Factor House release v93.1 brings a new major version to our suite of products for Apache Kafka and Apache Flink.
This is the 116th release of Factor House products, and marks more than 2.3M downloads of Kpow and Flex from Dockerhub in the past five years.
The major new feature in v93.1 is the secure, vendor-agnostic, OpenAPI 3.1 REST API for Kafka, Connect, and Schema resources that is now available in Kpow.
This release also includes:
- New capabilities for restricting visibility of menu items in our product UI
- Better control of user access to resources with new fine-grained RBAC permissions
- Support for cross-account (STSAssumeRole) authentication for MSK Managed Connect
- Fix for a Confluent Cloud cluster performance related bug
OpenAPI 3.1 Rest API for Apache Kafka
Kpow already provides a secure, acceessible, enterprise-grade Web UI covering the entire surface area of Apache Kafka, Kafka Connect, Schema Registry, and ksqlDB.
With release v93.1, you can now integrate the full power of Kpow's capabilities with your own internal products and/or CI/CD GitOps pipelines by using Kpow's secure REST API.
Getting started is easy, just add the following configuration to your Kpow deployment:
API_ENABLED="true" API_PORT="4000"
After a restart, you can begin accessing the API on the configured port:
curl -v kpow-staging.zcorp.com:4000/kafka/v1/clusters * Trying 127.0.0.1:4000... * Connected to kpow-staging.zcorp.com (127.0.0.1) port 4000 (#0) > GET /kafka/v1/clusters HTTP/1.1 > Host: kpow-staging.zcorp.com:4000 > User-Agent: curl/7.79.1 > Accept: */* > < HTTP/1.1 200 OK < Content-Type: application/json;charset=utf-8 < Vary: Accept-Encoding, User-Agent < Content-Length: 139 < * Connection #0 to host localhost left intact {"clusters":[{"id":"0TEeq2akSkGlrow1awdj_w","label":"Trade Book (Staging)","is_confluent":false}],"metadata":{"tenant_id":"__kpow_global"}
Kpow's new API is secured via the RBAC and Tenancy rules that govern access to the web UI.
View the full OpenAPI 3.1 Kpow REST API specification to learn more about securing the API and the provided modules and capabilities.
Future releases will include full control of ksqlDB resources, access to Kpow's world-class topic search and message production functions, a full OpenAPI 3.1 API for Apache Flink, and introduce support for mTLS and OpenID authentication of API users. Watch this space!
Fine-Grained RBAC Permissions
Kpow now provides greater control of user permissions with derived, fine-grained user actions:
SCHEMA_EDIT
Permission to edit and delete schema is governed by the SCHEMA_EDIT
action.
You can now choose to assign either SCHEMA_EDIT_VERSION
or SCHEMA_DELETE
individually.
CONNECT_EDIT
Permission to edit, delete, and alter connectors is governed by the CONNECT_EDIT
action.
You can now choose to assign either of CONNECT_EDIT_CONFIG
, CONNECT_DELETE
, or CONNECT_ALTER_STATE
individually.
TOPIC_INSPECT
Permission to search for data on topics and download any applicable results is governed by the TOPIC_INSPECT
action.
You can now choose to assign either TOPIC_DATA_QUERY
or TOPIC_DATA_DOWNLOAD
individually.
For more information see Kpow's authorization documentation.
Product Presentation Mode
Factor House products now offer the ability to restrict UI menu options where a user does not have visibility of a resource.
For example, the following configuration will hide the connect
, schema
, and ksqldb
main navigation options when a user does not have access to that type of resource:
PRESENTATION_MODE=HIDE_RESOURCES
Presentation mode can be set at a global level, with the configuration described above, or at a user-tenant level.
Learn more about specifying the presentation mode for a tenant in Kpow's tenancy documentation.
MSK Cross-Account Authentication
Kpow now provides the ability to provide either static credentials or specify cross-account access (STSAssumeRole) when authenticating MSK Connect.
See Kpow's MSK Connect configuration documentation for more.
Confluent Cloud Observation Performance
We recently discovered a bug in Confluent Cloud that caused Kpow's observation of new clusters (presumably ones that use the Kraft protocol) to take longer than desired.
This bug has been resolved in Kpow v93.1.