Salesforce Platform Events Source Connector Configuration Properties

The Salesforce Platform Events Source Connector can be configured using a variety of configuration properties.

Note

These are properties for the self-managed connector. If you are using Confluent Cloud, see Salesforce Platform Events Source Connector for Confluent Cloud.

Connection

salesforce.consumer.key

The consumer key for the OAuth application.

  • Type: string
  • Importance: high
salesforce.consumer.secret

The consumer secret for the OAuth application.

  • Type: password
  • Importance: high
salesforce.password

The Salesforce password the connector should use.

  • Type: password
  • Importance: high
salesforce.password.token

The Salesforce security token associated with the username.

  • Type: password
  • Importance: high
salesforce.username

The Salesforce username the connector should use.

  • Type: string
  • Importance: high
salesforce.jwt.keystore.password

Keystore password to enable OAuth JWT token bearer flow.

  • Type: password
  • Default: null
  • Importance: medium
salesforce.jwt.keystore.path

Path to keystore containing key to use in OAuth JWT token bearer flow.

  • Type: string
  • Default: null
  • Importance: medium
salesforce.instance

The URL of the Salesforce endpoint to use. The default is blank. This directs the connector to use the endpoint specified in the authentication response.

http.proxy

The HTTP(S) proxy host and port the connector should use when talking to Salesforce. This defaults to a blank string, which corresponds to not using a proxy.

  • Type: string
  • Default: null
  • Valid Values: Of the form <host>:<port> where <host> is a valid hostname or IP address, and <port> is a valid port number
  • Importance: medium
http.proxy.auth.scheme

Specifies the authentication method that should be used to gain access to the Salesforce APIs behind a proxy server.

  • Type: string
  • Default: NONE
  • Valid Values: one of [NONE, BASIC]
  • Importance: medium
http.proxy.user

The HTTP proxy user name when using BASIC auth scheme (only HTTP proxy is supported when using this scheme).

  • Type: string
  • Default: null
  • Importance: medium
http.proxy.password

The HTTP proxy password when using BASIC auth scheme (only HTTP proxy is supported when using this scheme).

  • Type: password
  • Default: null
  • Importance: medium
connection.timeout

The amount of time to wait while connecting to the Salesforce streaming endpoint.

  • Type: long
  • Default: 30000
  • Valid Values: [5000,…,600000]
  • Importance: low
curl.logging

If enabled the logs will output the equivalent curl commands. This is a security risk because your authorization header is displayed in the log file. Use at your own risk.

  • Type: boolean
  • Default: false
  • Importance: low
connection.max.message.size

The maximum message size in bytes that is accepted during a long poll on the Salesforce streaming endpoint.

  • Type: int
  • Default: null
  • Valid Values: [0,…,2147483647]
  • Importance: low
request.max.retries.time.ms

The maximum time in milliseconds that the connector continue retry requests to Salesforce that fail because of network issues once authentication succeeds. The backoff period for each retry attempt uses a randomization function that grows exponentially. But, if the total time spent retrying the request exceeds this duration (15 minutes by default), retries stop and the request fails. This will likely result in task failure.

  • Type: long
  • Default: 900000
  • Valid Values: [1,…]
  • Importance: low
salesforce.version

The version of the Salesforce API to use.

  • Type: string
  • Default: latest
  • Valid Values: Matches regex( ^(latest|[d.]+)$ )
  • Importance: low

Apache Kafka®

kafka.topic

The Kafka topic to write the SalesForce data to. This is a template driven by the data returned by Salesforce. Any field in the schema can be used but you should always pick a value that is guaranteed to exist. _EventType and _ObjectType are two metadata fields that are included on every record. For example you could put update and deletes in a different topic by using salesforce.${_ObjectType}.${_EventType}

  • Type: string
  • Importance: high
kafka.topic.lowercase

Flag to determine if the Kafka topic should be lowercase.

  • Type: boolean
  • Default: true
  • Importance: high

Auto topic creation

For more information about Auto topic creation, see Configuring Auto Topic Creation for Source Connectors.

Configuration properties accept regular expressions (regex) that are defined as Java regex.

topic.creation.groups

A list of group aliases that are used to define per-group topic configurations for matching topics. A default group always exists and matches all topics.

