diff --git a/docs/products/kafka/karapace/concepts/kafka-rest-proxy-authorization.md b/docs/products/kafka/karapace/concepts/kafka-rest-proxy-authorization.md index 98c04b35..14912bbd 100644 --- a/docs/products/kafka/karapace/concepts/kafka-rest-proxy-authorization.md +++ b/docs/products/kafka/karapace/concepts/kafka-rest-proxy-authorization.md @@ -16,4 +16,4 @@ Aiven for Apache Kafka® services. ## Related pages - [Enable OAuth2/OIDC support for Apache Kafka® REST proxy](/docs/products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy) -- [Enable Apache Kafka® REST proxy authorization](/docs/products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization) +- [Manage Apache Kafka® REST proxy authorization](/docs/products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization) diff --git a/docs/products/kafka/karapace/get-started.md b/docs/products/kafka/karapace/get-started.md index 482534ef..9116a369 100644 --- a/docs/products/kafka/karapace/get-started.md +++ b/docs/products/kafka/karapace/get-started.md @@ -2,7 +2,7 @@ title: Get started with Karapace --- -To use Karapace, enable **Karapace Schema registry** and +To use Karapace, you need to enable **Karapace Schema registry** and **REST APIs** on your Aiven for Apache Kafka® service. This can be enabled through the Aiven console. To know how to enable it, see [Enable Karapace schema registry and REST APIs](/docs/products/kafka/karapace/howto/enable-karapace). @@ -17,7 +17,7 @@ enabled through the Aiven console. To know how to enable it, see [manage Karapace schema registry authorization](/docs/products/kafka/karapace/howto/manage-schema-registry-authorization). - Learn more about how to enable [Apache Kafka REST proxy authorization](/docs/products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy) and how to - [Enable Karapace Kafka REST authorization](//docs/products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization). + [manage Karapace Kafka REST authorization](/docs/products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization). ## More resources diff --git a/docs/products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization.md b/docs/products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization.md deleted file mode 100644 index 4d4a5a9b..00000000 --- a/docs/products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: Enable Apache Kafka® REST proxy authorization ---- - -import Tabs from '@theme/Tabs'; -import TabItem from '@theme/TabItem'; - -Apache Kafka® REST proxy authorization enables you to use the RESTful interface to connect to Apache Kafka clusters, produce and consume messages, and perform administrative activities via the Aiven CLI. It secures Apache Kafka resources by ensuring only authorized operations are permitted through the REST interface. - -When you enable Apache Kafka REST proxy authorization, Karapace sends -the HTTP basic authentication credentials to Apache Kafka®. The -authentication and authorization are then performed by Apache Kafka, -depending on the ACL defined in Apache Kafka. To configure the ACLs for -authorization, see -[Apache Kafka Access Control Lists (ACLs)](/docs/products/kafka/concepts/acl). - -When Apache Kafka REST proxy authorization is disabled, the REST Proxy -bypasses the Apache Kafka ACLs, so any operation via REST API call is -performed without any restrictions. - -## Configure Apache Kafka REST Proxy Authorization - - - - - -1. In the [Aiven Console](https://console.aiven.io/), select your project and - choose your Aiven for Apache Kafka® service. -1. Click **Service settings** from the sidebar. -1. Scroll down to the **Advanced configuration** section, and click **Configure**. -1. In the **Advanced configuration** dialog, click **Add configuration options**. -1. Locate the `kafka_rest_authorization` parameter and set it to `True` to enable. - - - - - -To **enable** REST proxy authorization, use the following command in the Aiven CLI, -replacing `SERVICE_NAME` with your actual service name: - -```bash -avn service update -c kafka_rest=true SERVICE_NAME -``` - -To disable REST proxy authorization, use: - -```bash -avn service update -c kafka_rest=false SERVICE_NAME -``` - - diff --git a/docs/products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy.md b/docs/products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy.md index a781c102..8e858cb9 100644 --- a/docs/products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy.md +++ b/docs/products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy.md @@ -2,7 +2,11 @@ title: Enable OAuth2/OIDC support for Apache Kafka® REST proxy --- -Secure your Apache Kafka® resources by integrating OAuth 2.0/OpenID Connect (OIDC) with the