Expose disable_fast_negotiation
for kafka krb5
auth method
#1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Adds a disable_fast_negotiation config option to the kafkareceiver, kafkametricsreceiver and kafkaexporter that allows PA_FX_FAST pre-authentication FAST negotiation to be disabled. This is required to allow auth using (some?) ActiveDirectory controllers.
See:
https://github.com/jcmturner/gokrb5/blob/master/USAGE.md#active-directory-kdc-and-fast-negotiation
I named the option to match a similar one in Vault.
https://developer.hashicorp.com/vault/docs/auth/kerberos#disable_fast_negotiation
Link to tracking Issue: open-telemetry#26345
Link to the official PR: open-telemetry#26346
Testing:
I've added a unit tetst to check that it is plumbed through to the sarama library, but I've not tested the built binary.
Documentation:
Added the option to the relevant
README
files.