<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Fri Feb 09 00:28:00 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[UXPROD-2929] NFR: Increase security of Kafka for Data Import and PubSub</title>
                <link>https://folio-org.atlassian.net/browse/UXPROD-2929</link>
                <project id="10000" key="UXPROD">UX Product</project>
                    <description>&lt;p&gt;Next step: &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5af5e627525ba96b58654f12&quot; class=&quot;user-hover&quot; rel=&quot;5af5e627525ba96b58654f12&quot; data-account-id=&quot;5af5e627525ba96b58654f12&quot; accountid=&quot;5af5e627525ba96b58654f12&quot; rel=&quot;noreferrer&quot;&gt;Ann-Marie Breaux&lt;/a&gt; plan a meeting the week of 19 April with team leads and POs and Vasily to discuss implementation, and draft spikes and stories&lt;/p&gt;

&lt;p&gt;Latest documentation: &lt;a href=&quot;https://folio-org.atlassian.net/wiki/pages/viewpage.action?spaceKey=FOLIJET&amp;amp;title=Enabling+SSL+and+ACL+for+Kafka&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/pages/viewpage.action?spaceKey=FOLIJET&amp;amp;title=Enabling+SSL+and+ACL+for+Kafka&lt;/a&gt; &lt;/p&gt;

&lt;p&gt;&lt;b&gt;Current situation or problem&lt;/b&gt;: In Iris, Data import has migrated most of its transactions (but not all) to direct Kafka connections instead of mod-pubsub.&lt;/p&gt;

&lt;p&gt;There were some concerns raised in the community regarding how secure the direct connection will be. To address these concerns, the new solution was designed: &lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/DD/Temporary+Kafka+security+solution&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/display/DD/Temporary+Kafka+security+solution&lt;/a&gt;. &lt;br/&gt;
The solution was reviewed and approved by the Security group and Tech Council.&lt;/p&gt;