  • Type: List of String types
  • Default: empty
  • Possible Values: The values of this property refer to any additional groups. A default group is always defined for topic configurations.
topic.creation.$alias.replication.factor

The replication factor for new topics created by the connector. This value must not be larger than the number of brokers in the Kafka cluster. If this value is larger than the number of Kafka brokers, an error occurs when the connector attempts to create a topic. This is a required property for the default group. This property is optional for any other group defined in topic.creation.groups. Other groups use the Kafka broker default value.

  • Type: int
  • Default: n/a
  • Possible Values: >= 1 for a specific valid value or -1 to use the Kafka broker’s default value.
topic.creation.$alias.partitions

The number of topic partitions created by this connector. This is a required property for the default group. This property is optional for any other group defined in topic.creation.groups. Other groups use the Kafka broker default value.

  • Type: int
  • Default: n/a
  • Possible Values: >= 1 for a specific valid value or -1 to use the Kafka broker’s default value.
topic.creation.$alias.include

A list of strings that represent regular expressions that match topic names. This list is used to include topics with matching values, and apply this group’s specific configuration to the matching topics. $alias applies to any group defined in topic.creation.groups. This property does not apply to the default group.

  • Type: List of String types
  • Default: empty
  • Possible Values: Comma-separated list of exact topic names or regular expressions.
topic.creation.$alias.exclude

A list of strings representing regular expressions that match topic names. This list is used to exclude topics with matching values from getting the group’s specfic configuration. $alias applies to any group defined in topic.creation.groups. This property does not apply to the default group. Note that exclusion rules override any inclusion rules for topics.

  • Type: List of String types
  • Default: empty
  • Possible Values: Comma-separated list of exact topic names or regular expressions.
topic.creation.$alias.${kafkaTopicSpecificConfigName}

Any of the Changing Broker Configurations Dynamically for the version of the Kafka broker where the records will be written. The broker’s topic-level configuration value is used if the configuration is not specified for the rule. $alias applies to the default group as well as any group defined in topic.creation.groups.

  • Type: property values
  • Default: Kafka broker value

Salesforce Streaming

salesforce.platform.event.name

The Salesforce platform event name to subscribe to. The Event name should end with ‘__e’ suffix. For example: LoginEvent__e

  • Type: string
  • Valid Values: ends with ‘__e’ suffix
  • Importance: high
salesforce.initial.start

Specify the initial starting point for the connector for replaying events. Use all to send a replayId of -2 to Salesforce that replays all events from last 24 hours, or use latest to send a replayId of -1 to Salesforce that plays only new incoming events that arrive after the connector has started. The default is latest in case there are more enqueued events than might be allowed by API limits.

  • Type: string
  • Default: latest
  • Valid Values: Matches regex( ^(all|latest)$ )
  • Importance: high

CSFLE configuration

csfle.enabled

Accepts a boolean value. CSFLE is enabled for the connector if csfle.enabled is set to True.

  • Type: boolean
  • Default: False

auto.register.schemas

Specifies if the Serializer should attempt to register the Schema with Schema Registry.

  • Type: boolean
  • Default: true
  • Importance: medium

use.latest.version

Only applies when auto.register.schemas is set to false. If auto.register.schemas is set to false and use.latest.version is set to true, then instead of deriving a schema for the object passed to the client for serialization, Schema Registry uses the latest version of the schema in the subject for serialization.

  • Type: boolean
  • Default: true
  • Importance: medium

Confluent Platform license

confluent.topic.bootstrap.servers

A list of host/port pairs to use to establish the initial connection to the Kafka cluster used for licensing. All servers in the cluster will be discovered from the initial connection. The list should be in the following format:

host1:port1,host2:port2,...

Since these servers are just used for the initial connection to discover the full cluster membership (which may change dynamically), this list need not contain the full set of servers (you may want more than one, though, in case a server is down).

  • Type: list
  • Importance: high
confluent.topic

Name of the Kafka topic used for Confluent Platform configuration, including licensing information.

  • Type: string
  • Default: _confluent-command
  • Importance: low
confluent.topic.replication.factor

The replication factor for the Kafka topic used for Confluent Platform configuration, including licensing information. This is used only if the topic does not already exist, and the default of 3 is appropriate for production use. If you are using a development environment with less than 3 brokers, you must set this to the number of brokers (often 1).

  • Type: int
  • Default: 3
  • Importance: low

Confluent license properties

You can put license-related properties in the connector configuration, or starting with Confluent Platform version 6.0, you can put license-related properties in the Connect worker configuration instead of in each connector configuration.

