Prerequisites¶
Before you install the Kafka OCF connector, ensure that you have performed the following:
Enable Network Connectivity¶
Open the outbound TCP port 443 to the Confluent Kafka server.
Create a Service Account¶
Create a service account for Kafka. Refer to Service Accounts for Confluent Cloud.
Permissions¶
Make sure that the service account has the following permissions:
Cluster resource permissions:
Create
Describe
IdempotentWrite: For producers in Idempotent mode
InitProducerId(idempotent): To initialize the producer(Optional)
Topics resource permissions:
Alter
Create
Describe
Read
Write
Authentication Schemes¶
This section describes prerequisites for the authentication schemes that the Kafka OCF connector supports in Alation. Supported schemes are a subset of the authentication methods and exclude Azure AD OAuth 2.0 code‑grant flows that require interactive token persistence. For additional authentication scheme configurations, see Appendix - Authentication Schemes.
Azure Service Principal¶
To use Azure Service Principal authentication with the Kafka OCF connector, you must configure a Service Principal that is authorized to access Kafka instances hosted on Azure Event Hubs via the Kafka interface.
This method is not a generic Azure‑platform authentication mechanism for arbitrary Kafka clusters running on Azure VMs or other services.
When using Azure Service Principal authentication, you must also set the Azure Resource property; this is required for Kafka instances hosted on Azure Event Hubs.
To use Azure Service Principal authentication with the Kafka OCF connector, create or reuse a Service Principal with appropriate role assignments on your Azure Event Hubs namespace. You will need its application (client) ID, tenant ID, secret or certificate, and the Azure Resource (resource URI for Event Hubs).
For advanced Kafka connection properties (including authentication mechanisms not supported by the Kafka OCF connector), refer to the JDBC driver documentation used by your Alation deployment.