New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PYTHON] Add support for MSK IAM authentication with a new transport #2478
[PYTHON] Add support for MSK IAM authentication with a new transport #2478
Conversation
9489cfd
to
4ff38d0
Compare
|
||
|
||
def _oauth_cb(config: MSKIAMConfig, *_: Any) -> tuple[str, float]: | ||
from aws_msk_iam_sasl_signer import MSKAuthTokenProvider # type: ignore[import] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
local import 👍
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #2478 +/- ##
=======================================
Coverage 84.54% 84.54%
=======================================
Files 59 59
Lines 3351 3351
=======================================
Hits 2833 2833
Misses 518 518 ☔ View full report in Codecov by Sentry. |
fa311ce
to
5e4ff54
Compare
…t additional custom ones Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com>
Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com>
Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com>
Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com>
Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com>
2d37427
to
38e061d
Compare
…penLineage#2478) * Add the MSK IAM transport to support AWS MSK cluster instances without additional custom ones Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Remove support to get the default from instance metadata Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Remove test for instance metadata Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Use only debug level logs for the transport Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Remove redundant checks Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> --------- Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> Signed-off-by: Ruihua Wang <ruihuawang@microsoft.com>
…penLineage#2478) * Add the MSK IAM transport to support AWS MSK cluster instances without additional custom ones Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Remove support to get the default from instance metadata Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Remove test for instance metadata Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Use only debug level logs for the transport Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> * Remove redundant checks Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> --------- Signed-off-by: Mattia Bertorello <mattia.bertorello@booking.com> Signed-off-by: Fabio Manganiello <fabio@manganiello.tech>
Problem
The AWS MSK has an IAM authentication type that uses the OAuth Kafka authentication type but needs a specific code to generate the token.
That makes creating a custom transport necessary, at least in Python.
Solution
Use the library aws-msk-iam-sasl-signer-python to generate the OAuth token and create a new transport called
msk-aim
this will avoid the users of OpenLineage to create a custom one.Additional configurations are:
The next ones exclude each other and cannot be used at the same time.
The credentials will be loaded from the environment with the boto3 library.
Example:
Or for cross account
One-line summary:
Makes easier to publish events to MSK with IAM authentication.
Manual integration test
Logs
Checklist
SPDX-License-Identifier: Apache-2.0
Copyright 2018-2023 contributors to the OpenLineage project