Kafka Connector

Last modified 20 Aug 2021 09:09 +02:00

Identity connector for a special integration pattern using Kafka.

Functionality	experimental
Development status	dormant (not developed actively, but still somehow maintained)
Support status	unknown
Origin	Evolveum
Support provided by	Evolveum
Target systems	Kafka server
Source code	https://github.com/Evolveum/connector-kafka

Kafka connector was implemented for Kafka server with formatted data by avro scheme from Schema Registry server. Connector was tested with midPoint 4.1. Connector can work as Consumer (only read data from topic), Producer (only write data to topic) or both (write data to one topic and read data from another topic).

Capabilities and Features

Provisioning	YES
Live Synchronization	YES (connector unsupported typical read operation, however read identity by Live Synchronization)
Password	YES
Activation	YES
Paging support	NO
Scripting	NO

Provisioning

YES

Live Synchronization

YES (connector unsupported typical read operation,
however read identity by Live Synchronization)

Password

YES

Activation

YES

Paging support

Scripting

Versions

ONLY SNAPSHOT

Licensing

The connector itself is available under the terms of Apache License 2.0. To our best knowledge there is no extra license needed to use this connector. (Additional licensing terms and conditions may apply with services on which the connector is used).

Known limitations

During creating of this connector were detecting some limitations:

Unsupported typical read operation, read identities by Live Synchronization
Support createOp, updateDeltaOp and DeleteOp, however for updateDeltaOp need whole object, so all changed and unchanged attributes
Avro schema have more types, however midPoint support only primitive types(boolean, double, bytes, float, int, long and string), array of primitive type, record and union of two types, where one is null and second is array or primitive type. So midPoint unsupported enum, map and fixed

Schema

Schema for connector is generated from avro schema. When the connector is only Consumer avro schema will get from Schema Registry server. But when the connector is Producer, then the schema will get from file and will push to Schema Registry server. If some attribute in avro schema have default value is optional, failing which it is required. For example :

Example of avro schema

{
  "namespace": "com.evolveum.test",
  "type": "record",
  "name": "test_schema",
  "fields": [
    {
      "name": "username",
      "type": "string"
    },
    {
      "name": "full_name",
      "type": ["string", "null"],
      "default": null
    },
    {
      "name": "favorite_number",
      "type": ["int", "null"],
      "default": null
    },
    {
      "name": "favorite_color_array",
      "type": [{
      		"type": "array",
      		"items": "string"
              }, "null" ],
      "default": null
    },
    {
      "name": "address",
      "type": {
	    "name": "address_insade",
		"type": "record",
      	"fields": [
          {
            "name": "street",
       	    "type": ["string", "null"],
		    "default": null
          },
          {
      	    "name": "number",
      		"type": ["int", "null"],
      		"default": null
    	  }
	    ]
	  }
    }
  ]
}

Certificate Renewal

This connector support possibility automatically renewal certificate and primary key for communication with Kafka server and Schema Registry server.

Configuration

Schema Registry

Name	Description	Required	Type
schemaRegistryUrl	URL of schema registry to which this client connects to. For ex: http://localhost:9090/api/v1	true	String
pathToMorePropertiesForSchemaRegistry	Path to file with next configuration properties for Schema Registry client	false	String
schemaRegistrySslProtocol	SSL protocol for schema registry	false	String

Name

Description

Required

Type

schemaRegistryUrl

URL of schema registry to which this client connects to. For ex: http://localhost:9090/api/v1

true

String

pathToMorePropertiesForSchemaRegistry

Path to file with next configuration properties for Schema Registry client

false

String

schemaRegistrySslProtocol

SSL protocol for schema registry

false

String

Certificate Renewal

Name	Description	Required	Type
ssoUrlRenewal	Url of SSO service for Certificate renewal service	false	String
serviceUrlRenewal	Url for Certificate renewal service	false	String
usernameRenewal	Username for authentication to SSO service	false	String
passwordRenewal	Password for authentication to SSO service	false	GuardedString
clientIdRenewal	Client id for authentication to SSO service	false	String
intervalForCertificateRenewal	Interval in minutes, which define how long before expiration of certificate, it will be renewal. It doesn’t have default value, so compare only actual time with expiration time.	false	Integer
sslPrivateKeyEntryAlias	Alias for primary key in keystore.	false	String
sslPrivateKeyEntryPassword	Password for primary key in keystore.	false	GuardedString
sslTrustCertificateAliasPrefix	With this prefix have to start every alias of certificate, which should be renewal. Sufix is number started from 0. For example prefix is 'caroot', so aliases have to be 'caroot0', 'caroot1', 'caroot2'… If one number will be miss next will not be processed.	false	String

