From acb23912dc7d5f935cbdccebd4103873adb5591b Mon Sep 17 00:00:00 2001
From: Helder Santos <helder.santos@talkdesk.com>
Date: Wed, 11 May 2022 10:27:02 +0100
Subject: [PATCH] Fix SASL authentication

---
 README.md | 1 +
 main.go   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/README.md b/README.md
index b2ecb6c2..fdd2dd8d 100644
--- a/README.md
+++ b/README.md
@@ -62,6 +62,7 @@ To connect to Kafka over SASL/SCRAM authentication define the following additona
 - `KAFKA_SASL_MECHANISM`: SASL mechanism to use for authentication, defaults to `""`
 - `KAFKA_SASL_USERNAME`: SASL username for use with the PLAIN and SASL-SCRAM-.. mechanisms, defaults to `""`
 - `KAFKA_SASL_PASSWORD`: SASL password for use with the PLAIN and SASL-SCRAM-.. mechanism, defaults to `""`
+- `KAFKA_SSL_CA_CERT_FILE`: Kafka SSL broker CA certificate file, defaults to `""`
 
 When deployed in a Kubernetes cluster using Helm and using a Kafka external to the cluster, it might be necessary to define the kafka hostname resolution locally (this fills the /etc/hosts of the container). Use a custom values.yaml file with section `hostAliases` (as mentioned in default values.yaml).
 
diff --git a/main.go b/main.go
index a9173ed6..2c8b5315 100644
--- a/main.go
+++ b/main.go
@@ -57,6 +57,7 @@ func main() {
 		}
 
 		kafkaConfig["security.protocol"] = kafkaSecurityProtocol
+		kafkaConfig["ssl.ca.location"] = kafkaSslCACertFile // CA certificate file for verifying the broker's certificate.
 		kafkaConfig["sasl.mechanism"] = kafkaSaslMechanism
 		kafkaConfig["sasl.username"] = kafkaSaslUsername
 		kafkaConfig["sasl.password"] = kafkaSaslPassword