• Breaking change? -- Shouldn't be, configuration changes are append-only, unspecified store type is considered as JKS/PKCS12 (both can be handled under either and technically only a preference hint).

What changes did you make?

Adds support for PEM keystore/truststore and mTLS configuration, replacing manual KeyManagerFactory/TrustManagerFactory calls with spring boot SslBundle to parametrize the kafka client and http/netty clients.

• TruststoreConfig/KeystoreConfig extended with truststoreType/keystoreType with possible values of JKS, PKCS12 and PEM
• KeystoreConfig is extended with keystoreCertificate for [pem] client certificate file.
• Cluster is extended with securityProtocol and kafkaSsl for mTLS client certificate.

Out-of-the scope FE change: ApplicationConfigPropertiesKafkaSchemaRegistrySsl -> KeystoreConfig as reusable DTO is introduced, auto-generated one no longer exists.

Is there anything you'd like reviewers to focus on?

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

• No need to
• Manually Tested on mTLS cluster with PEM, JKS and PKCS12 keystores
• Unit checks
• Integration checks
• Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES) -- no environment variable changes is necessary in documentation compose files
• My changes generate no new warnings (e.g. Sonar is happy)
• I have added tests that prove my fix is effective or that my feature works -- a rather heavy setup would be required
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged -- no dependencies

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)