-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kafka-connector: support explicit json credentials #187
kafka-connector: support explicit json credentials #187
Conversation
Support passing pub/sub credentials via configuration directive gcp.credentials.json. This accepts quoted JSON blob, and helps to run this Kafka connector when environment can't be manipulated. It's recommended that the setting is used in conjunction with Kafka Connect externalized secrets to keep the actual JSON being reported in logs.
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here (e.g. What to do if you already signed the CLAIndividual signers
Corporate signers
|
I signed it! |
Thanks for this, it looks good! Unfortunately, it looks like CLA signing did not get associated with your GitHub account. Can you please make sure that the email address used for signing the CLA is the one associated with this pull request? You might also need to make sure that the email address is associated with your GitHub account. It's possible that it could be the difference between a work email address and a personal email address. Thanks! |
Hmm, I'm pretty sure my github primary email is the same associated with the commit, and that email address is part of the google group that I used for our corporate CLA registration. Any pointers how I could troubleshoot the issue? Thanks! |
Ah if it was corporate instead of individual, then it could take a few days to process. I'll keep an eye on it and approve once it shows up. |
I just received an email stating "All parties have completed Google Contributor License Agreement for Aiven." |
CLAs look good, thanks! |
Hi, Does this mean kafka connector doesn't work with credential file set in environment variable ? exception while starting the connector - Caused by: io.grpc.StatusRuntimeException: PERMISSION_DENIED: User not authorized to perform this action. |
The connector should fall back to GOOGLE_APPLICATION_CREDENTIALS if it is set and this property is not set in the config properties. Are you trying using a source connector or a sink connector? You might want to verify that you are able to publish to Cloud Pub/Sub directly (if using a sink connector) or subscribe directly (if you are using a source connector) with the environment variable set. If you cannot, it might not be a problem related to the connector, but rather to the credentials or the permissions. |
thanks for the quick response. I am using source connector. I believe in my case, it looks like kafka connector is able to read the credentials file, but fails at pubsub. I am able to use the same credential file using gRPC java connection to pull messages and working fine but I would like to use the kafka source connector and failing with above error. Please help. |
How are you setting the environment variable and starting up connect? #158 has some information regarding the correct way to do this in order to ensure the environment variable is picked up by Kafka Connect. |
I am trying running the kafka source connector on windows 10 to test and environment variable looks correct. I also tried passing the credential file path in connector properties file as well like as follows : but no luck yet and getting same error - Caused by: io.grpc.StatusRuntimeException: PERMISSION_DENIED: User not authorized to perform this action. |
Add support for passing in JSON credentials via connector config key 'gcp.credentials.json'.