Kafka KerberosAuth

KafkaKerberosAuth

Bases: KafkaAuth, GenericOptions

Connect to Kafka using sasl.mechanism="GSSAPI".

For more details see:

• Kafka Documentation
• Krb5LoginModule documentation

Added in 0.9.0

Examples:

Auth in Kafka with keytab, automatically deploy keytab files to all Spark hosts (driver and executors):

from onetl.connection import Kafka

auth = Kafka.KerberosAuth(
    principal="user",
    keytab="/path/to/keytab",
    deploy_keytab=True,
)

Auth in Kafka with keytab, keytab is already deployed on all Spark hosts (driver and executors):

from onetl.connection import Kafka

auth = Kafka.KerberosAuth(
    principal="user",
    keytab="/path/to/keytab",
    deploy_keytab=False,
)

Auth in Kafka with existing Kerberos ticket (only Spark session created with master=local):

from onetl.connection import Kafka

auth = Kafka.KerberosAuth(
    principal="user",
    use_keytab=False,
    use_ticket_cache=True,
)

Pass custom options for JAAS config and Kafka SASL:

from onetl.connection import Kafka

auth = Kafka.KerberosAuth.parse(
    {
        "principal": "user",
        "keytab": "/path/to/keytab",
        # options without sasl.kerberos. prefix are passed to JAAS config
        # names are in camel case!
        "isInitiator": True,
        # options with `sasl.kerberos.` prefix are passed to Kafka client config as-is
        "sasl.kerberos.kinit.cmd": "/usr/bin/kinit",
    }
)

cleanup(kafka)

This method is called while closing Kafka connection.

Implement it to cleanup resources like temporary files.

Parameters:

• kafka (Kafka) –

  Connection instance

get_options(kafka)

Get options for Kafka connection

Parameters:

• kafka (Kafka) –

  Connection instance

Returns:

• dict ( dict ) –

  Kafka client options

parse(options) classmethod

If a parameter inherited from the ReadOptions class was passed, then it will be returned unchanged. If a Dict object was passed it will be converted to ReadOptions.

Otherwise, an exception will be raised