Skip to content

Commit 075784f

Browse files
committed
[DOP-24124] Add Kafka GSSAPI support
1 parent b14bbe1 commit 075784f

File tree

24 files changed

+464
-105
lines changed

24 files changed

+464
-105
lines changed

.env.docker

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,8 +27,8 @@ DATA_RENTGEN__LOGGING__PRESET=colored
2727
DATA_RENTGEN__SERVER__DEBUG=false
2828

2929
# See Backend -> Consumer -> Configuration documentation
30-
DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS=broker:9092
31-
DATA_RENTGEN__KAFKA__SECURITY__TYPE=scram-sha256
30+
DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS='["broker:9092"]'
31+
DATA_RENTGEN__KAFKA__SECURITY__TYPE=SCRAM-SHA-256
3232
DATA_RENTGEN__KAFKA__SECURITY__USER=data_rentgen
3333
DATA_RENTGEN__KAFKA__SECURITY__PASSWORD=changeme
3434
DATA_RENTGEN__KAFKA__COMPRESSION=zstd

.env.local

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@ export DATA_RENTGEN__LOGGING__PRESET=colored
22

33
export DATA_RENTGEN__DATABASE__URL=postgresql+asyncpg://data_rentgen:changeme@localhost:5432/data_rentgen
44

5-
export DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS=localhost:9093
6-
export DATA_RENTGEN__KAFKA__SECURITY__TYPE=scram-sha256
5+
export DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS=["localhost:9093"]
6+
export DATA_RENTGEN__KAFKA__SECURITY__TYPE=SCRAM-SHA-256
77
export DATA_RENTGEN__KAFKA__SECURITY__USER=data_rentgen
88
export DATA_RENTGEN__KAFKA__SECURITY__PASSWORD=changeme
99
export DATA_RENTGEN__KAFKA__COMPRESSION=zstd
@@ -36,9 +36,9 @@ export DATA_RENTGEN__AUTH__ACCESS_TOKEN__SECRET_KEY=secret
3636

3737
# Cors
3838
export DATA_RENTGEN__SERVER__CORS__ENABLED=True
39-
export 'DATA_RENTGEN__SERVER__CORS__ALLOW_ORIGINS=["http://localhost:3000"]'
40-
export DATA_RENTGEN__SERVER__CORS__ALLOW_CREDENTIALS=true
41-
export 'DATA_RENTGEN__SERVER__CORS__ALLOW_METHODS=["*"]'
42-
export 'DATA_RENTGEN__SERVER__CORS__ALLOW_HEADERS=["*"]'
43-
export 'DATA_RENTGEN__SERVER__CORS__EXPOSE_HEADERS=["X-Request-ID", "Location", "Access-Control-Allow-Credentials"]'
39+
export DATA_RENTGEN__SERVER__CORS__ALLOW_ORIGINS=["http://localhost:3000"]
40+
export DATA_RENTGEN__SERVER__CORS__ALLOW_CREDENTIALS=True
41+
export DATA_RENTGEN__SERVER__CORS__ALLOW_METHODS=["*"]
42+
export DATA_RENTGEN__SERVER__CORS__ALLOW_HEADERS=["*"]
43+
export DATA_RENTGEN__SERVER__CORS__EXPOSE_HEADERS=["X-Request-ID", "Location", "Access-Control-Allow-Credentials"]
4444

.github/workflows/codeql-analysis.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,11 @@ jobs:
2929
- name: Checkout repository
3030
uses: actions/checkout@v4
3131

32+
- name: Install system packages
33+
run: |
34+
sudo apt update
35+
sudo apt-get install --no-install-recommends -y libkrb5-dev krb5-user gcc
36+
3237
- name: Set up Python ${{ env.DEFAULT_PYTHON }}
3338
uses: actions/setup-python@v5
3439
with:

.github/workflows/test.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,11 @@ jobs:
2424
- name: Checkout code
2525
uses: actions/checkout@v4
2626

27+
- name: Install system packages
28+
run: |
29+
sudo apt update
30+
sudo apt-get install --no-install-recommends -y libkrb5-dev krb5-user gcc
31+
2732
- name: Set up Docker Buildx
2833
uses: docker/setup-buildx-action@v3
2934

@@ -97,7 +102,7 @@ jobs:
97102
run: python -m pip install --upgrade pip setuptools wheel
98103

99104
- name: Install dependencies
100-
run: pip install -I coverage pytest
105+
run: pip install -I coverage
101106

102107
- name: Download all raw coverage data
103108
uses: actions/download-artifact@v4

.readthedocs.yaml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,12 @@ version: 2
33
build:
44
os: ubuntu-22.04
55
apt_packages:
6+
- autoconf
67
- make
8+
- gcc
9+
- libkrb5-dev
710
tools:
8-
python: '3.12'
11+
python: '3.13'
912
jobs:
1013
post_checkout:
1114
- git fetch --unshallow || true

codecov.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@ coverage:
22
status:
33
project:
44
default:
5-
target: 93%
5+
target: 90%
66
threshold: 1%

data_rentgen/consumer/__init__.py

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,17 @@
22
# SPDX-License-Identifier: Apache-2.0
33

