] +then + maybe_provider="-provider base" + maybe_nomacver="-nomacver" + maybe_nomac="--nomac" +else + maybe_provider="" + maybe_nomacver="" + maybe_nomac="" +fi + +# Cleanup files +rm -f /tmp/*.crt /tmp/*.csr /tmp/*_creds /tmp/*.jks /tmp/*.srl /tmp/*.key /tmp/*.pem /tmp/*.der /tmp/*.p12 /tmp/extfile + +# Generate CA key +openssl req -new -x509 -keyout /tmp/snakeoil-ca-1.key -out /tmp/snakeoil-ca-1.crt -days 365 -subj '/CN=ca1.test.confluent.io/OU=TEST/O=CONFLUENT/L=PaloAlto/ST=Ca/C=US' -passin pass:confluent -passout pass:confluent $maybe_provider + +for container in "${containers[@]}" +do + # Create host keystore + keytool -genkey -noprompt \ + -alias ${container} \ + -dname "CN=${container},OU=TEST,O=CONFLUENT,L=PaloAlto,S=Ca,C=US" \ + -ext "SAN=dns:${container},dns:localhost" \ + -keystore /tmp/kafka.${container}.keystore.jks \ + -keyalg RSA \ + -storepass confluent \ + -keypass confluent \ + -storetype pkcs12 + + # Create the certificate signing request (CSR) + keytool -keystore /tmp/kafka.${container}.keystore.jks -alias ${container} -certreq -file /tmp/${container}.csr -storepass confluent -keypass confluent -ext "SAN=dns:${container},dns:localhost" + #openssl req -in ${container}.csr -text -noout + +cat << EOF > /tmp/extfile +[req] +distinguished_name = req_distinguished_name +x509_extensions = v3_req +prompt = no +[req_distinguished_name] +CN = ${container} +[v3_req] +subjectAltName = @alt_names +[alt_names] +DNS.1 = ${container} +DNS.2 = localhost +EOF + # Sign the host certificate with the certificate authority (CA) + openssl x509 -req -CA /tmp/snakeoil-ca-1.crt -CAkey /tmp/snakeoil-ca-1.key -in /tmp/${container}.csr -out /tmp/${container}-ca1-signed.crt -days 9999 -CAcreateserial -passin pass:confluent -extensions v3_req -extfile /tmp/extfile $maybe_provider + + # Sign and import the CA cert into the keystore + keytool -noprompt -keystore /tmp/kafka.${container}.keystore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent + + # Sign and import the host certificate into the keystore + keytool -noprompt -keystore /tmp/kafka.${container}.keystore.jks -alias ${container} -import -file /tmp/${container}-ca1-signed.crt -storepass confluent -keypass confluent -ext "SAN=dns:${container},dns:localhost" + + # Create truststore and import the CA cert + keytool -noprompt -keystore /tmp/kafka.${container}.truststore.jks -alias CARoot -import -file /tmp/snakeoil-ca-1.crt -storepass confluent -keypass confluent + + # Save creds + echo "confluent" > /tmp/${i}_sslkey_creds + echo "confluent" > /tmp/${i}_keystore_creds + echo "confluent" > /tmp/${i}_truststore_creds + + # Create pem files and keys used for Schema Registry HTTPS testing + keytool -export -alias ${container} -file /tmp/${container}.der -keystore /tmp/kafka.${container}.keystore.jks -storepass confluent + openssl x509 -inform der -in /tmp/${container}.der -out /tmp/${container}.certificate.pem $maybe_provider + keytool -importkeystore -srckeystore /tmp/kafka.${container}.keystore.jks -destkeystore /tmp/${container}.keystore.p12 -deststoretype PKCS12 -deststorepass confluent -srcstorepass confluent -noprompt + openssl pkcs12 -in /tmp/${container}.keystore.p12 -nodes -nocerts -out /tmp/${container}.key -passin pass:confluent $maybe_provider $maybe_nomacver + + + cacerts_path="$(readlink -f /usr/bin/java | sed "s:bin/java::")lib/security/cacerts" + keytool -noprompt -destkeystore /tmp/kafka.${container}.truststore.jks -importkeystore -srckeystore $cacerts_path -srcstorepass changeit -deststorepass confluent + + if [ "${container}" == "clientrestproxy" ] + then + # used for other/rest-proxy-security-plugin test + # https://stackoverflow.com/a/8224863 + openssl pkcs12 -export -in /tmp/clientrestproxy-ca1-signed.crt -inkey /tmp/clientrestproxy.key \ + -out /tmp/clientrestproxy.p12 -name clientrestproxy \ + -CAfile /tmp/snakeoil-ca-1.crt -caname CARoot -passout pass:confluent $maybe_provider $maybe_nomac + + keytool -importkeystore \ + -deststorepass confluent -destkeypass confluent -destkeystore /tmp/kafka.restproxy.keystore.jks \ + -srckeystore /tmp/clientrestproxy.p12 -srcstoretype PKCS12 -srcstorepass confluent \ + -alias clientrestproxy + fi +done +