Skip to content

Security

Py2K is built on top of the confluent-kafka python package which uses librdkafka configuration for authentication.

SSL Authentication Example

SSL authentication is built into the base Py2K wheels.

As an example, the below config and setup will work:

from py2k.writer import KafkaWriter

cert_config = {
    'ssl.ca.location': '/path/to/ca.pem',
    'ssl.certificate.location': '/path/to/cert.pem',
    'ssl.key.location': '/path/to/ssl.key',
}

topic = 'mytopic'
schema_registry_config = {'url': 'https://schemaregistry.com', **cert_config}
producer_config = {
    'bootstrap.servers': 'bootstrapservers.com',
    'security.protocol': 'ssl',
    **cert_config,
}

writer = KafkaWriter(
    topic=topic,
    schema_registry_config=schema_registry_config,
    producer_config=producer_config,
)

SASL_SSL Kerberos Authentication Example

Info

The Py2K installation install confluent-kafka for you, however the base confluent-kafka librdkafka linux wheel is not built with SASL Kerberos/GSSAPI support and if you required this you will need to install the wheels on your system first. For a guide, see here

Once you've built from source you can use a similar base config to below:

from py2k.writer import KafkaWriter

cert_config = {
    'ssl.ca.location': '/path/to/ca.pem',
    'ssl.certificate.location': '/path/to/cert.pem',
    'ssl.key.location': '/path/to/ssl.key',
}

topic = 'mytopic'
schema_registry_config = {'url': 'https://schemaregistry.com', **cert_config}
producer_config = {
    'bootstrap.servers': 'bootstrapservers.com',
    'security.protocol': 'SASL_SSL',
    'sasl.kerberos.principal': 'principal@DOMAIN',
    'sasl.kerberos.keytab': '/path/to/principal.keytab',
    **cert_config,
}

writer = KafkaWriter(
    topic=topic,
    schema_registry_config=schema_registry_config,
    producer_config=producer_config,
)