Skip to content

Add support for basic auth to Kafka schema registry #25456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add support for basic auth to Kafka schema registry #25456

wants to merge 3 commits into from

Conversation

derbeneviv
Copy link

Description

This is a clone of #23317
add config options to pass username\password to confluent schema registry for kafka plugin

due to GitHub limitations (see isaacs/github#361) i've re-created the MR

Additional context and related issues

resolves #12195 and #22679

Release notes

Release notes are required. Please propose a release note for me.

@cla-bot cla-bot
Copy link

cla-bot bot commented Mar 29, 2025

Thank you for your pull request and welcome to our community. We could not parse the GitHub identity of the following contributors: DERBENEV Ivan V.
This is most likely caused by a git client misconfiguration; please make sure to:

  1. check if your git client is configured with an email to sign commits git config --list | grep email
  2. If not, set it up using git config --global user.email [email protected]
  3. Make sure that the git commit email is configured in your GitHub account settings, see https://github.com/settings/emails

@github-actions github-actions bot added the kafka Kafka connector label Mar 29, 2025
@derbeneviv derbeneviv changed the title update to master, fix comments 12195 - add user\pass to kafka schema registry Mar 29, 2025
@derbeneviv derbeneviv mentioned this pull request Mar 29, 2025
Closed
@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch from 6129124 to 8ca276e Compare March 29, 2025 18:38
@cla-bot cla-bot bot added the cla-signed label Mar 29, 2025
@mosabua
Copy link
Member

mosabua commented Mar 29, 2025

Please change commit message and add authored by tags from the original PR

@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch from 8ca276e to e91708f Compare March 29, 2025 21:53
@derbeneviv
Copy link
Author

@mosabua i've updated commit message, what do you mean by "authored by tags from the original PR"?
working on tests right now

@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch 2 times, most recently from 270e91f to 2c32e0c Compare March 31, 2025 11:56
@derbeneviv
Copy link
Author

So i guess i've passed all the CI checks, can i have a review?
There were people complaining this is crucial for them for trino+kafka
i think @Praveen2112 and @hashhar were reviewers in a previous version of this MR

ebyhr
ebyhr reviewed Mar 31, 2025
View reviewed changes
Copy link
Member

@ebyhr ebyhr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a test with dockerized schema registry?

@ebyhr ebyhr changed the title 12195 - add user\pass to kafka schema registry Add support for basic auth to Kafka schema registry Mar 31, 2025
@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch from 710705d to 046ea5e Compare April 3, 2025 12:34
@derbeneviv
Copy link
Author

i've also updated confluent version in TestKafkaLatestConnectorSmokeTest.java to the value set in DEFAULT_CONFLUENT_PLATFORM_VERSION

@derbeneviv
Copy link
Author

@ebyhr

Can we add a test with dockerized schema registry?

i'm not sure i'm competent enough to do it from scratch. Is there a reference i can look at?

@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch 2 times, most recently from 6df04e6 to 4420c09 Compare April 3, 2025 13:08
@derbeneviv
Copy link
Author

also i don't understand - why is CI checking commit which was already overridden?
https://github.com/trinodb/trino/actions/runs/14243784278/job/39919657078?pr=25456

@ebyhr ebyhr force-pushed the 12195-add-credentials-to-kafka-schema-registry branch from 4420c09 to 54291d4 Compare April 6, 2025 22:15
@ebyhr
Copy link
Member

ebyhr commented Apr 8, 2025

Is there a reference i can look at?

It seems there is https://hub.docker.com/r/confluentinc/cp-schema-registry. You can refer to TestingPostgreSqlServer for understanding how to use docker container in tests.