Name

Description

Required

Type

ssoUrlRenewal

Url of SSO service for Certificate renewal service

false

String

serviceUrlRenewal

Url for Certificate renewal service

false

String

usernameRenewal

Username for authentication to SSO service

false

String

passwordRenewal

Password for authentication to SSO service

false

GuardedString

clientIdRenewal

Client id for authentication to SSO service

false

String

intervalForCertificateRenewal

Interval in minutes, which define how long before expiration of certificate, it will be renewal. It doesn’t have default value, so compare only actual time with expiration time.

false

Integer

sslPrivateKeyEntryAlias

Alias for primary key in keystore.

false

String

sslPrivateKeyEntryPassword

Password for primary key in keystore.

false

GuardedString

sslTrustCertificateAliasPrefix

With this prefix have to start every alias of certificate, which should be renewal. Sufix is number started from 0. For example prefix is 'caroot', so aliases have to be 'caroot0', 'caroot1', 'caroot2'… If one number will be miss next will not be processed.

false

String

Common Properties for Consumer and Producer

Name	Description	Required	Type
useOfConnector	Kafka connector can be use as Consumer(CONSUMER), Producer(PRODUCER) or both Consumer and Producer(CONSUMER_AND_PRODUCER). Consumer can read data from Kafka server and Producer can write data to Kafka server. So possible value are 'CONSUMER', 'PRODUCER' and 'CONSUMER_AND_PRODUCER'.	true	String
uniqueAttribute	Name of unique attribute in avro schema.	true	String
nameAttribute	Name attribute for account in a resource. In most cases, it is equal to unique attribute, but there can be differences.	false	String
passwordAttribute	Password attribute for account in a resource.	false	String
bootstrapServers	Bootstrap servers property is a comma-separated list of host and port pairs that are the addresses of the Kafka brokers.	true	String
nameOfSchema	Name of used avro schema. When this connector is only Consumer this schema will get from Schema Registry server. But when connector is Producer, then schema will get from file and will push to Schema Registry server.	true	String
kafkaSecurityProtocol	Security protocol for Kafka Server.	false	String
sslKeyStoreType	Ssl key store type used for Kafka Server and Schema Registry server.	false	String
sslKeyStorePath	Ssl key store path used for Kafka Server and Schema Registry server.	false	String
sslKeyStorePassword	Ssl key store password used for Kafka Server and Schema Registry server.	false	GuardedString
sslKeyStoreProvider	Ssl key store provider used for Kafka Server and Schema Registry server.	false	String
sslKeyPassword	Ssl key password used for Kafka Server and Schema Registry server.	false	GuardedString
sslKeyManagerFactoryProvider	Ssl key manager factory provider used for Kafka Server and Schema Registry server.	false	String
sslKeyManagerFactoryAlgorithm	Ssl key manager factory algorithm used for Kafka Server and Schema Registry server.	false	String
sslTrustStoreType	Ssl trust store type used for Kafka Server and Schema Registry server.	false	String
sslTrustStorePath	Ssl trust store path used for Kafka Server and Schema Registry server.	false	String
sslTrustStorePassword	Ssl trust store password used for Kafka Server and Schema Registry server.	false	GuardedString
sslTrustStoreProvider	Ssl trust store provider used for Kafka Server and Schema Registry server.	false	String
sslTrustManagerFactoryProvider	Ssl trust manager factory provider used for Kafka Server and Schema Registry server.	false	String
sslTrustManagerFactoryAlgorithm	Ssl trust manager factory algorithm used for Kafka Server and Schema Registry server.	false	String

Name

Description

Required

Type

useOfConnector

Kafka connector can be use as Consumer(CONSUMER), Producer(PRODUCER) or both Consumer and Producer(CONSUMER_AND_PRODUCER). Consumer can read data from Kafka server and Producer can write data to Kafka server. So possible value are 'CONSUMER', 'PRODUCER' and 'CONSUMER_AND_PRODUCER'.

true

String

uniqueAttribute

Name of unique attribute in avro schema.

