[bitnami/schema-registry] Relax ssl options verifications in schema registry

[michalmisiewicz]

Description of the change

The Schema Registry libschemaregistry.sh script enforces too strict validation of SSL environment variables, which prevents integration with Google Cloud Managed Service for Apache Kafka. This service requires SASL_SSL authentication without the use of a keystore or truststore. Details of the required configurations can be found here.

In this PR, I relaxed the SSL validation rules to enable seamless integration with Managed Kafka.

I removed also the verification for SCHEMA_REGISTRY_KAFKA_SASL_USERS and SCHEMA_REGISTRY_KAFKA_SASL_PASSWORDS, as these settings are not required for all sasl.mechanism configurations. Example of configuration for sasl.mechanism= OAUTHBEARER can be found here.

Benefits

Schema registry image can connect to Google Cloud Managed Service for Apache Kafka.

Applicable issues

• fixes Too strict validation of environment variables in the schema registry #74907

Additional information

I tested the update with Google Cloud Managed Service for Apache Kafka and successfully established a secure connection with Kafka.

[juan131]

LGTM! Waiting for CI to be successful

[juan131]

After rethinking about this, I think we could preserve validations but using warnings instead of errors given they're applicable for most common use cases. Full example:

            if [[ "$brokers_auth_protocol" =~ SSL ]]; then
                if [[ ! -f ${SCHEMA_REGISTRY_CERTS_DIR}/schema-registry.keystore.jks ]] || [[ ! -f ${SCHEMA_REGISTRY_CERTS_DIR}/schema-registry.truststore.jks ]]; then
                    warn "In order to configure the TLS encryption for communication with Kafka brokers, most auth protocols require mounting your schema-registry.keystore.jks and schema-registry.truststore.jks certificates to the ${SCHEMA_REGISTRY_CERTS_DIR} directory."
                fi
            fi
            if [[ "$brokers_auth_protocol" =~ SASL ]]; then
                if [[ -z "$SCHEMA_REGISTRY_KAFKA_SASL_USERS" ]] || [[ -z "$SCHEMA_REGISTRY_KAFKA_SASL_PASSWORDS" ]]; then
                    warn "In order to configure SASL authentication for Kafka, most auth protocols require providing the SASL credentials. Set the environment variables SCHEMA_REGISTRY_KAFKA_SASL_USERS and SCHEMA_REGISTRY_KAFKA_SASL_PASSWORDS if your auth protocol requires it."
                fi
            fi

[michalmisiewicz]

@juan131 I've just updated the code

[michalmisiewicz]

I’ve just tested the latest version with Managed Kafka, and it works perfectly

[juan131]

Thanks so much for applying the suggestions!

[juan131]

Triggering a new container release, it should be available in the next few hours