Karapace REST proxy and enabling REST proxy authorization. This setup ensures that only authorized individuals can manage Apache Kafka resources through both token-based authentication and access control rules. +Secure your Apache Kafka® resources by integrating OAuth 2.0/OpenID +Connect (OIDC) with the Karapace REST proxy and enabling REST proxy +authorization. This setup ensures that only authorized individuals can +manage Apache Kafka resources through both token-based authentication +and access control rules. ## OAuth2/OIDC token handling @@ -64,8 +68,8 @@ complete the following prerequisites and configuration steps: ### Configuration via Aiven Console -1. In [Aiven Console](https://console.aiven.io/), select your project, - and choose your Aiven for Apache Kafka® service. +1. In [Aiven Console](https://console.aiven.io/), select your project + and then choose your Aiven for Apache Kafka® service. 1. In the service page, select **Service settings** from the sidebar. 1. On the **Service settings** page, scroll down to the **Advanced configuration** section, and click **Configure**. @@ -91,5 +95,5 @@ avn service update -c kafka_rest_authorization=false SERVICE_NAME Enabling Apache Kafka REST proxy authorization can disrupt access for users if the Kafka access control rules have not been configured properly. For more information, see -[Enable Apache Kafka® REST proxy authorization](/docs/products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization). +[Manage Apache Kafka® REST proxy authorization](/docs/products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization). ::: diff --git a/docs/products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization.md b/docs/products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization.md new file mode 100644 index 00000000..75ffb8bb --- /dev/null +++ b/docs/products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization.md @@ -0,0 +1,20 @@ +--- +title: Manage Apache Kafka® REST proxy authorization +--- + +Apache Kafka® REST proxy authorization allows you to use the RESTful +interface to connect to Kafka clusters, produce and consume messages +easily, and execute administrative activities using Aiven CLI. This +feature is disabled by default, and you need to +[enable Apache Kafka REST proxy authorization](/docs/products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy). + +When you enable Apache Kafka REST proxy authorization, Karapace sends +the HTTP basic authentication credentials to Apache Kafka®. The +authentication and authorization are then performed by Apache Kafka, +depending on the ACL defined in Apache Kafka. To configure the ACLs for +authorization, see +[Kafka Access Control Lists (ACLs)](/docs/products/kafka/concepts/acl). + +When Apache Kafka REST proxy authorization is disabled, the REST Proxy +bypasses the Apache Kafka ACLs, so any operation via REST API call is +performed without any restrictions. diff --git a/sidebars.ts b/sidebars.ts index b510476f..0b4ee93c 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -940,9 +940,9 @@ const sidebars: SidebarsConfig = { items: [ 'products/kafka/karapace/howto/enable-karapace', 'products/kafka/karapace/howto/enable-schema-registry-authorization', - 'products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization', 'products/kafka/karapace/howto/enable-oauth-oidc-kafka-rest-proxy', 'products/kafka/karapace/howto/manage-schema-registry-authorization', + 'products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization', ], }, ], diff --git a/static/_redirects b/static/_redirects index acd740af..4df9114d 100644 --- a/static/_redirects +++ b/static/_redirects @@ -49,13 +49,9 @@ /platform/howto/static-ip-addresses https://aiven.io/docs/platform/concepts/static-ips /tools/terraform/concepts/data-sources https://aiven.io/docs/tools/terraform /tools/terraform/howto/terraform-logging https://aiven.io/docs/tools/terraform - -/products/kafka/karapace/howto/manage-kafka-rest-proxy-authorization https://aiven.io/docs/products/kafka/karapace/howto/enable-kafka-rest-proxy-authorization - /platform/howto/billing-google-cloud-platform-marketplace-subscription https://aiven.io/docs/marketplace-setup /platform/howto/billing-aws-marketplace-subscription https://aiven.io/docs/marketplace-setup /platform/howto/billing-azure-marketplace-subscription https://aiven.io/docs/marketplace-setup /platform/howto/move-to-azure-marketplace-billing https://aiven.io/docs/platform/howto/list-marketplace-payments /platform/howto/move-to-gcp-marketplace-billing https://aiven.io/docs/platform/howto/list-marketplace-payments /platform/howto/move-to-aws-marketplace-billing https://aiven.io/docs/platform/howto/list-marketplace-payments -