@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch 3 times, most recently from 57e0316 to c4aad06 Compare April 14, 2025 15:55
@derbeneviv
Copy link
Author

@ebyhr done, i guess

@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch from c4aad06 to 7da2e2e Compare April 15, 2025 15:08
@derbeneviv
Add tests for confluent schema registry with basic auth
174522f 
Add basicauth option to authorize to kafka schema registry
Update the code to master upstream
@derbeneviv
rewrite tests for basic auth confluent schema registry
3ccc2a2
@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch from 7da2e2e to b7d0575 Compare April 16, 2025 10:26
@github-actions github-actions bot added the docs label Apr 16, 2025
@derbeneviv
Copy link
Author

Added doc section
@ebyhr would be great if you can review

@derbeneviv derbeneviv force-pushed the 12195-add-credentials-to-kafka-schema-registry branch from b7d0575 to b721aa6 Compare April 16, 2025 10:52
Praveen2112
Praveen2112 reviewed Apr 16, 2025
View reviewed changes
.../src/main/java/io/trino/plugin/kafka/schema/KafkaSchemaRegistryClientPropertiesProvider.java
Comment on lines +35 to +42
if (basicAuthConfig.isPresent()) {
auth = new ConfluentSchemaRegistryBasicAuth(
basicAuthConfig.get().getConfluentSchemaRegistryUsername(),
basicAuthConfig.get().getConfluentSchemaRegistryPassword());
}
else {
auth = new ConfluentSchemaRegistryNoAuth();
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use guice magic here ? i.e based on the config we could directly inject ConfluentSchemaRegistryBasicAuth or ConfluentSchemaRegistryNoAuth

plugin/trino-kafka/src/main/java/io/trino/plugin/kafka/schema/confluent/BasicAuthConfig.java

@Config("kafka.confluent-schema-registry.basic-auth.username")
@ConfigDescription("The username for the Confluent Schema Registry")
public BasicAuthConfig setConfluentSchemaRegistryUsername(String username)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add ConfigSecuritySensitive to ensure it is masked as a part of bootstrap logs ?

...afka/src/main/java/io/trino/plugin/kafka/schema/confluent/ConfluentSchemaRegistryConfig.java
@@ -54,6 +62,19 @@ public ConfluentSchemaRegistryConfig setConfluentSchemaRegistryUrls(Set<String>
return this;
}

public Optional<ConfluentSchemaRegistryAuthType> getConfluentSchemaRegistryAuthType()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need it to be Optional ?

.../src/main/java/io/trino/plugin/kafka/schema/KafkaSchemaRegistryClientPropertiesProvider.java
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The first commit is not specific to adding tests right ?

...va/io/trino/plugin/kafka/schema/confluent/TestKafkaWithConfluentSchemaRegistryBasicAuth.java
}

@Test
public void testBasicTopicBasicAuth2()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

testTopicMixedCaste

...va/io/trino/plugin/kafka/schema/confluent/TestKafkaWithConfluentSchemaRegistryBasicAuth.java
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we apply the trino test guidelines here ?

testing/trino-testing-kafka/src/main/java/io/trino/testing/kafka/TestingKafka.java
schemaRegistryLogTemplate,
"/etc/confluent/docker/log4j.properties.template")
.dependsOn(kafka);
if (this.withBasicAuth) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of adding withBasicAuth flag - Can we extract SchemaRegistry container outside TestingKafka or have some sort of abuilder for them ?

testing/trino-testing-kafka/src/main/resources/schema_registry_password-file
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any readme file on how did we create this file would be helpful.

.../test/java/io/trino/plugin/kafka/schema/confluent/KafkaWithConfluentSchemaRegistryUtils.java
import static org.junit.jupiter.api.parallel.ExecutionMode.SAME_THREAD;

@Execution(SAME_THREAD)
public class KafkaWithConfluentSchemaRegistryUtils
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it Utils class or some test class ? In case of Utils only class it should be final in case of test class can we have Test as prefix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ebyhr ebyhr ebyhr left review comments

@Praveen2112 Praveen2112 Praveen2112 left review comments

Assignees

@derbeneviv derbeneviv

Labels
cla-signed docs kafka Kafka connector
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support to Kafka connector for connecting to secured Schema Registry
4 participants
@derbeneviv @mosabua @ebyhr @Praveen2112