fix: move sasl and tls flag to ScaledObject instead of specifying in TriggerAuthentication

[dttung2905]

Hi team,
This MR will solve

Provide a description of what has been changed

Checklist

• When introducing a new scaler, I agree with the scaling governance policy
• I have verified that my change is according to the deprecations & breaking changes policy
• Tests have been added
• Changelog has been updated and is aligned with our changelog requirements
• A PR is opened to update the documentation on (repo) Add Doc changes for enableTls and saslAuthType for Kafka Scaler ScaledObject keda-docs#1016
• Commits are signed with Developer Certificate of Origin (DCO - learn more)

Example:

triggers:
- type: kafka
  metadata:
    bootstrapServers: kafka.svc:9092
    consumerGroup: my-group
    topic: test-topic
    lagThreshold: '5'
    activationLagThreshold: '3'
    offsetResetPolicy: latest
    allowIdleConsumers: false
    scaleToZeroOnInvalidOffset: false
    excludePersistentLag: false
    version: 1.0.0
+   saslAuthType: plaintext|scram_sha256|scram_sha512|oauthbearer|none
+   enableTls: true|false

Fixes #3611

Relates to #

[dttung2905]

Also I have included a small fix for the static check failure for Azure Blob Scaler link ( Not quite relevant to this MR though but I try to make this pass the CI )

pkg/scalers/azure_blob_scaler.go:142:111: string `true` has 3 occurrences, but such constant `stringTrue` already exists (goconst)
	if val, ok := config.TriggerMetadata["useAAdPodIdentity"]; ok && config.PodIdentity.Provider == "" && val == "true" {
	                                                                                                             ^

Error: Process completed with exit code 1.

[JorTurFer]

/run-e2e kafka*
Update: You can check the progress here

[JorTurFer]

LGTM!

[JorTurFer]

Is this ready to review @dttung2905 ? I ask because it has WIP in the title

[tomkerkhove]

This should not be a breaking change as we discussed but more a new approach next to the deprecated approach. Would you mind updating the changelog and ensure this complies with https://github.com/kedacore/governance/blob/main/DEPRECATIONS.md

[dttung2905]

Since we will go with supporting both methods, I will move this to Improvements section 🙏

[dttung2905]

Is this ready to review @dttung2905 ? I ask because it has WIP in the title

Thanks for the super quick review on this! I put WIP because I still need to update the doc here , as @tomkerkhove pointed out (thanks Tom for that)
I will update the doc PR later and the CHANGELOG as well

[tomkerkhove]

Thanks a ton and no rush - Take your time!

[zroubalik]

Don't we want to support both approaches? (Instead of removing the old one?)

[dttung2905]

Don't we want to support both approaches? (Instead of removing the old one?)

Personally, I would say we deprecate the old one and remove it in the next 2 releases. The reason is having multiple places to specify the same value just make it confusing to the user. Also tls: enable and sasl:scram_sha256 are not really secrets so it might be weird to park it under TriggerAuthentication. What do you think @JorTurFer @tomkerkhove ?

[zroubalik]

Don't we want to support both approaches? (Instead of removing the old one?)

Personally, I would say we deprecate the old one and remove it in the next 2 releases. The reason is having multiple places to specify the same value just make it confusing to the user. Also tls: enable and sasl:scram_sha256 are not really secrets so it might be weird to park it under TriggerAuthentication. What do you think @JorTurFer @tomkerkhove ?

Yeah, though the problem is, that in my opinion these settings use 90% of ScaledObjects with Kafka, which means a lot of users 😄

[JorTurFer]

What do you think @JorTurFer @tomkerkhove ?

We have a clear policy about that, we should keep both options during the deprecation period but AFAI see, you have kept both https://github.com/kedacore/keda/pull/4322/files#diff-03cf62956adcec86c0717723ab146472f0979221b0e5942a6e5460fa6d5e4f08R180-R196. Am I right?

[dttung2905]

What do you think @JorTurFer @tomkerkhove ?

We have a clear policy about that, we should keep both options during the deprecation period but AFAI see, you have kept both https://github.com/kedacore/keda/pull/4322/files#diff-03cf62956adcec86c0717723ab146472f0979221b0e5942a6e5460fa6d5e4f08R180-R196. Am I right?

What @zroubalik proposed it that we keep the old method forever and not deprecate at all .

[zroubalik]

What do you think @JorTurFer @tomkerkhove ?

We have a clear policy about that, we should keep both options during the deprecation period but AFAI see, you have kept both https://github.com/kedacore/keda/pull/4322/files#diff-03cf62956adcec86c0717723ab146472f0979221b0e5942a6e5460fa6d5e4f08R180-R196. Am I right?

What @zroubalik proposed it that we keep the old method forever and not deprecate at all .

Yeah, I think that we should keep both options present. Some users might want to specify these settings in TriggerAuth.

I vote for not deprecating.

[JorTurFer]

What do you think @JorTurFer @tomkerkhove ?

We have a clear policy about that, we should keep both options during the deprecation period but AFAI see, you have kept both #4322 (files). Am I right?

What @zroubalik proposed it that we keep the old method forever and not deprecate at all .

I don't have any strong opinion, but it's true that it isn't a secret, so doesn't make sense treating it as a secret and maybe dropping the support is worth to make the things more clear

[dttung2905]

@tomkerkhove what is your opinion on this :P ? I support smooth developer experience so there are two sides of the coin ( clarify vs disruption ). I can keep both and not deprecate the old method too if Tom is not strongly against it

In the future, if there are feedbacks from user about confusions of several methods, we can go back and deprecate the old one. For me its not fixed anyways 🙏

[tomkerkhove]

I don't have an opinion on this, I'm fine with either

[zroubalik]

Thanks, so let's not deprecate :)

[tomkerkhove]

Fine for me!

[tomkerkhove]

Let's make sure this is also removed from the docs

[zroubalik]

/run-e2e kafka*
Update: You can check the progress here

[JorTurFer]

Why don't just use the same key? sasl should be better as it's the same key, recovered from both places

[zroubalik]

Good catch! Agree, we should use the same key for both TA and trigger metadata.

[dttung2905]

Agree with that as I cross commented on the doc PR. Also it means that for tls the value should be enable/disable instead of true/false right? Just want to confirm this

[zroubalik]

Let's reuse the very same apporach that already present wrt key/value naming please :)

[zroubalik]

We can think about deprecation/renaming later on. But let's be consistent.

[JorTurFer]

yeah, the valid values shouldn't change from previous state

[dttung2905]

Got it. Thanks for the review. I will try do it later once im back to keyboard

[JorTurFer]

Why don't just use the same key? tls should be better as it's the same key, recovered from both places

[zroubalik]

looking good, just rename the keys please

[zroubalik]

/run-e2e kafka*
Update: You can check the progress here