Skip to content

Kafka KerberosAuth

KafkaKerberosAuth

Bases: KafkaAuth, GenericOptions

Connect to Kafka using sasl.mechanism="GSSAPI".

For more details see:

  • Kafka Documentation <https://kafka.apache.org/documentation/#security_sasl_kerberos_clientconfig>_
  • Krb5LoginModule documentation <https://docs.oracle.com/javase/8/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html>_

.. versionadded:: 0.9.0

Examples:

Auth in Kafka with keytab, automatically deploy keytab files to all Spark hosts (driver and executors):

.. code:: python

from onetl.connection import Kafka

auth = Kafka.KerberosAuth(
    principal="user",
    keytab="/path/to/keytab",
    deploy_keytab=True,
)

Auth in Kafka with keytab, keytab is already deployed on all Spark hosts (driver and executors):

.. code:: python

from onetl.connection import Kafka

auth = Kafka.KerberosAuth(
    principal="user",
    keytab="/path/to/keytab",
    deploy_keytab=False,
)

Auth in Kafka with existing Kerberos ticket (only Spark session created with master=local):

.. code:: python

from onetl.connection import Kafka

auth = Kafka.KerberosAuth(
    principal="user",
    use_keytab=False,
    use_ticket_cache=True,
)

Pass custom options for JAAS config and Kafka SASL:

.. code:: python

from onetl.connection import Kafka

auth = Kafka.KerberosAuth.parse(
    {
        "principal": "user",
        "keytab": "/path/to/keytab",
        # options without sasl.kerberos. prefix are passed to JAAS config
        # names are in camel case!
        "isInitiator": True,
        # options with `sasl.kerberos.` prefix are passed to Kafka client config as-is
        "sasl.kerberos.kinit.cmd": "/usr/bin/kinit",
    }
)

cleanup(kafka)

This method is called while closing Kafka connection.

Implement it to cleanup resources like temporary files.

Parameters:

  • kafka (:obj:Kafka <onetl.connection.db_connection.kafka.connection.Kafka>) –

    Connection instance

get_options(kafka)

Get options for Kafka connection

Parameters:

  • kafka (:obj:Kafka <onetl.connection.db_connection.kafka.connection.Kafka>) –

    Connection instance

Returns:

  • dict ( dict ) –

    Kafka client options

parse(options) classmethod

If a parameter inherited from the ReadOptions class was passed, then it will be returned unchanged. If a Dict object was passed it will be converted to ReadOptions.

Otherwise, an exception will be raised