Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(Kapacitor): new kafka sasl oauth params #5617

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

feat(Kapacitor): new kafka sasl oauth params #5617

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
cdda425
feat: nww kafka sasl oauth params
vlastahajek Sep 25, 2024
211d0f6
chore: Improved description
vlastahajek Sep 25, 2024
5bd954c
chore: formatting improvement
vlastahajek Sep 25, 2024
2bc74f5
Merge branch 'master' into feat/kapacitor-kafka-sasl-oauth
jstirnaman Sep 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 50 additions & 3 deletions content/kapacitor/v1/reference/event_handlers/kafka.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ Below is an example configuration:
# Optional SASL configuration
sasl-username = "xxxxx"
sasl-password = "xxxxxxxx"
sasl-extensions = {}
sasl-mechanism = ""
sasl-version = ""
# Use if sasl-mechanism is GSSAPI. GSSAPI is for organizations using Kerberos.
Expand All @@ -46,7 +47,16 @@ Below is an example configuration:
sasl-gssapi-kerberos-config-path = "/"
sasl-gssapi-key-tab-path = ""
sasl-gssapi-realm = "realm"
# Use if sasl-mechanism is `OAUTHBEARER` (experimental).
# Options if sasl-mechanism is OAUTHBEARER
sasl-oauth-service = "auth0"
sasl-oauth-client-id = "xxxxxxx"
sasl-oauth-client-secret = "xxxxxxxx"
sasl-oauth-token-url = "dedicated-auth0-token-url"
sasl-oauth-token-expiry-margin = "10s"
sasl-oauth-scopes = ""
sasl-oauth-tenant-id = ""
[kafka.sasl-oauth-parameters]
audience = "development"
sasl-access-token = ""

```
Expand Down Expand Up @@ -102,8 +112,16 @@ Username to use for SASL authentication.
#### sasl-password
Password to use for SASL authentication.

### sasl-extensions
Arbitrary key value string pairs to pass as a TOML table

#### sasl-mechanism
SASL mechanism type. Options include `GSSAPI`, `OAUTHBEARER`, `PLAIN`.
SASL mechanism type. Options are:
- `GSSAPI`
- `OAUTHBEARER`
- `PLAIN`
- `SCRAM-SHA-256`
- `SCRAM-SHA-512`

#### sasl-version
SASL protocol version.
Expand All @@ -126,8 +144,37 @@ Path to the Kerberos key tab.
#### sasl-gssapi-realm
Default Kerberos realm.

### Options if sasl-mechanism is OAUTHBEARER
#### sasl-oauth-service
The service name to use when authenticating with SASL/OAUTH.
One of:
- `""` (empty) or `custom`
- `auth0`
- `azuread`

#### sasl-oauth-client-id
The client ID to use when authenticating with SASL/OAUTH.

#### sasl-oauth-client-secret
The client secret to use when authenticating with SASL/OAUTH.

#### sasl-oauth-token-url
The token URL to use when sasl-oauth-service is `custom` or `auth0`. Leave empty otherwise.

#### sasl-oauth-token-expiry-margin
The margin for the token's expiration time.

#### sasl-oauth-scopes
Optional scopes to use when authenticating with SASL/OAUTH.

#### sasl-oauth-tenant-id
Tenant ID for the AzureAD service.

#### [kafka.sasl-oauth-parameters]
The optional key/value params for SASL/OAUTH. e.g. audience for AUTH0

#### sasl-access-token
Used if the SASL mechanism is `OAUTHBEARER` (experimental).
Static OAUTH token. Use this instead of other OAUTH params.

## Options
The following Kafka event handler options can be set in a
Expand Down