Setup of the operators

Message Hub (Event Streams) Toolkit > com.ibm.streamsx.messagehub 3.3.1 > com.ibm.streamsx.messagehub > Setup of the operators

When you create an instance of the IBM Event Streams service, you must also create credentials to use the service. These credentials are given in JSON format. This piece of information is required to setup the operators to connect to the service instance.

Any of the following options can be used to configure the operator for connecting to IBM Cloud.

  • save the credentials in an application configuration - this is the best way to protect your sensitive data
  • save the credentials in a file, which is bundled with the Streams application bundle
  • specify the credentials as credentials operator parameter. Any SPL rstring expression can be specified as operator parameter, for example getSubmissionTimeValue("credentials");.
The priority of the above options is
  1. credentials operator parameter (both file and application config are ignored)
  2. credentials stored in a file, also when the default filename eventstreams.json is used (application config is ignored)
  3. application configuration

Save Credentials in Application Configuration Property

With this option, users can copy their Event Streams Credentials JSON from the Event Streams service and store it in an application configuration property named eventstreams.creds. When the operator starts, it will look for that property and extract the information needed to connect. The following steps outline how this can be done:

  1. Create an application configuration with the name eventstreams.
  2. Create a property in the eventstreams application configuration with the name eventstreams.creds.
  3. The value of the property must be the raw Event Streams Credentials JSON.
  4. The operator will automatically look for an application configuration named eventstreams and will extract the information needed to connect.

NOTE 1: Users can specify a different application configuration name by setting the appConfigName parameter. The operator will still look for a property with the name eventstreams.creds containing the Event Streams Credentials JSON.

NOTE 2: Users can add generic Kafka properties, for example metadata.max.age.ms, to the application configuration. To make the operator use these Kafka properties, the appConfigName parameter must be specified even if the default application configuration name eventstreams is used. Looking at the other way round, when the default application configuration name eventstreams is used, but not specified as appConfigName parameter value, only the service credentials are used from the application configuration.

Save Credentials in a File

With this option, users can copy their Event Streams credentials JSON from the Event Streams service and store it in a file called eventstreams.json. When the operator starts up it will read the credentials from that file and extract the information needed to connect. The following steps outline how this can be done:

  1. Create a file with the name eventstreams.json in the <application_directory>/etc/ directory.
  2. Paste the Event Streams Credentials JSON into this file and save it.
  3. The operator will automatically look for the file <application_directory>/etc/eventstreams.json and will extract the information needed to connect. Users only need to specify the topic(s) that they wish to consume messages from (set via the topic parameter).

NOTE: Users can use the credentialsFile parameter to specify a different file containing the Event Streams Credentials in JSON format.

Use the credentials operator parameter

With this option, any SPL expression that returns an rstring can be used to specify the service credentials. For example, you can write and use an SPL function, which reads the credentials JSON from a key value store.

The following Kafka properties are setup by the operators by default as recommended by Event Streams:

property name

value

bootstrap.servers

parsed from the service credentials

sasl.jaas.config

org.apache.kafka.common.security.plain.PlainLoginModule required serviceName="kafka" username="username" password="password";

(The username and the password are extracted from the service credentials.)

security.protocol

SASL_SSL

sasl.mechanism

PLAIN

ssl.protocol

TLSv1.2

ssl.truststore.type

JKS

ssl.enabled.protocols

TLSv1.2

ssl.endpoint.identification.algorithm

HTTPS

These properties cannot be overwritten by specific Kafka properties provided via properties file or application configuration. They are ignored when specified in a property file or application configuration.

In addition to the properties above, some more properties are setup or adjusted specific for the operators. For reference, review the operator's documentation.