ruby-kafka-aws-iam 1.4.2 → 1.4.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/kafka/client.rb +4 -1
- data/lib/kafka/connection.rb +1 -6
- data/lib/kafka/sasl/awsmskiam.rb +8 -5
- data/lib/kafka/sasl_authenticator.rb +3 -2
- data/lib/kafka/ssl_socket_with_timeout.rb +1 -5
- data/lib/kafka/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 607bb37655f529a498de009d4cd38a4ef20c6f482bfe1d6cca8ed3853f2e6ed3
|
|
4
|
+
data.tar.gz: f2e06f1cd3c0604257fecbaf9e547993ec2e6a5e43a8d8c8c71eac255c677a95
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7c5a204ce55df1eae6fdaf28dfa5b0f22c5b499d4a008e86bac9705f8118f870406134bbff016da201a693261cd6a5fa31b9e8a7c72fdeefb9d1b1c61b4dce56
|
|
7
|
+
data.tar.gz: 936df6a6c67d92a55c830faae1b13b0a2b497764753cd33592f7e6322eafd38a42e0ab0ce348b945048bb57bff2eca07a4bb08b555fc8e0eac039565187c536c
|
data/lib/kafka/client.rb
CHANGED
|
@@ -86,7 +86,9 @@ module Kafka
|
|
|
86
86
|
sasl_gssapi_keytab: nil, sasl_plain_authzid: '', sasl_plain_username: nil, sasl_plain_password: nil,
|
|
87
87
|
sasl_scram_username: nil, sasl_scram_password: nil, sasl_scram_mechanism: nil,
|
|
88
88
|
sasl_aws_msk_iam_access_key_id: nil,
|
|
89
|
-
sasl_aws_msk_iam_secret_key_id: nil,
|
|
89
|
+
sasl_aws_msk_iam_secret_key_id: nil,
|
|
90
|
+
sasl_aws_msk_iam_aws_region: nil,
|
|
91
|
+
sasl_aws_msk_iam_session_token: nil,
|
|
90
92
|
sasl_over_ssl: true, ssl_ca_certs_from_system: false, partitioner: nil, sasl_oauth_token_provider: nil, ssl_verify_hostname: true,
|
|
91
93
|
resolve_seed_brokers: false)
|
|
92
94
|
@logger = TaggedLogger.new(logger)
|
|
@@ -117,6 +119,7 @@ module Kafka
|
|
|
117
119
|
sasl_aws_msk_iam_access_key_id: sasl_aws_msk_iam_access_key_id,
|
|
118
120
|
sasl_aws_msk_iam_secret_key_id: sasl_aws_msk_iam_secret_key_id,
|
|
119
121
|
sasl_aws_msk_iam_aws_region: sasl_aws_msk_iam_aws_region,
|
|
122
|
+
sasl_aws_msk_iam_session_token: sasl_aws_msk_iam_session_token,
|
|
120
123
|
sasl_oauth_token_provider: sasl_oauth_token_provider,
|
|
121
124
|
logger: @logger
|
|
122
125
|
)
|
data/lib/kafka/connection.rb
CHANGED
|
@@ -127,12 +127,7 @@ module Kafka
|
|
|
127
127
|
@logger.debug "Opening connection to #{@host}:#{@port} with client id #{@client_id}..."
|
|
128
128
|
|
|
129
129
|
if @ssl_context
|
|
130
|
-
@socket = SSLSocketWithTimeout.new(@host,
|
|
131
|
-
@port,
|
|
132
|
-
connect_timeout: @connect_timeout,
|
|
133
|
-
timeout: @socket_timeout,
|
|
134
|
-
ssl_context: @ssl_context,
|
|
135
|
-
logger: @logger)
|
|
130
|
+
@socket = SSLSocketWithTimeout.new(@host, @port, connect_timeout: @connect_timeout, timeout: @socket_timeout, ssl_context: @ssl_context)
|
|
136
131
|
else
|
|
137
132
|
@socket = SocketWithTimeout.new(@host, @port, connect_timeout: @connect_timeout, timeout: @socket_timeout)
|
|
138
133
|
end
|
data/lib/kafka/sasl/awsmskiam.rb
CHANGED
|
@@ -9,12 +9,13 @@ module Kafka
|
|
|
9
9
|
class AwsMskIam
|
|
10
10
|
AWS_MSK_IAM = "AWS_MSK_IAM"
|
|
11
11
|
|
|
12
|
-
def initialize(aws_region:, access_key_id:, secret_key_id:, logger:)
|
|
12
|
+
def initialize(aws_region:, access_key_id:, secret_key_id:, session_token: nil,logger:)
|
|
13
13
|
@semaphore = Mutex.new
|
|
14
14
|
|
|
15
15
|
@aws_region = aws_region
|
|
16
16
|
@access_key_id = access_key_id
|
|
17
17
|
@secret_key_id = secret_key_id
|
|
18
|
+
@session_token = session_token
|
|
18
19
|
@logger = TaggedLogger.new(logger)
|
|
19
20
|
end
|
|
20
21
|
|
|
@@ -39,13 +40,11 @@ module Kafka
|
|
|
39
40
|
encoder.write_bytes(msg)
|
|
40
41
|
|
|
41
42
|
begin
|
|
42
|
-
@logger.debug "Decoding first server SASL AWS_MSK_IAM message"
|
|
43
43
|
@server_first_message = decoder.bytes
|
|
44
44
|
@logger.debug "Received first server SASL AWS_MSK_IAM message: #{@server_first_message}"
|
|
45
45
|
|
|
46
46
|
raise Kafka::Error, "SASL AWS_MSK_IAM authentication failed: unknown error" unless @server_first_message
|
|
47
47
|
rescue Errno::ETIMEDOUT, EOFError => e
|
|
48
|
-
@logger.error e.backtrace
|
|
49
48
|
raise Kafka::Error, "SASL AWS_MSK_IAM authentication failed: #{e.message}"
|
|
50
49
|
end
|
|
51
50
|
|
|
@@ -63,7 +62,7 @@ module Kafka
|
|
|
63
62
|
end
|
|
64
63
|
|
|
65
64
|
def authentication_payload(host:, time_now:)
|
|
66
|
-
{
|
|
65
|
+
payload = {
|
|
67
66
|
'version': "2020_10_22",
|
|
68
67
|
'host': host,
|
|
69
68
|
'user-agent': "ruby-kafka",
|
|
@@ -74,7 +73,11 @@ module Kafka
|
|
|
74
73
|
'x-amz-signedheaders': "host",
|
|
75
74
|
'x-amz-expires': "900",
|
|
76
75
|
'x-amz-signature': signature(host: host, time_now: time_now)
|
|
77
|
-
}
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
payload['x-amz-security-token'] = @session_token unless @session_token.nil?