This connector is proprietary and requires a license. The license information is stored in the _confluent-command topic. If the broker requires SSL for connections, you must include the security-related confluent.topic.* properties as described below.

confluent.license

Confluent issues enterprise license keys to each subscriber. The license key is text that you can copy and paste as the value for confluent.license. A trial license allows using the connector for a 30-day trial period. A developer license allows using the connector indefinitely for single-broker development environments.

If you are a subscriber, contact Confluent Support for more information.

  • Type: string
  • Default: “”
  • Valid Values: Confluent Platform license
  • Importance: high
confluent.topic.ssl.truststore.location

The location of the trust store file.

  • Type: string
  • Default: null
  • Importance: high
confluent.topic.ssl.truststore.password

The password for the trust store file. If a password is not set access to the truststore is still available, but integrity checking is disabled.

  • Type: password
  • Default: null
  • Importance: high
confluent.topic.ssl.keystore.location

The location of the key store file. This is optional for client and can be used for two-way authentication for client.

  • Type: string
  • Default: null
  • Importance: high
confluent.topic.ssl.keystore.password

The store password for the key store file. This is optional for client and only needed if ssl.keystore.location is configured.

  • Type: password
  • Default: null
  • Importance: high
confluent.topic.ssl.key.password

The password of the private key in the key store file. This is optional for client.

  • Type: password
  • Default: null
  • Importance: high
confluent.topic.security.protocol

Protocol used to communicate with brokers. Valid values are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL.

  • Type: string
  • Default: “PLAINTEXT”
  • Importance: medium

License topic configuration

A Confluent enterprise license is stored in the _confluent-command topic. This topic is created by default and contains the license that corresponds to the license key supplied through the confluent.license property. No public keys are stored in Kafka topics.

The following describes how the default _confluent-command topic is generated under different scenarios:

  • A 30-day trial license is automatically generated for the _confluent command topic if you do not add the confluent.license property or leave this property empty (for example, confluent.license=).
  • Adding a valid license key (for example, confluent.license=<valid-license-key>) adds a valid license in the _confluent-command topic.

Here is an example of the minimal properties for development and testing.

You can change the name of the _confluent-command topic using the confluent.topic property (for instance, if your environment has strict naming conventions). The example below shows this change and the configured Kafka bootstrap server.

confluent.topic=foo_confluent-command
confluent.topic.bootstrap.servers=localhost:9092

The example above shows the minimally required bootstrap server property that you can use for development and testing. For a production environment, you add the normal producer, consumer, and topic configuration properties to the connector properties, prefixed with confluent.topic..

License topic ACLs

The _confluent-command topic contains the license that corresponds to the license key supplied through the confluent.license property. It is created by default. Connectors that access this topic require the following ACLs configured:

  • CREATE and DESCRIBE on the resource cluster, if the connector needs to create the topic.

  • DESCRIBE, READ, and WRITE on the _confluent-command topic.

    Important

    You can also use DESCRIBE and READ without WRITE to restrict access to read-only for license topic ACLs. If a topic exists, the LicenseManager will not try to create the topic.

You can provide access either individually for each principal that will use the license or use a wildcard entry to allow all clients. The following examples show commands that you can use to configure ACLs for the resource cluster and _confluent-command topic.

  1. Set a CREATE and DESCRIBE ACL on the resource cluster:

    kafka-acls --bootstrap-server localhost:9092 --command-config adminclient-configs.conf \
    --add --allow-principal User:<principal> \
    --operation CREATE --operation DESCRIBE --cluster
    
  2. Set a DESCRIBE, READ, and WRITE ACL on the _confluent-command topic:

    kafka-acls --bootstrap-server localhost:9092 --command-config adminclient-configs.conf \
    --add --allow-principal User:<principal> \
    --operation DESCRIBE --operation READ --operation WRITE --topic _confluent-command
    

Override Default Configuration Properties

You can override the replication factor using confluent.topic.replication.factor. For example, when using a Kafka cluster as a destination with less than three brokers (for development and testing) you should set the confluent.topic.replication.factor property to 1.

You can override producer-specific properties by using the producer.override.* prefix (for source connectors) and consumer-specific properties by using the consumer.override.* prefix (for sink connectors).

You can use the defaults or customize the other properties as well. For example, the confluent.topic.client.id property defaults to the name of the connector with -licensing suffix. You can specify the configuration settings for brokers that require SSL or SASL for client connections using this prefix.

You cannot override the cleanup policy of a topic because the topic always has a single partition and is compacted. Also, do not specify serializers and deserializers using this prefix; they are ignored if added.