📝 Security documentation (#74)

DanWertheimer · web-flow · commit 9bd7a4e3436b · 2021-06-14T16:25:54.000+02:00
diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
@@ -0,0 +1,26 @@
+# Security
+
+Py2K is built on top of the [confluent-kafka](https://github.com/confluentinc/confluent-kafka-python) python package which uses [librdkafka](https://github.com/edenhill/librdkafka) configuration for authentication.
+
+## SSL Authentication Example
+
+SSL authentication is built into the base Py2K wheels.
+
+As an example, the below config and setup will work:
+
+```Python
+{!../docs_src/security/security001.py!}
+```
+
+## SASL_SSL Kerberos Authentication Example
+
+<!-- prettier-ignore-start -->
+!!! info
+    The Py2K installation install confluent-kafka for you, **however** the base confluent-kafka librdkafka linux wheel is not built with SASL Kerberos/GSSAPI support and if you required this you will need to install the wheels on your system first. For a guide, see [here](https://github.com/confluentinc/confluent-kafka-python#prerequisites)
+<!-- prettier-ignore-end -->
+
+Once you've built from source you can use a similar base config to below:
+
+```Python
+{!../docs_src/security/security002.py!}
+```
diff --git a/docs_src/security/security001.py b/docs_src/security/security001.py
@@ -0,0 +1,21 @@
+from py2k.writer import KafkaWriter
+
+cert_config = {
+    'ssl.ca.location': '/path/to/ca.pem',
+    'ssl.certificate.location': '/path/to/cert.pem',
+    'ssl.key.location': '/path/to/ssl.key',
+}
+
+topic = 'mytopic'
+schema_registry_config = {'url': 'https://schemaregistry.com', **cert_config}
+producer_config = {
+    'bootstrap.servers': 'bootstrapservers.com',
+    'security.protocol': 'ssl',
+    **cert_config,
+}
+
+writer = KafkaWriter(
+    topic=topic,
+    schema_registry_config=schema_registry_config,
+    producer_config=producer_config,
+)
diff --git a/docs_src/security/security002.py b/docs_src/security/security002.py
@@ -0,0 +1,23 @@
+from py2k.writer import KafkaWriter
+
+cert_config = {
+    'ssl.ca.location': '/path/to/ca.pem',
+    'ssl.certificate.location': '/path/to/cert.pem',
+    'ssl.key.location': '/path/to/ssl.key',
+}
+
+topic = 'mytopic'
+schema_registry_config = {'url': 'https://schemaregistry.com', **cert_config}
+producer_config = {
+    'bootstrap.servers': 'bootstrapservers.com',
+    'security.protocol': 'SASL_SSL',
+    'sasl.kerberos.principal': 'principal@DOMAIN',
+    'sasl.kerberos.keytab': '/path/to/principal.keytab',
+    **cert_config,
+}
+
+writer = KafkaWriter(
+    topic=topic,
+    schema_registry_config=schema_registry_config,
+    producer_config=producer_config,
+)
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -30,6 +30,7 @@ nav:
   - Tutorial - User Guide:
       - Tutorial - User Guide - Intro: tutorial/index.md
       - First Steps: tutorial/first_steps.md
+      - Security: tutorial/security.md
   - API Reference: reference.md
   - Motivation: motivation.md
   - Release Notes: release_notes.md
