kafka-connect-cosmosdb icon indicating copy to clipboard operation
kafka-connect-cosmosdb copied to clipboard

Published 20 hours ago verified publisher icon microsoft

Connector needs to have config validators

Open ryancrawcour opened this issue 3 years ago • 6 comments

## Problem Statement When entering configuration for the connector it would be great if these config values could be validated whilst registering the connector instead of @ runtime when the connector tries to start.

## Proposed Solution Kafka Connect supports connector config validation. Implement this for the sink connector config properties. Ensure common, Sink and Source config values all have validators and recommendors as appropriate.

Validations to add -

  • [x] validate database name is valid
  • [x] validation container name is valid
  • [ ] validate that the topic(s) are valid

## Additional context https://www.confluent.io/blog/write-a-kafka-connect-connector-with-configuration-handling/

Next Steps

  • [x] Team consensus to proceed
  • [ ] Schedule Design Session
  • [ ] Complete Design Review

ryancrawcour avatar Mar 29 '21 21:03 ryancrawcour

@ryancrawcour I see the following in CosmosClientBuilder::key javadoc

Sets either a master or readonly key used to perform authentication for accessing resource. Params: key – master or readonly key Returns: current Builder.

This implies that a readonly key could also be used to create the client. Is there a good way to validate that the client is created with a master key containing required ALL permission to create/write to database/container?

ncliang avatar Mar 30 '21 03:03 ncliang

This implies that a readonly key could also be used to create the client. Is there a good way to validate that the client is created with a master key containing required ALL permission to create/write to database/container?

that's a good point. i forget about the read-only key. not sure the best way to validate that the key being used is a master key, not a read-only key.

@kushagraThapar / @moderakh can you think of a way to validate the key being used has write permission to the container, without actually attempting to write a doc (and then having to delete it).

ryancrawcour avatar Mar 30 '21 03:03 ryancrawcour

@ryancrawcour I don't have a lot of knowledge on this but would the permissions API help here? https://docs.microsoft.com/en-us/rest/api/cosmos-db/permissions . This can work only if we can invoke without any additional credentials or permissions.

mageshn avatar Mar 30 '21 04:03 mageshn

@mageshn no permission API purpose is different.

At client side we currently do not have any API to distinguish a write key from a read key without actually attempting to perform a write operation.

I will check with our service side team if there is any workaround.

moderakh avatar Mar 30 '21 04:03 moderakh

i have the following listed as validators to add -

validate database name is valid

  • I am thinking of doing a GetDatabase call to check if the db id supplied is valid.

validation container name is valid

  • as above, plan to do a GetContainer (given a valid database) to check is the container id is valid. might have to do multiple here as we support a Topic#Container mapping where it would be possible to supply multiple container names.

@moderakh / @kushagraThapar thoughts on the above 2 operations?

validate that the topic(s) are valid

  • @ncliang what would be the best way to check if the Kafka topic supplied is valid?

any others?

ryancrawcour avatar May 16 '21 21:05 ryancrawcour

think of a way to validate the key being used has write permission to the container, without actually attempting to write a doc (and then having to delete it).

doesn't look like there is a way to determine write permissions given a key without actually attempting to write a doc. so we'll just validate that the key given is a valid key, and handle a write failure if that happens.

ryancrawcour avatar May 24 '21 22:05 ryancrawcour