Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[exporter/kafkaexporter] added an option to disable kerberos PA-FX-FAST negotiation #33086

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

[exporter/kafkaexporter] added an option to disable kerberos PA-FX-FAST negotiation #33086

wants to merge 9 commits into from

Conversation

sy-be
Copy link

@sy-be sy-be commented May 16, 2024
edited

Description:
Added the disable_fast_negotiation configuration option for Kafka Kerberos authentication. This option allows users to disable the PA-FX-FAST negotiation, which can cause issues when Active Directory is not configured to support it. This change ensures that Kafka Exporters can function correctly in such environments.

Link to tracking Issue: 26345

Testing:

  • Added unit tests to verify the behaviour of the disable_fast_negotiation option in the KerberosConfig struct.
  • Tests include scenarios where disable_fast_negotiation is set to both true and false, ensuring that the configuration is correctly applied.

Documentation:

  • Updated README files which describe the new configuration option
  • Updated the changelog to reflect the addition of the disable_fast_negotiation configuration option.

@sy-be sy-be requested review from MovieStoreGuy, a team and dmitryax as code owners May 16, 2024 08:45
@github-actions github-actions bot requested a review from pavolloffay May 16, 2024 08:45
@sy-be sy-be mentioned this pull request May 16, 2024
Open
@MovieStoreGuy
Copy link
Contributor

It looks like the file needs to formatted before it can be merged, do you mind @sy-be sorting that out?

@sy-be
Copy link
Author

sy-be commented May 20, 2024

@MovieStoreGuy , thanks for looking! I have updated the PR with linter fixes (a missing newline). Could you please rerun the workflows? Thanks!

@sy-be sy-be requested a review from MovieStoreGuy May 23, 2024 07:56
@sy-be
Copy link
Author

sy-be commented May 28, 2024

@MovieStoreGuy, @dmitryax, @atoulme can anyone please take a look at this? 🙏 Thanks!

crobert-1
crobert-1 reviewed May 31, 2024
View reviewed changes
.chloggen/kafka-DisablePAFXFAST-kerberos-auth.yaml Outdated Show resolved Hide resolved
exporter/kafkaexporter/README.md Outdated
@@ -68,6 +68,7 @@ The following settings can be optionally configured:
- `password`: The Kerberos password used for authenticate with KDC
- `config_file`: Path to Kerberos configuration. i.e /etc/krb5.conf
- `keytab_file`: Path to keytab file. i.e /etc/security/kafka.keytab
- `disable_fast_negotiation`: Disable PA-FX-FAST negotiation (Pre-Authentication Framework - Fast). Some common Kerberos implementations do not support PA-FX-FAST negotiation.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a note in all of the READMEs that this is false by default?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

@sy-be sy-be requested a review from crobert-1 May 31, 2024 15:04
@crobert-1 crobert-1 added the ready to merge Code review completed; ready to merge by maintainers label May 31, 2024
@LucaLanziani LucaLanziani mentioned this pull request Jun 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crobert-1 crobert-1 crobert-1 approved these changes

@dmitryax dmitryax Awaiting requested review from dmitryax dmitryax is a code owner

@pavolloffay pavolloffay Awaiting requested review from pavolloffay

@MovieStoreGuy MovieStoreGuy Awaiting requested review from MovieStoreGuy MovieStoreGuy is a code owner

Assignees

@atoulme atoulme

Labels
exporter/kafka internal/kafka ready to merge Code review completed; ready to merge by maintainers receiver/kafka receiver/kafkametrics
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sy-be @MovieStoreGuy @crobert-1 @atoulme