Skip to content

AWS IAM Authentication support #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JiriBakker wants to merge 10 commits into
base: main
Choose a base branch
from
Open

AWS IAM Authentication support #60

JiriBakker wants to merge 10 commits into from

Conversation

@JiriBakker
Copy link

@JiriBakker JiriBakker commented Mar 8, 2025
edited
Loading

This adds support for AWS IAM Authentication (also see #44) to be able to connect to an AWS MSK cluster.

Note that due to the necessity of having to call .poll() several times, there will be some delays in retrieving data from Kafka.

Usage is described in the README section.

@JiriBakker JiriBakker mentioned this pull request Mar 8, 2025
Open
@sauljabin
Copy link
Owner

sauljabin commented Mar 15, 2025

I like the implementation so far.

In general kaskade is not fast already (too much requests), so I wonder how this can affect even more the performance 🤔

Split aws.region property off into separate config to avoid passing i…
181e454 
…t to confluent-kafka objects (which will fail due to unsupported property)
@JiriBakker
Copy link
Author

JiriBakker commented Mar 25, 2025

So I found an issue with my initial implementation, where passing the aws.region property would break the calls to the confluent-kafka Consumer and AdminClient objects. Had to refactor the configuration a bit to resolve this. I chose to use the more generic cloud_config name, instead of something more AWS specific. Happy to hear any feedback or alternative approaches to make this cleaner.

sauljabin
sauljabin requested changes Mar 27, 2025
View reviewed changes
README.md
kaskade admin -b my-kafka:9092 \
-c security.protocol=SASL_SSL \
-c sasl.mechanism=OAUTHBEARER \
-c aws.region=eu-west-1
Copy link
Owner

@sauljabin sauljabin Mar 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update this doc

kaskade/main.py
),
)
@cloup.option_group(
"Cloud configuration options",
Copy link
Owner

@sauljabin sauljabin Mar 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer AWS, and instead of --cloud-config we pass --aws, so the very optional options will be:

--registry
--avro
--protobuf
--aws

kaskade/main.py
kaskade admin -b localhost:9092
kaskade admin -b localhost:9092 --config security.protocol=SSL
kaskade admin -b localhost:9092 --config-file kafka.properties
kaskade admin -b localhost:9092 -c security.protocol=SASL_SSL -c sasl.mechanism=OAUTHBEARER --cloud-config aws.region=eu-west-1
Copy link
Owner

@sauljabin sauljabin Mar 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

kaskade/main.py
bootstrap_servers: str,
kafka_config_file: str | None,
kafka_config: dict[str, str],
cloud_config: dict[str, str],
Copy link
Owner

@sauljabin sauljabin Mar 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's also possible to validate the configs and example: https://github.com/sauljabin/kaskade/blob/main/kaskade/main.py#L327

We can list all the aws available configurations https://github.com/sauljabin/kaskade/blob/main/kaskade/configs.py#L6

kaskade/services.py
) -> tuple[int, int]:
low, high = 0, 0

consumer = Consumer(self.config | {GROUP_ID: f"kaskade-{uuid.uuid4()}"})
Copy link
Owner

@sauljabin sauljabin Mar 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember there was a reason 🤔 , but I need to test it again, then I will document it. But so far looks not necessary

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sauljabin sauljabin sauljabin requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JiriBakker @sauljabin