uForwarder open-source has no SASL/PLAIN support at all.
The controller's admin client is configured by KafkaAdminClientConfiguration.java.
When enableSecure=true, it merges in whatever KafkaUtils.getSecurityConfigs() returns.
That method returns only mTLS over Uber's internal uPKI provider — com.uber.kafka.security.provider.KafkaUPKIProviderCreator. That class isn't part of the open-source build; it's a closed Uber library.
Same pattern in KafkaFetcherConfiguration and KafkaDispatcherConfiguration (worker side). All four code paths that talk to Kafka — admin, offset committer, fetcher, dispatcher — share the same isSecure → uPKI mTLS switch.
The Spring @ConfigurationProperties classes have no extension point for arbitrary properties (no Map<String, String> additionalProperties field), so we can't sneak in security.protocol=SASL_PLAINTEXT via env var or --key=value either.
uForwarder open-source has no SASL/PLAIN support at all.
The controller's admin client is configured by KafkaAdminClientConfiguration.java.
When enableSecure=true, it merges in whatever KafkaUtils.getSecurityConfigs() returns.
That method returns only mTLS over Uber's internal uPKI provider — com.uber.kafka.security.provider.KafkaUPKIProviderCreator. That class isn't part of the open-source build; it's a closed Uber library.
Same pattern in KafkaFetcherConfiguration and KafkaDispatcherConfiguration (worker side). All four code paths that talk to Kafka — admin, offset committer, fetcher, dispatcher — share the same isSecure → uPKI mTLS switch.
The Spring @ConfigurationProperties classes have no extension point for arbitrary properties (no Map<String, String> additionalProperties field), so we can't sneak in security.protocol=SASL_PLAINTEXT via env var or --key=value either.