&lt;p&gt;Multi-tenancy on Kafka&apos;s side is implemented for the modules differently, so it will take time to make the changes in them that unify the multi-tenancy approach.&lt;br/&gt;
However, the direct Kafka connections should be secured in R1, so a simplified version of the solution is proposed for now.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;In scope&lt;/b&gt;&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;Add module-level Kafka user credentials support to &lt;b&gt;Data import&lt;/b&gt; and &lt;b&gt;PubSub&lt;/b&gt; modules. The credentials should be provided to all producers and consumers of a module with other Kafka client settings. Changes in PubSub are required since once Kafka authentication and authorization are enabled, the PubSub will need to pass through them as well.&lt;/li&gt;
	&lt;li&gt;Add TLS (Transport Layer Security) support to the same modules. Same here, the settings should be provided to all producers and consumers of a module with other Kafka client settings.&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&lt;b&gt;Out of scope&lt;/b&gt;&lt;br/&gt;
This work is also needed for ElasticSearch and Remote Storage, but those applications/modules are managed by other dev teams&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Proposed solution/How it could be implemented:&lt;/b&gt;&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;ModuleDescriptor should be updated to include the new Kafka settings: TLS, and, for now, user credentials (the credentials later could be injected to container a different way, for instance, as EnvironmentVariables)&lt;/li&gt;
	&lt;li&gt;Update a class that represents Kafka config&lt;/li&gt;
	&lt;li&gt;Update a class(es) that creates and assigns the config to Kafka producers and consumers&lt;/li&gt;
	&lt;li&gt;Test the updates&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;&lt;b&gt;Links to additional info&lt;/b&gt;&lt;br/&gt;
&lt;a href=&quot;https://folio-org.atlassian.net/wiki/display/DD/Temporary+Kafka+security+solution&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/wiki/display/DD/Temporary+Kafka+security+solution&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;Questions&lt;/b&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="11997">UXPROD-2929</key>
            <summary>NFR: Increase security of Kafka for Data Import and PubSub</summary>
                <type id="10002" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium">New Feature</type>
                            <parent id="13571">UXPROD-47</parent>
                                    <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5af5e627525ba96b58654f12">Ann-Marie Breaux</assignee>
                                                                <reporter accountid="5af5e627525ba96b58654f12">Ann-Marie Breaux</reporter>
                                    <labels>
                            <label>NFR</label>
                            <label>data-import</label>
                            <label>epam-folijet</label>
                            <label>r2-2021-at-risk</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                            <label>testing</label>
                    </labels>
                <created>Tue, 2 Mar 2021 17:12:30 +0000</created>
                <updated>Mon, 12 Jul 2021 14:43:59 +0000</updated>
                            <resolved>Mon, 12 Jul 2021 14:43:59 +0000</resolved>
                                                    <fixVersion>R2 2021</fixVersion>
                                        <due></due>
                            <votes>0</votes>
                                    <watches>0</watches>
                                                                <comments>
                                                            <comment id="16566" author="5af5e627525ba96b58654f12" created="Wed, 3 Mar 2021 17:25:41 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3Ab819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; class=&quot;user-hover&quot; rel=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; data-account-id=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; accountid=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; rel=&quot;noreferrer&quot;&gt;Oleksii Kuzminov&lt;/a&gt; This was discussed at Tech Council today, and they confirmed it can be delayed until R2. So less time pressure for the estimate and stories. Let&apos;s get our R1 releases out and then deal with this.&lt;/p&gt;</comment>
                                                            <comment id="16568" author="5af5e627525ba96b58654f12" created="Wed, 31 Mar 2021 13:55:00 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ef076ba60d3c80ac9ed8b81&quot; class=&quot;user-hover&quot; rel=&quot;5ef076ba60d3c80ac9ed8b81&quot; data-account-id=&quot;5ef076ba60d3c80ac9ed8b81&quot; accountid=&quot;5ef076ba60d3c80ac9ed8b81&quot; rel=&quot;noreferrer&quot;&gt;Vasily Gancharov&lt;/a&gt; - could you review the description here and outline the first steps for covering this requirement? If any questions or discussion needed, please contact &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3Ab819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; class=&quot;user-hover&quot; rel=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; data-account-id=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; accountid=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; rel=&quot;noreferrer&quot;&gt;Oleksii Kuzminov&lt;/a&gt;. Thank you!&lt;/p&gt;</comment>
                                                            <comment id="16571" author="5af5e627525ba96b58654f12" created="Wed, 21 Apr 2021 23:43:44 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3Ab819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; class=&quot;user-hover&quot; rel=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; data-account-id=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; accountid=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; rel=&quot;noreferrer&quot;&gt;Oleksii Kuzminov&lt;/a&gt; Please see 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MSEARCH-105&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MSEARCH-105&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Use TLS for Kafka connection&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MSEARCH-105
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 and 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MSEARCH-106&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MSEARCH-106&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Implement Kafka credentials support&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MSEARCH-106
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 for the Falcon team security stories. We may be able to borrow some of this or use as templates for the security stories that we&apos;ll need to create and handle in R2. Thank you!&lt;/p&gt;</comment>
                                                            <comment id="16574" author="5af5e627525ba96b58654f12" created="Mon, 17 May 2021 14:20:02 +0000"  >&lt;p&gt;Per &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; class=&quot;user-hover&quot; rel=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; data-account-id=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; accountid=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; rel=&quot;noreferrer&quot;&gt;Vladimir Shalaev&lt;/a&gt; DevOps will be doing most of the work; per &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3Ab819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; class=&quot;user-hover&quot; rel=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; data-account-id=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; accountid=&quot;712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b&quot; rel=&quot;noreferrer&quot;&gt;Oleksii Kuzminov&lt;/a&gt; Once the DevOps work is done, then we will need to do some checking and maybe small tasks. Current design does not take PubSub into account. (Right now, quickMARC edits is the only PubSub piece that touches Data Import, and that is being changed to Kafka direct. Otherwise, PubSub is only being used by Circulation/Resource Access)&lt;/p&gt;</comment>
                                                            <comment id="16577" author="5af5e627525ba96b58654f12" created="Mon, 17 May 2021 14:23:45 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=712020%3A549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; class=&quot;user-hover&quot; rel=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; data-account-id=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; accountid=&quot;712020:549d9b3c-bb5b-4fbe-aff7-024c5b22bbad&quot; rel=&quot;noreferrer&quot;&gt;Vladimir Shalaev&lt;/a&gt; If there is a feature/task for DevOps, please link that Jira to this one, so that we can track progress&lt;/p&gt;</comment>
                                                            <comment id="16579" author="5af5e627525ba96b58654f12" created="Tue, 18 May 2021 18:12:17 +0000"  >&lt;p&gt;Blocking this whole feature for Data Import, until we have feedback from DevOps&lt;/p&gt;</comment>
                                                            <comment id="16582" author="5af5e627525ba96b58654f12" created="Wed, 19 May 2021 19:32:02 +0000"  >&lt;p&gt;Related EBSCO DevOps story: &lt;a href=&quot;https://rally1.rallydev.com/#/79944863724d/iterationstatus?detail=%2Fuserstory%2F605482544976&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://rally1.rallydev.com/#/79944863724d/iterationstatus?detail=%2Fuserstory%2F605482544976&lt;/a&gt; &lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10001">
                    <name>Cloners</name>
                                                                <inwardlinks description="is cloned by">
                                        <issuelink>
            <issuekey id="11921">UXPROD-2935</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10008">
                    <name>Defines</name>
                                            <outwardlinks description="defines">
                                        <issuelink>
            <issuekey id="13571">UXPROD-47</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is defined by ">
                                        <issuelink>
            <issuekey id="62612">MODDATAIMP-435</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="33204">MODPUBSUB-171</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="33128">MODPUBSUB-182</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10002">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="33017">MODPUBSUB-54</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="12001">UXPROD-2931</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10053" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Back End Estimate</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10122"><![CDATA[Large < 10 days]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10054" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Back End Estimator</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>712020:b819106d-3b2a-48e6-a8dd-e7ecc471a47b</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10065" key="com.atlassian.jira.plugin.system.customfieldtypes:textfield">
                        <customfieldname>Cap Plan Fix Version (DO NOT CHANGE)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>R2 2021</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10153"><![CDATA[Folijet]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10014" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue key="$xmlutils.escape($text)">Batch Importer (Bib/Acq)</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10050" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Front End Estimate</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10095"><![CDATA[Very Small (VS) < 1day]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10051" key="com.atlassian.jira.plugin.system.customfieldtypes:userpicker">
                        <customfieldname>Front End Estimator</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5af5e627525ba96b58654f12</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Front-End Confidence factor</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10106"><![CDATA[Medium]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>113.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i02etj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>