true

String

nameAttribute

Name attribute for account in a resource. In most cases, it is equal to unique attribute, but there can be differences.

false

String

passwordAttribute

Password attribute for account in a resource.

false

String

bootstrapServers

Bootstrap servers property is a comma-separated list of host and port pairs that are the addresses of the Kafka brokers.

true

String

nameOfSchema

Name of used avro schema. When this connector is only Consumer this schema will get from Schema Registry server. But when connector is Producer, then schema will get from file and will push to Schema Registry server.

true

String

kafkaSecurityProtocol

Security protocol for Kafka Server.

false

String

sslKeyStoreType

Ssl key store type used for Kafka Server and Schema Registry server.

false

String

sslKeyStorePath

Ssl key store path used for Kafka Server and Schema Registry server.

false

String

sslKeyStorePassword

Ssl key store password used for Kafka Server and Schema Registry server.

false

GuardedString

sslKeyStoreProvider

Ssl key store provider used for Kafka Server and Schema Registry server.

false

String

sslKeyPassword

Ssl key password used for Kafka Server and Schema Registry server.

false

GuardedString

sslKeyManagerFactoryProvider

Ssl key manager factory provider used for Kafka Server and Schema Registry server.

false

String

sslKeyManagerFactoryAlgorithm

Ssl key manager factory algorithm used for Kafka Server and Schema Registry server.

false

String

sslTrustStoreType

Ssl trust store type used for Kafka Server and Schema Registry server.

false

String

sslTrustStorePath

Ssl trust store path used for Kafka Server and Schema Registry server.

false

String

sslTrustStorePassword

Ssl trust store password used for Kafka Server and Schema Registry server.

false

GuardedString

sslTrustStoreProvider

Ssl trust store provider used for Kafka Server and Schema Registry server.

false

String

sslTrustManagerFactoryProvider

Ssl trust manager factory provider used for Kafka Server and Schema Registry server.

false

String

sslTrustManagerFactoryAlgorithm

Ssl trust manager factory algorithm used for Kafka Server and Schema Registry server.

false

String

Consumer

If some from next property is required, so it is required when use connector as Consumer.

Name	Description	Required	Type
consumerNameOfTopic	Name of the topic, from which the connector will read.	true	String
consumerVersionOfSchema	Version of avro schema, which connector use. If connector is Producer this property will be automatically updated.	true	Integer
consumerGroupId	A unique string that identifies the consumer group this consumer belongs to.	true	String
consumerPartitionOfTopic	List partitions of topic, from which the connector will read. List is a comma-separated, for example '1,2,3,5-7'. Default value is 0.	false	String
consumerDurationIfFail	The time, in minutes, spent waiting in poll if data is not available in the buffer. Default value is 2.	false	Integer
consumerMaxRecords	The maximum number of records returned in a single call.	false	Integer
pathToMorePropertiesForConsumer	Path to file with next configuration properties for Consumer.	false	String

Name

Description

Required

Type

consumerNameOfTopic

Name of the topic, from which the connector will read.

true

String

consumerVersionOfSchema

Version of avro schema, which connector use. If connector is Producer this property will be automatically updated.

true

Integer

consumerGroupId

A unique string that identifies the consumer group this consumer belongs to.

true

String

consumerPartitionOfTopic

List partitions of topic, from which the connector will read. List is a comma-separated, for example '1,2,3,5-7'. Default value is 0.

false

String

consumerDurationIfFail

The time, in minutes, spent waiting in poll if data is not available in the buffer. Default value is 2.

false

Integer

consumerMaxRecords

The maximum number of records returned in a single call.

false

Integer

pathToMorePropertiesForConsumer

Path to file with next configuration properties for Consumer.

false

String

Producer

If some from next property is required, so it is required when use connector as Producer.

Name	Description	Required	Type
producerPathToFileContainingSchema	Path to the file, which contains avro schema.	true	String
producerNameOfTopic	Name of the topic, from which the connector will write.	true	String
pathToMorePropertiesForProducer	Path to file with next configuration properties for Producer.	false	String

Name

Description

Required

Type

producerPathToFileContainingSchema

Path to the file, which contains avro schema.

true

String

producerNameOfTopic

Name of the topic, from which the connector will write.

true

String

pathToMorePropertiesForProducer

Path to file with next configuration properties for Producer.

false

String

Was this page helpful?

YES NO

Thanks for your feedback