44
import logging
5+
from contextlib import asynccontextmanager
56

7+
import anyio
68
from fast_depends import dependency_provider
7-
from faststream import FastStream
9+
from faststream import ContextRepo, FastStream
10+
from faststream._compat import ExceptionGroup
811
from faststream.kafka import KafkaBroker
912
from sqlalchemy.ext.asyncio import AsyncSession
1013

1114
import data_rentgen
1215
from data_rentgen.consumer.settings import ConsumerApplicationSettings
13-
from data_rentgen.consumer.settings.security import get_broker_security
1416
from data_rentgen.consumer.subscribers import runs_events_subscriber
1517
from data_rentgen.db.factory import create_session_factory
1618
from data_rentgen.logging.setup_logging import setup_logging
@@ -21,10 +23,11 @@
2123
def broker_factory(settings: ConsumerApplicationSettings) -> KafkaBroker:
2224
broker = KafkaBroker(
2325
bootstrap_servers=settings.kafka.bootstrap_servers,
24-
security=get_broker_security(settings.kafka.security),
26+
security=settings.kafka.security.to_security(),
2527
compression_type=settings.kafka.compression.value if settings.kafka.compression else None,
2628
client_id=f"data-rentgen-{data_rentgen.__version__}",
2729
logger=logger,
30+
**settings.kafka.security.extra_broker_kwargs(),
2831
)
2932

3033
# register subscribers using settings
@@ -41,8 +44,24 @@ def broker_factory(settings: ConsumerApplicationSettings) -> KafkaBroker:
4144

4245

4346
def application_factory(settings: ConsumerApplicationSettings) -> FastStream:
47+
@asynccontextmanager
48+
async def security_lifespan(context: ContextRepo):
49+
try:
50+
async with anyio.create_task_group() as tg:
51+
await settings.kafka.security.initialize()
52+
tg.start_soon(settings.kafka.security.refresh)
53+
54+
yield
55+
56+
await settings.kafka.security.destroy()
57+
tg.cancel_scope.cancel()
58+
except ExceptionGroup as e:
59+
for exception in e.exceptions:
60+
raise exception from None
61+
4462
return FastStream(
4563
broker=broker_factory(settings),
64+
lifespan=security_lifespan,
4665
title="Data.Rentgen",
4766
description="Data.Rentgen is a nextgen DataLineage service",
4867
version=data_rentgen.__version__,

data_rentgen/consumer/settings/__init__.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,8 +31,8 @@ class ConsumerApplicationSettings(BaseSettings):
3131
# same as settings.database.url = "postgresql+asyncpg://postgres:postgres@localhost:5432/data_rentgen"
3232
DATA_RENTGEN__DATABASE__URL=postgresql+asyncpg://postgres:postgres@localhost:5432/data_rentgen
3333
34-
# same as settings.kafka.bootstrap_servers = "postgresql+asyncpg://postgres:postgres@localhost:5432/data_rentgen"
35-
DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS=postgresql+asyncpg://postgres:postgres@localhost:5432/data_rentgen
34+
# same as settings.kafka.bootstrap_servers = ["kafka:9092"]
35+
DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS=["kafka:9092"]
3636
3737
# same as settings.logging.preset = "json"
3838
DATA_RENTGEN__LOGGING__PRESET=json

data_rentgen/consumer/settings/kafka.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66

77
from pydantic import BaseModel, Field
88

9-
from data_rentgen.consumer.settings.security import KafkaSecuritySettings
9+
from data_rentgen.consumer.settings.security import KafkaSecurityAnonymousSettings, KafkaSecuritySettings
1010

1111

1212
class KafkaCompression(str, Enum):
@@ -30,18 +30,18 @@ class KafkaSettings(BaseModel):
3030
3131
.. code-block:: bash
3232
33-
DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS=localhost:9092
34-
DATA_RENTGEN__KAFKA__SECURITY__TYPE=scram-256
33+
DATA_RENTGEN__KAFKA__BOOTSTRAP_SERVERS=["localhost:9092"]
34+
DATA_RENTGEN__KAFKA__SECURITY__TYPE=SCRAM-SHA-256
3535
DATA_RENTGEN__KAFKA__REQUEST_TIMEOUT_MS=5000
3636
DATA_RENTGEN__KAFKA__CONNECTIONS_MAX_IDLE_MS=540000
3737
"""
3838

39-
bootstrap_servers: str = Field(
39+
bootstrap_servers: list[str] = Field(
4040
description="List of Kafka bootstrap servers.",
4141
min_length=1,
4242
)
4343
security: KafkaSecuritySettings = Field(
44-
default_factory=KafkaSecuritySettings,
44+
default_factory=KafkaSecurityAnonymousSettings,
4545
description="Kafka security settings.",
4646
)
4747
compression: KafkaCompression | None = Field(

data_rentgen/consumer/settings/security.py

Lines changed: 0 additions & 55 deletions
This file was deleted.

0 commit comments

Comments
 (0)