Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
superstream-confluent-kafka-beta
Advanced tools
To leverage the full capabilities of the Superstream SDK, it is essential to set the environment variables provided in the table below before initializing the SDK. Without setting-up the environment variables, the SDK will function as a standard Kafka SDK.
Environment Variable | Default | Required | Description |
---|---|---|---|
SUPERSTREAM_HOST | - | Yes | Specify the host URL of the Superstream service to connect to the appropriate Superstream environment. |
SUPERSTREAM_TOKEN | - | No | This authentication token is required when the engine is configured to work with local authentication, to securely access the Superstream services. |
SUPERSTREAM_TAGS | Empty string | No | Set this variable to tag the client. This is a string - comma-separated list of tags. |
SUPERSTREAM_DEBUG | False | No | Set this variable to true to enable Superstream logs. By default, there will not be any Superstream related logs. |
SUPERSTREAM_RESPONSE_TIMEOUT | 3000 | No | Set this variable to specify the timeout in milliseconds for the Superstream service response. |
[!IMPORTANT]
Ensure that these environment variables are properly configured in your system to fully utilize the enhanced features offered by Superstream SDK.
confluent-kafka-python provides a high-level Producer, Consumer and AdminClient compatible with all Apache KafkaTM brokers >= v0.8, Confluent Cloud and Confluent Platform. The client is:
Reliable - It's a wrapper around librdkafka (provided automatically via binary wheels) which is widely deployed in a diverse set of production scenarios. It's tested using the same set of system tests as the Java client and more. It's supported by Confluent.
Performant - Performance is a key design consideration. Maximum throughput is on par with the Java client for larger message sizes (where the overhead of the Python interpreter has less impact). Latency is on par with the Java client.
Future proof - Confluent, founded by the creators of Kafka, is building a streaming platform with Apache Kafka at its core. It's high priority for us that client features keep pace with core Apache Kafka and components of the Confluent Platform.
For a step-by-step guide on using the client see Getting Started with Apache Kafka and Python.
Aditional examples can be found in the examples directory or the confluentinc/examples github repo, which include demonstration of:
Also refer to the API documentation.
Finally, the tests are useful as a reference for example usage.
from confluent_kafka import Producer
p = Producer({'bootstrap.servers': 'mybroker1,mybroker2'})
def delivery_report(err, msg):
""" Called once for each message produced to indicate delivery result.
Triggered by poll() or flush(). """
if err is not None:
print('Message delivery failed: {}'.format(err))
else:
print('Message delivered to {} [{}]'.format(msg.topic(), msg.partition()))
for data in some_data_source:
# Trigger any available delivery report callbacks from previous produce() calls
p.poll(0)
# Asynchronously produce a message. The delivery report callback will
# be triggered from the call to poll() above, or flush() below, when the
# message has been successfully delivered or failed permanently.
p.produce('mytopic', data.encode('utf-8'), callback=delivery_report)
# Wait for any outstanding messages to be delivered and delivery report
# callbacks to be triggered.
p.flush()
For a discussion on the poll based producer API, refer to the Integrating Apache Kafka With Python Asyncio Web Applications blog post.
from confluent_kafka import Consumer
c = Consumer({
'bootstrap.servers': 'mybroker',
'group.id': 'mygroup',
'auto.offset.reset': 'earliest'
})
c.subscribe(['mytopic'])
while True:
msg = c.poll(1.0)
if msg is None:
continue
if msg.error():
print("Consumer error: {}".format(msg.error()))
continue
print('Received message: {}'.format(msg.value().decode('utf-8')))
c.close()
Create topics:
from confluent_kafka.admin import AdminClient, NewTopic
a = AdminClient({'bootstrap.servers': 'mybroker'})
new_topics = [NewTopic(topic, num_partitions=3, replication_factor=1) for topic in ["topic1", "topic2"]]
# Note: In a multi-cluster production scenario, it is more typical to use a replication_factor of 3 for durability.
# Call create_topics to asynchronously create topics. A dict
# of <topic,future> is returned.
fs = a.create_topics(new_topics)
# Wait for each operation to finish.
for topic, f in fs.items():
try:
f.result() # The result itself is None
print("Topic {} created".format(topic))
except Exception as e:
print("Failed to create topic {}: {}".format(topic, e))
The Producer
, Consumer
and AdminClient
are all thread safe.
Install self-contained binary wheels
$ pip install confluent-kafka
NOTE: The pre-built Linux wheels do NOT contain SASL Kerberos/GSSAPI support. If you need SASL Kerberos/GSSAPI support you must install librdkafka and its dependencies using the repositories below and then build confluent-kafka using the instructions in the "Install from source" section below.
Install from source
For source install, see the Install from source section in INSTALL.md.
The Python client (as well as the underlying C library librdkafka) supports all broker versions >= 0.8. But due to the nature of the Kafka protocol in broker versions 0.8 and 0.9 it is not safe for a client to assume what protocol version is actually supported by the broker, thus you will need to hint the Python client what protocol version it may use. This is done through two configuration settings:
broker.version.fallback=YOUR_BROKER_VERSION
(default 0.9.0.1)api.version.request=true|false
(default true)When using a Kafka 0.10 broker or later you don't need to do anything
(api.version.request=true
is the default).
If you use Kafka broker 0.9 or 0.8 you must set
api.version.request=false
and set
broker.version.fallback
to your broker version,
e.g broker.version.fallback=0.9.0.1
.
More info here: https://github.com/edenhill/librdkafka/wiki/Broker-version-compatibility
If you're connecting to a Kafka cluster through SSL you will need to configure
the client with 'security.protocol': 'SSL'
(or 'SASL_SSL'
if SASL
authentication is used).
The client will use CA certificates to verify the broker's certificate.
The embedded OpenSSL library will look for CA certificates in /usr/lib/ssl/certs/
or /usr/lib/ssl/cacert.pem
. CA certificates are typically provided by the
Linux distribution's ca-certificates
package which needs to be installed
through apt
, yum
, et.al.
If your system stores CA certificates in another location you will need to
configure the client with 'ssl.ca.location': '/path/to/cacert.pem'
.
Alternatively, the CA certificates can be provided by the certifi
Python package. To use certifi, add an import certifi
line and configure the
client's CA location with 'ssl.ca.location': certifi.where()
.
KAFKA is a registered trademark of The Apache Software Foundation and has been licensed for use by confluent-kafka-python. confluent-kafka-python has no affiliation with and is not endorsed by The Apache Software Foundation.
Instructions on building and testing confluent-kafka-python can be found here.
For a step-by-step guide on using the Python client with Confluent Cloud see Getting Started with Apache Kafka and Python on Confluent Developer.
FAQs
Confluent's Python client for Apache Kafka
We found that superstream-confluent-kafka-beta demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.