changefeedccl: support kerberos auth for changefeed kafka sink

cockroachdb / cockroach

CockroachDB — the cloud native, distributed SQL database designed for high availability, effortless scale, and control over data placement.

https://www.cockroachlabs.com

Other

30.11k stars 3.81k forks source link

changefeedccl: support kerberos auth for changefeed kafka sink #44603

Open chriscasano opened 4 years ago

chriscasano commented 4 years ago

Customer request to have Kerberos auth for Kafka sink in Changefeed. They have multiple scenarios for using changefeeds for audit events, table replication and other triggering events. All production Kafka clusters us Kerberos and they can not migrate current app to production without this. We would have to consider how we add Kerberos service name, credentials service, principal and key tab as part to the Create Changeed statement. I haven’t tested but looks like Sarama supports Kerberos: https://github.com/Shopify/sarama/pull/1366

gz#4609

gz#7784

Jira issue: CRDB-5216

knz commented 4 years ago

cc @nstewart for triage

RoachietheSupportRoach commented 4 years ago

Zendesk ticket #4609 has been linked to this issue.

BramGruneir commented 4 years ago

@mwang1026 or @thtruo, any movement on this?

knz commented 3 years ago

Wasn't this achieved already? @stevendanna @dt ?

shermanCRL commented 3 years ago

See https://github.com/Shopify/sarama/pull/1366

knz commented 3 years ago

@shermanCRL thanks, but how does this answer the question? Was the outcome from crdb's perspective achieved or not? In which version? Our CEAs would like to know.

stevendanna commented 3 years ago

No, we do not currently support this. We added support for SCRAM as a new SASL authentication method but not GSSAPI.

BramGruneir commented 2 years ago

@amruss, any chance of resurrecting this? I'm hearing from users who still really want this integration.