Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Config API: Re-evaluate public API & configuration options #46

Open
felixschlegel opened this issue Jan 22, 2023 · 1 comment
Open

New Config API: Re-evaluate public API & configuration options #46

felixschlegel opened this issue Jan 22, 2023 · 1 comment

Comments

@felixschlegel
Copy link
Contributor

  • Currently, we expose more or less all librdkafka configurations — do we want to narrow it down to the most basic configurations and expand this on user request / provide an unsafe API that allows pro-users to set arbitrary key-value options?
  • librdkafka exposes configuration options regarding OAuth and SSL keys etc. — does our package even intend to expose that as well?
@felixschlegel felixschlegel mentioned this issue Jan 22, 2023
Merged
4 tasks
@felixschlegel
Copy link
Contributor Author

felixschlegel commented Jun 5, 2023
edited
Loading

Here is a list of the options we are currently not supporting but might want to support in the future:

(See librdkafka/CONFIGURATION.md for reference)

EDIT: since #88

  • topic.metadata.refresh.fast.cnt
  • connections.max.idle.ms
  • api.version.request
  • api.version.request.timeout.ms
  • ssl.cipher.suites
  • ssl.curves.list
  • ssl.sigalgs.list
  • ssl.key.pem
  • ssl_key
  • ssl.certificate.pem
  • ssl_certificate
  • ssl.ca.pem
  • ssl_ca
  • ssl.ca.certificate.stores
  • ssl.providers
  • ssl.engine.location
  • ssl.engine.id
  • ssl_engine_callback_data
  • enable.ssl.certificate.verification
  • ssl.endpoint.identification.algorithm
  • ssl.certificate.verify_cb
  • sasl.mechanisms
  • sasl.kerberos.service.name
  • sasl.kerberos.principal
  • sasl.kerberos.kinit.cmd
  • sasl.kerberos.keytab
  • sasl.kerberos.min.time.before.relogin
  • sasl.oauthbearer.config
  • sasl.oauthbearer.method
  • sasl.oauthbearer.client.id
  • sasl.oauthbearer.client.secret
  • sasl.oauthbearer.scope
  • sasl.oauthbearer.extensions
  • sasl.oauthbearer.token.endpoint.url
  • group.instance.id
  • partition.assignment.strategy
  • coordinator.query.interval.ms
  • queued.min.messages
  • queued.max.messages.kbytes
  • fetch.message.max.bytes
  • max.partition.fetch.bytes
  • fetch.min.bytes
  • fetch.max.bytes
  • fetch.error.backoff.ms
  • check.crcs
  • client.rack
  • retry.backoff.ms
  • compression.codec
  • compression.type
  • batch.num.messages
  • batch.size
  • sticky.partitioning.linger.ms

felixschlegel added a commit to felixschlegel/swift-kafka-client that referenced this issue Jul 14, 2023
@felixschlegel
Type-safe Security Configurations
81621d3 
> Adds some of the missing properties from swift-server#46.

Motivation:

We were lacking some of the security protocol configuration options and
want to provide them in a type-safe manner.

Modifications:

* Created a new file `KafkaConfiguration+Security.swift`
    * add `public struct` `SSLConfiguration`
    * add `public struct` `SASLMechanism`
    * add `public struct` `KerberosConfiguration`
    * add `public struct` `OAuthBearerMethod`
    * add `public struct` `SecurityProtocol`
* integrate `KafkaConfiguration.SSLOptions` in new types
* integrate `KafkaConfiguration.SASLOptions` in new types
@felixschlegel felixschlegel mentioned this issue Jul 14, 2023
Merged
felixschlegel added a commit to felixschlegel/swift-kafka-client that referenced this issue Jul 14, 2023
@felixschlegel
Type-safe Security Configurations
1d10d99 
> Adds some of the missing properties from swift-server#46.

Motivation:

We were lacking some of the security protocol configuration options and
want to provide them in a type-safe manner.

Modifications:

* add Kerberos support
* add OAuthBearer support
* Created a new file `KafkaConfiguration+Security.swift`
    * add `public struct` `SSLConfiguration`
    * add `public struct` `SASLMechanism`
    * add `public struct` `KerberosConfiguration`
    * add `public struct` `OAuthBearerMethod`
    * add `public struct` `SecurityProtocol`
* integrate `KafkaConfiguration.SSLOptions` in new types
* integrate `KafkaConfiguration.SASLOptions` in new types
felixschlegel added a commit to felixschlegel/swift-kafka-client that referenced this issue Jul 17, 2023
@felixschlegel
Type-safe Security Configurations
b7d57fb 
> Adds some of the missing properties from swift-server#46.

Motivation:

We were lacking some of the security protocol configuration options and
want to provide them in a type-safe manner.

Modifications:

* add Kerberos support
* add OAuthBearer support
* Created a new file `KafkaConfiguration+Security.swift`
    * add `public struct` `SSLConfiguration`
    * add `public struct` `SASLMechanism`
    * add `public struct` `KerberosConfiguration`
    * add `public struct` `OAuthBearerMethod`
    * add `public struct` `SecurityProtocol`
* integrate `KafkaConfiguration.SSLOptions` in new types
* integrate `KafkaConfiguration.SASLOptions` in new types
FranzBusch pushed a commit that referenced this issue Jul 18, 2023
@felixschlegel
Type-safe Security Configuration (#88)
1024f29 
* Type-safe Security Configurations

> Adds some of the missing properties from #46.

Motivation:

We were lacking some of the security protocol configuration options and
want to provide them in a type-safe manner.

Modifications:

* add Kerberos support
* add OAuthBearer support
* Created a new file `KafkaConfiguration+Security.swift`
    * add `public struct` `SSLConfiguration`
    * add `public struct` `SASLMechanism`
    * add `public struct` `KerberosConfiguration`
    * add `public struct` `OAuthBearerMethod`
    * add `public struct` `SecurityProtocol`
* integrate `KafkaConfiguration.SSLOptions` in new types
* integrate `KafkaConfiguration.SASLOptions` in new types

* Fix failing test

* Changes David

Modifications:

* go from `KafkaConfiguration.Key` type into more specific types:
    * `LeafAndIntermediates` to extract the public Key
    * `PrivateKey`
    * `RootCertificate`
* `RootCertificate`: add two new options
    * `probe` (default): probe list of standard paths and make first
     certificate found root default root certificate location path
    * `disableBrokerVerification`: disable broker verification entirely
* `KafkaConfiguration+Security`:
    * turn `static func`s without parameters into `static let`s for our
      enum-like `public structs`

* Review David

Modifications:

* add `public init` to `KafkaConfiguration.SASLMechanism.KerberosConfiguration`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@felixschlegel