Closed franky-m closed 3 hours ago
@franky-m , This is a great idea. Would you be able to contribute a PR to help with this? We could give you some pointers in the code.
Hi could you give me the pointers you mentioned? I would try to implement the SASL/SCRAM support myself and if I succeed I would open a PR
+1
Hi @dlvenable! Did you have time to collect the pointers you mentioned?
@franky-m ,
Yes, I have some references.
First, I think that SASL/SCRAM is different from SASL/PLAIN. So the configuration should probably be a little different in the YAML.
It should have the following structure instead.
authentication:
sasl:
scram:
username: your_kafka_username
password: your_kafka_password
You can see where we add the current configuraiton in this block:
You can add something like the following below there to add the scram
option.
@JsonProperty("scram")
private ScramAuthConfig scramAuthConfig;
Here is code where we set the plain
configuration into the Kafka properties:
And this is the code where we call it.
You could add a new condition that would look somewhat like:
...
} else if(Objects.nonNull(saslAuthConfig.getScramAuthConfig())) {
setScramAuthProperties(properties, saslAuthConfig.getScramAuthConfig()); // new method; maybe it needs the encryption config too
} else ...
@franky-m , We did make some changes to support dynamically updating the password if it changes in the underlying source (e.g. AWS Secrets Manager). It isn't necessary to have that implemented, but would be nice.
@chenqi0805 , Can you provide any guidance on how that would be implemented?
Is your feature request related to a problem? Please describe. Currently, Kafka source only supports SASL/PLAIN authentication mechanism, but apparently no SASL/SCRAM-SHA-256 and SASL/SCRAM-SHA-512.
Describe the solution you'd like
Extend Data Prepper’s authentication options to include mechanisms such as SCRAM-SHA-512.
Example:
Additional context
Many Kafka deployments rely on SCRAM mechanisms for improved security. Users who require SCRAM-SHA-512 authentication need this feature to seamlessly integrate Data Prepper into their existing Kafka infrastructure.