Skip to content

feat: authentication support for kafka connection #530

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
phacops merged 10 commits into from
Dec 23, 2024
Merged

feat: authentication support for kafka connection #530

phacops merged 10 commits into from
Dec 23, 2024

Conversation

@aldy505
Copy link
Contributor

@aldy505 aldy505 commented Nov 17, 2024
edited
Loading

Support self-hosted users better by providing auth mechanism for Kafka connections. Introduces a few environment variables:

  • SENTRY_KAFKA_SASL_MECHANISM (valid values: "PLAIN", "SCRAM-SHA-256", "SCRAM-SHA-512", "")
  • SENTRY_KAFKA_SASL_USERNAME
  • SENTRY_KAFKA_SASL_PASSWORD
  • SENTRY_KAFKA_SSL_CA_PATH
  • SENTRY_KAFKA_SSL_CERT_PATH
  • SENTRY_KAFKA_SSL_KEY_PATH
    If the mechanism is not provided, it will default to a nil kafka.RoundTripper, which is the default already.

Legal Boilerplate

Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.

@aldy505 aldy505 requested a review from a team as a code owner November 17, 2024 08:08
@aldy505
Copy link
Contributor Author

aldy505 commented Dec 12, 2024

Any updates? @Zylphrex @viglia

viglia
viglia reviewed Dec 12, 2024
View reviewed changes
cmd/vroom/utils.go
}
}

return &kafka.Transport{
Copy link
Contributor

@viglia viglia Dec 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you need to set a Dialer as well here?

If writer Transport is nil DefaultTransport is used, but in this case it won't as we're explicitly setting it with createKafkaRoundTripper.

I think here we should first create a Transport like here and then set the SASL and TLS?

Copy link
Contributor Author

@aldy505 aldy505 Dec 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated.

@aldy505 aldy505 requested a review from viglia December 15, 2024 11:51
@phacops phacops merged commit 84dcfa0 into getsentry:main Dec 23, 2024
11 checks passed
@aldy505 aldy505 deleted the feat/kafka-with-auth branch December 23, 2024 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phacops phacops phacops approved these changes

@viglia viglia Awaiting requested review from viglia

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aldy505 @phacops @viglia