Currently, KoP stores all group and offset metadata in one topic, public/__kafka/__consumer_offsets. It's not easy to extend and might encounter performance issues for large amount of consumers.
in the long run as consumers keep increasing as all these consumers
share the same topic would there be slowness in committing the offsets etc.
To solve this issue, we can specify the tenant in PLAIN authentication's username, for example:
The tenant will be encoded to a token sent by the client, the token format will be {tenant} __with_tenant__{token}, since the token only allows to (?<token>[-_\.a-zA-Z0-9]+), so here used __with_tenant__ as the delimiter. On the KoP server side, it will try to extract the tenant and token, the tenant will be used as KoP metadata tenant.
Add multi-tenant support for OAuth authentication.
(cherry picked from commit 55740249efc8ccc02b6d70b43471e51bb64d2b0d)
eolivelli
commented
1 year ago
Currently, KoP stores all group and offset metadata in one topic,
public/__kafka/__consumer_offsets. It's not easy to extend and might encounter performance issues for large amount of consumers.To solve this issue, we can specify the tenant in
PLAINauthentication's username, for example:But when using
OAuthauthentication, there is no way to specify the tenant.In this PR, we will introduce a way to specify tenants on OAuth authentication, and we will add a new property in
credentials_file.json. For example:Internal design
The tenant will be encoded to a token sent by the client, the token format will be
{tenant} __with_tenant__{token}, since the token only allows to(?<token>[-_\.a-zA-Z0-9]+), so here used__with_tenant__as the delimiter. On the KoP server side, it will try to extract the tenant and token, the tenant will be used as KoP metadata tenant.Add multi-tenant support for OAuth authentication.
(cherry picked from commit 55740249efc8ccc02b6d70b43471e51bb64d2b0d)