Support for AWS MSK IAM authorization

Hi! We are looking at using Strimzi to deploy Kafka Connect clusters using Kafka brokers deployed using Amazon MSK. We’d like to use MSK’s IAM feature for access control within the Kafka cluster (https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html), and I was curious how we could enable this when deploying Kafka Connect clusters using Strimzi.

The MSK docs say Kafka clients need to be configured with the following properties:

ssl.truststore.location=<PATH_TO_TRUST_STORE_FILE>
security.protocol=SASL_SSL
sasl.mechanism=AWS_MSK_IAM
sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;
sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler

and the client requires the aws-msk-iam-auth plugin. This is fine because I can build an image for Strimzi containing this plugin.

The problem is, according to the Strimzi docs, there are specific ways to configure authn/authz and although the SASL_SSL protocol is supported, there doesn’t seem to be a way to configure the sasl.mechanism and other options. I also cannot configure these manually in the KafkaConnect CR .spec.config because the docs suggest that any ssl., security. or sasl. are ignored in that block. Is there any other way we can configure these options with Strimzi?