From ecd7da540aaba2a8720e15558391cab550144559 Mon Sep 17 00:00:00 2001
From: reyesj2 <94730068+reyesj2@users.noreply.github.com>
Date: Fri, 11 Apr 2025 10:21:46 -0500
Subject: [PATCH] skip user entries that don't have password configured

---
 salt/kafka/etc/jaas.conf.jinja | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/salt/kafka/etc/jaas.conf.jinja b/salt/kafka/etc/jaas.conf.jinja
index 2647e5ff9..effb88319 100644
--- a/salt/kafka/etc/jaas.conf.jinja
+++ b/salt/kafka/etc/jaas.conf.jinja
@@ -1,7 +1,16 @@
-{% set KAFKA_EXTERNAL_USERS = salt['pillar.get']('kafka:config:external_access:remote_users') %}
+{% set KAFKA_EXTERNAL_USERS = salt['pillar.get']('kafka:config:external_access:remote_users') -%}
+
+{%- set valid_users = [] -%}
+
+{%- for item, user in KAFKA_EXTERNAL_USERS.items() -%}
+{%   if 'password' in user and user.password is not none and user.password != "" -%}
+{%     do valid_users.append('user_' ~ user.username ~ '="' ~ user.password ~ '"') -%}
+{%   endif -%}
+{%- endfor -%}
+
 KafkaServer {
     org.apache.kafka.common.security.plain.PlainLoginModule required
-    {% for item, user in KAFKA_EXTERNAL_USERS.items() -%}
-    user_{{ user.username }}="{{ user.password }}"{{ ";" if loop.last else " \\" }}
+    {% for user_entry in valid_users -%}
+    {{ user_entry }}{{ ";" if loop.last }}
     {% endfor %}
 };
\ No newline at end of file