|
|
79
|
+
|
|
80
|
+
payload.to_json
|
|
78
81
|
end
|
|
79
82
|
|
|
80
83
|
def canonical_request(host:, time_now:)
|
|
@@ -14,8 +14,8 @@ module Kafka
|
|
|
14
14
|
sasl_oauth_token_provider:,
|
|
15
15
|
sasl_aws_msk_iam_access_key_id:,
|
|
16
16
|
sasl_aws_msk_iam_secret_key_id:,
|
|
17
|
-
sasl_aws_msk_iam_aws_region
|
|
18
|
-
|
|
17
|
+
sasl_aws_msk_iam_aws_region:,
|
|
18
|
+
sasl_aws_msk_iam_session_token: nil)
|
|
19
19
|
@logger = TaggedLogger.new(logger)
|
|
20
20
|
|
|
21
21
|
@plain = Sasl::Plain.new(
|
|
@@ -42,6 +42,7 @@ module Kafka
|
|
|
42
42
|
access_key_id: sasl_aws_msk_iam_access_key_id,
|
|
43
43
|
secret_key_id: sasl_aws_msk_iam_secret_key_id,
|
|
44
44
|
aws_region: sasl_aws_msk_iam_aws_region,
|
|
45
|
+
session_token: sasl_aws_msk_iam_session_token,
|
|
45
46
|
logger: @logger,
|
|
46
47
|
)
|
|
47
48
|
|
|
@@ -21,13 +21,12 @@ module Kafka
|
|
|
21
21
|
# @param timeout [Integer] the read and write timeout, in seconds.
|
|
22
22
|
# @param ssl_context [OpenSSL::SSL::SSLContext] which SSLContext the ssl connection should use
|
|
23
23
|
# @raise [Errno::ETIMEDOUT] if the timeout is exceeded.
|
|
24
|
-
def initialize(host, port, connect_timeout: nil, timeout: nil, ssl_context
|
|
24
|
+
def initialize(host, port, connect_timeout: nil, timeout: nil, ssl_context:)
|
|
25
25
|
addr = Socket.getaddrinfo(host, nil)
|
|
26
26
|
sockaddr = Socket.pack_sockaddr_in(port, addr[0][3])
|
|
27
27
|
|
|
28
28
|
@connect_timeout = connect_timeout
|
|
29
29
|
@timeout = timeout
|
|
30
|
-
@logger = logger
|
|
31
30
|
|
|
32
31
|
@tcp_socket = Socket.new(Socket.const_get(addr[0][0]), Socket::SOCK_STREAM, 0)
|
|
33
32
|
@tcp_socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
|
|
@@ -94,7 +93,6 @@ module Kafka
|
|
|
94
93
|
def read(num_bytes)
|
|
95
94
|
buffer = String.new
|
|
96
95
|
|
|
97
|
-
@logger.debug "Reading #{num_bytes} bytes from #{@ssl_socket}"
|
|
98
96
|
until buffer.length >= num_bytes
|
|
99
97
|
begin
|
|
100
98
|
# Unlike plain TCP sockets, SSL sockets don't support IO.select
|
|
@@ -103,8 +101,6 @@ module Kafka
|
|
|
103
101
|
# catch exceptions from read_nonblock and gradually build up
|
|
104
102
|
# our read buffer.
|
|
105
103
|
buffer << @ssl_socket.read_nonblock(num_bytes - buffer.length)
|
|
106
|
-
|
|
107
|
-
@logger.debug "Bytes read: #{buffer.length}"
|
|
108
104
|
rescue IO::WaitReadable
|
|
109
105
|
if select_with_timeout(@ssl_socket, :read)
|
|
110
106
|
retry
|
data/lib/kafka/version.rb
CHANGED