keda
keda copied to clipboard
kedacore
Provide support for using SAS token in Service Bus scaler
Proposal
Provide support for using SAS token in Service Bus scaler.
Use-Case
Different scenario for authentication, similar to https://github.com/kedacore/keda/issues/2705
Anything else?
No response
@tomkerkhove quick doubt - SAS authentication is currently handled if it's provided through the connection string. Are we looking at a provision to use SAS token other than through connection string?
If that's the case then we can close it, I thought we didn't support that yet.
Thanks for checking!
@tomkerkhove @SushmithaVReddy I try to setup scaledObject with trigger "azure-servicebus" that uses SAS token(trigger authentication ---> k8s secret). At the current moment KEDA 2.6 doesn't support this feature.
When I deploy the scaledObject with SAS token, I get ' "Endpoint" must not be empty' error message.
https://github.com/Azure/azure-amqp-common-go/blob/6b7304f631077f049a7249a2f36fe87e5c27b674/conn/conn.go#L100
Could you try to use new lib for Azure Service Bus where you can send SAS token as connection parameter?
https://github.com/Azure/azure-sdk-for-go/blob/241bdb849ce431e1a5e398a5649cde93149ee374/sdk/messaging/azservicebus/client.go#L92
Hi @zzhakhin , are you using a key value pair like "connectionString" : " Endpoint=sb://
Hi @SushmithaVReddy. These are my setup
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: worker-scaledobject
namespace: somenamespace
spec:
scaleTargetRef:
name: nameofpod
pollingInterval: 30
cooldownPeriod: 300
minReplicaCount: 1
maxReplicaCount: 3
advanced:
restoreToOriginalReplicaCount: true
triggers:
- type: azure-servicebus
metadata:
queueName: queue-name
messageCount: "5"
authenticationRef:
name: worker-trigger-authentication
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: worker-trigger-authentication
namespace: somenamespace
spec:
secretTargetRef:
- parameter: connection
name: worker-queue-secret
key: queue-connection-string
And I create secret with key:value
queue-connection-string='SharedAccessSignature sr=https://servicebussand.servicebus.windows.net/queue-name&sig=<Signature>&se=<Unixtime>&skn=root'
@zzhakhin thanks for sharing the yaml content. You are getting the Endpoint can't be null error because the connection string you are providing in your secret doesn't have endpoint information. For eg: Connection string can be defined in two ways
- Endpoint=sb://
.servicebus.windows.net/;SharedAccessKeyName= ;SharedAccessKey= - Endpoint=sb://
.servicebus.windows.net;SharedAccessSignature=SharedAccessSignature sr= .servicebus.windows.net&sig= &se= &skn=
I understand you want to use the 2nd way of pointing connection string. If that's the case, yes, keda doesn't support it yet.(tag: @tomkerkhove )
We use the older Service Bus sdk .
It only supports connection strings of the first type -
Endpoint=sb://<sb>.servicebus.windows.net/;SharedAccessKeyName=<key name>;SharedAccessKey=<key value>
and not
Endpoint=sb://<sb>.servicebus.windows.net;SharedAccessSignature=SharedAccessSignature sr=<sb>.servicebus.windows.net&sig=<base64-sig>&se=<expiry>&skn=<keyname>
In fact, if I recall correctly, service bus is not the only place we use the older Azure SDKs. We should ideally be migrating to the newer versions for all of the Azure scalers.
@tomkerkhove should we work on migrating to the sdk that seems to be maintained - https://github.com/Azure/azure-sdk-for-go
Endpoint=sb://<sb>.servicebus.windows.net;SharedAccessSignature=SharedAccessSignature sr=<sb>.servicebus.windows.net&sig=<base64-sig>&se=<expiry>&skn=<keyname>
The goal of the issue was actually to support this scenario which I thought we were supporting but I've misread. Can you work on this please @SushmithaVReddy?
@tomkerkhove quick pointer - https://github.com/Azure/azure-sdk-for-go/blob/main/README.md requires go1.18+ and keda supports go1.17+ , so we'll have to modify this https://github.com/kedacore/keda/blob/ac86c9455b9c2272b3e0158457587d9869da8b07/go.mod#L3 to 1.18 . Let me know if this understanding is right and any repercussions on customers using <= 1.17.
Let's do a seperate PR to bump to go 1.18 unless @kedacore/keda-maintainers don't agree?
But we might want to hold this off until KEDA 2.7 is shipped on thursday.
I don't have any strong opinion about that, but I'm really interested on @zroubalik opinion here
@tomkerkhove if we have to do this separately we'll have to 1st migrate KEDA to 1.18 and only then push fix for https://github.com/kedacore/keda/issues/2920.
@zroubalik Any reason why we didn't go to 1.18 in https://github.com/kedacore/keda/pull/3019?
@tomkerkhove 1.18 is relatively new. I want to wait a couple of micro release for it. And also majority of libs that we depend on (k8s) aren't build on top of 1.18. It might bring problems with code generators etc.
Then we should revise this, unless the limitation is just for Azure Service Bus.
They migrated to 1.18 in March as per this PR. But I don't think they're using any of the new 1.18 features.
Honestly, it's confusing as to how this repo works to me. It's a monorepo with all of SDKs for multiple Azure offerings. Some of them have individual go.mod files, some of them don't. There are also multiple versions of the same package in the repo so that users can import older ones if required.
It's a bit of a headache.