-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kafka: allow disabling kerberos FAST in sarama client #6189
Conversation
3f28c8f
to
8a27419
Compare
/run-e2e kafka |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! PTAL @zroubalik @dttung2905
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I think we have a CI error (here)
=== FAIL: pkg/scalers TestParseElasticsearchMetadata/no_index_given (0.00s)
elasticsearch_scaler_test.go:321:
Error Trace: /__w/keda/keda/pkg/scalers/elasticsearch_scaler_test.go:321
Error: "missing required parameter [\"index\"] in [authParams triggerMetadata]\nmissing required parameter [\"searchTemplateName\"] in [authParams triggerMetadata]\nmissing required parameter [\"valueLocation\"] in [authParams triggerMetadata]\nmissing required parameter [\"targetValue\"] in [authParams triggerMetadata]\nboth username and password must be provided when addresses is used" does not contain "missing required parameter \"index\""
Test: TestParseElasticsearchMetadata/no_index_given
I don't think its related to our changes. @JorTurFer Could you help to confirm this too?
Our sarama client has kerberos FAST negotiation turned on by default, but there are KDCs that can't handle FAST negotiation and will fail. There is an option to configure this on the sarama client, but we didn't expose it anywhere, so users couldn't get to it. This just adds an additional auth parameter to AuthConfig to expose that configuration option so users who need to shut off FAST are able to do so. Signed-off-by: John Kyros <[email protected]>
8a27419
to
18264ad
Compare
rebased and resolved CHANGELOG conflict 😄 |
/run-e2e kafka |
PTAL @kedacore/keda-core-contributors |
Our sarama client has kerberos FAST negotiation turned on by default, but there are KDCs that can't handle FAST negotiation and will fail. There is an option to configure this on the sarama client, but we didn't expose it anywhere, so users couldn't get to it. This just adds an additional auth parameter to AuthConfig to expose that configuration option so users who need to shut off FAST are able to do so. Signed-off-by: John Kyros <[email protected]>
This:
kerberosDisableFAST
field to the kafka scaler metadata, which can be used to disable sarama's/gokrb5's FAST negotiation for kerberos connectionskerberosDisableFAST
field in the AuthConfigWhich will let a user disable FAST as part of their Kerberos configuration.
I'm not attached to any of the naming here, I just want the plumbing, right now we just can't manipulate this at all. 😄
Checklist
A PR is opened to update our Helm chart (repo) (if applicable, ie. when deployment manifests are modified)Fixes #6188