gaborgsomogyi commented on a change in pull request #24305: [SPARK-27294][SS] Add multi-cluster Kafka delegation token URL: https://github.com/apache/spark/pull/24305#discussion_r275695219
########## File path: external/kafka-0-10-token-provider/src/main/scala/org/apache/spark/kafka010/KafkaTokenSparkConf.scala ########## @@ -0,0 +1,87 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.spark.kafka010 + +import org.apache.kafka.common.security.auth.SecurityProtocol.SASL_SSL + +import org.apache.spark.SparkConf +import org.apache.spark.internal.Logging +import org.apache.spark.internal.config.Kafka + +private[spark] case class KafkaTokenClusterConf( + identifier: String, + bootstrapServers: String, + securityProtocol: String, + kerberosServiceName: String, + trustStoreLocation: Option[String], + trustStorePassword: Option[String], + keyStoreLocation: Option[String], + keyStorePassword: Option[String], + keyPassword: Option[String], + tokenMechanism: String) { + override def toString: String = s"KafkaTokenClusterConf{" + s"identifier=$identifier, " + + s"bootstrapServers=$bootstrapServers, " + s"securityProtocol=$securityProtocol, " + + s"kerberosServiceName=$kerberosServiceName, " + + s"trustStoreLocation=$trustStoreLocation, " + + s"trustStorePassword=${trustStorePassword.map(_ => "xxx")}, " + + s"keyStoreLocation=$keyStoreLocation, " + s"keyStorePassword=${keyStorePassword.map(_ => "xxx")}, " + + s"keyPassword=${keyPassword.map(_ => "xxx")}, " + + s"tokenMechanism=$tokenMechanism}" +} + +private[spark] class KafkaTokenSparkConf(sparkConf: SparkConf) extends Logging { + def getClusterIdentifiers(): Array[String] = { + val result = sparkConf.get(Kafka.CLUSTERS) match { Review comment: Since I ran out of ideas I thought there is a tradeoff between having redundant `bootstrapServers` configuration vs introducing new API for a new feature I considered the second is a better option. I see your point about the one-time significant cost to adapt all the applications which can make upgrade an expensive operation for heavy users with lot of apps. It makes sense. Without API change I see only this option left: * `bootstrapServers` configured on token side (admin task) * Spark obtains and stores tokens together with the configured `bootstrapServers` * `bootstrapServers` configured on app side (app dev task and this case existing apps don't have to be touched) * When token needed Spark checks every stored tokens `bootstrapServers` and if there is an intersection with the app side configuration then it will use it This approach makes an assumption that there is an intersection between the 2 `bootstrapServers` configs as we've discussed previously. Please elaborate if you thought something better when you've written this > I think if you could do the mapping entirely in the config, and let the application just define the broker it wants to use, that's much much better. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
