ruby-kafka-aws-iam 1.4.2 → 1.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/kafka/client.rb +4 -1
- data/lib/kafka/connection.rb +1 -6
- data/lib/kafka/sasl/awsmskiam.rb +8 -5
- data/lib/kafka/sasl_authenticator.rb +3 -2
- data/lib/kafka/ssl_socket_with_timeout.rb +1 -5
- data/lib/kafka/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 607bb37655f529a498de009d4cd38a4ef20c6f482bfe1d6cca8ed3853f2e6ed3
|
|
4
|
+
data.tar.gz: f2e06f1cd3c0604257fecbaf9e547993ec2e6a5e43a8d8c8c71eac255c677a95
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7c5a204ce55df1eae6fdaf28dfa5b0f22c5b499d4a008e86bac9705f8118f870406134bbff016da201a693261cd6a5fa31b9e8a7c72fdeefb9d1b1c61b4dce56
|
|
7
|
+
data.tar.gz: 936df6a6c67d92a55c830faae1b13b0a2b497764753cd33592f7e6322eafd38a42e0ab0ce348b945048bb57bff2eca07a4bb08b555fc8e0eac039565187c536c
|
data/lib/kafka/client.rb
CHANGED
|
@@ -86,7 +86,9 @@ module Kafka
|
|
|
86
86
|
sasl_gssapi_keytab: nil, sasl_plain_authzid: '', sasl_plain_username: nil, sasl_plain_password: nil,
|
|
87
87
|
sasl_scram_username: nil, sasl_scram_password: nil, sasl_scram_mechanism: nil,
|
|
88
88
|
sasl_aws_msk_iam_access_key_id: nil,
|
|
89
|
-
sasl_aws_msk_iam_secret_key_id: nil,
|
|
89
|
+
sasl_aws_msk_iam_secret_key_id: nil,
|
|
90
|
+
sasl_aws_msk_iam_aws_region: nil,
|
|
91
|
+
sasl_aws_msk_iam_session_token: nil,
|
|
90
92
|
sasl_over_ssl: true, ssl_ca_certs_from_system: false, partitioner: nil, sasl_oauth_token_provider: nil, ssl_verify_hostname: true,
|
|
91
93
|
resolve_seed_brokers: false)
|
|
92
94
|
@logger = TaggedLogger.new(logger)
|
|
@@ -117,6 +119,7 @@ module Kafka
|
|
|
117
119
|
sasl_aws_msk_iam_access_key_id: sasl_aws_msk_iam_access_key_id,
|
|
118
120
|
sasl_aws_msk_iam_secret_key_id: sasl_aws_msk_iam_secret_key_id,
|
|
119
121
|
sasl_aws_msk_iam_aws_region: sasl_aws_msk_iam_aws_region,
|
|
122
|
+
sasl_aws_msk_iam_session_token: sasl_aws_msk_iam_session_token,
|
|
120
123
|
sasl_oauth_token_provider: sasl_oauth_token_provider,
|
|
121
124
|
logger: @logger
|
|
122
125
|
)
|
data/lib/kafka/connection.rb
CHANGED
|
@@ -127,12 +127,7 @@ module Kafka
|
|
|
127
127
|
@logger.debug "Opening connection to #{@host}:#{@port} with client id #{@client_id}..."
|
|
128
128
|
|
|
129
129
|
if @ssl_context
|
|
130
|
-
@socket = SSLSocketWithTimeout.new(@host,
|
|
131
|
-
@port,
|
|
132
|
-
connect_timeout: @connect_timeout,
|
|
133
|
-
timeout: @socket_timeout,
|
|
134
|
-
ssl_context: @ssl_context,
|
|
135
|
-
logger: @logger)
|
|
130
|
+
@socket = SSLSocketWithTimeout.new(@host, @port, connect_timeout: @connect_timeout, timeout: @socket_timeout, ssl_context: @ssl_context)
|
|
136
131
|
else
|
|
137
132
|
@socket = SocketWithTimeout.new(@host, @port, connect_timeout: @connect_timeout, timeout: @socket_timeout)
|
|
138
133
|
end
|
data/lib/kafka/sasl/awsmskiam.rb
CHANGED
|
@@ -9,12 +9,13 @@ module Kafka
|
|
|
9
9
|
class AwsMskIam
|
|
10
10
|
AWS_MSK_IAM = "AWS_MSK_IAM"
|
|
11
11
|
|
|
12
|
-
def initialize(aws_region:, access_key_id:, secret_key_id:, logger:)
|
|
12
|
+
def initialize(aws_region:, access_key_id:, secret_key_id:, session_token: nil,logger:)
|
|
13
13
|
@semaphore = Mutex.new
|
|
14
14
|
|
|
15
15
|
@aws_region = aws_region
|
|
16
16
|
@access_key_id = access_key_id
|
|
17
17
|
@secret_key_id = secret_key_id
|
|
18
|
+
@session_token = session_token
|
|
18
19
|
@logger = TaggedLogger.new(logger)
|
|
19
20
|
end
|
|
20
21
|
|
|
@@ -39,13 +40,11 @@ module Kafka
|
|
|
39
40
|
encoder.write_bytes(msg)
|
|
40
41
|
|
|
41
42
|
begin
|
|
42
|
-
@logger.debug "Decoding first server SASL AWS_MSK_IAM message"
|
|
43
43
|
@server_first_message = decoder.bytes
|
|
44
44
|
@logger.debug "Received first server SASL AWS_MSK_IAM message: #{@server_first_message}"
|
|
45
45
|
|
|
46
46
|
raise Kafka::Error, "SASL AWS_MSK_IAM authentication failed: unknown error" unless @server_first_message
|
|
47
47
|
rescue Errno::ETIMEDOUT, EOFError => e
|
|
48
|
-
@logger.error e.backtrace
|
|
49
48
|
raise Kafka::Error, "SASL AWS_MSK_IAM authentication failed: #{e.message}"
|
|
50
49
|
end
|
|
51
50
|
|
|
@@ -63,7 +62,7 @@ module Kafka
|
|
|
63
62
|
end
|
|
64
63
|
|
|
65
64
|
def authentication_payload(host:, time_now:)
|
|
66
|
-
{
|
|
65
|
+
payload = {
|
|
67
66
|
'version': "2020_10_22",
|
|
68
67
|
'host': host,
|
|
69
68
|
'user-agent': "ruby-kafka",
|
|
@@ -74,7 +73,11 @@ module Kafka
|
|
|
74
73
|
'x-amz-signedheaders': "host",
|
|
75
74
|
'x-amz-expires': "900",
|
|
76
75
|
'x-amz-signature': signature(host: host, time_now: time_now)
|
|
77
|
-
}
|
|
76
|
+
}
|
|
77
|
+
|
|
78
|
+
payload['x-amz-security-token'] = @session_token unless @session_token.nil?
|
|
79
|
+
|
|
80
|
+
payload.to_json
|
|
78
81
|
end
|
|
79
82
|
|
|
80
83
|
def canonical_request(host:, time_now:)
|
|
@@ -14,8 +14,8 @@ module Kafka
|
|
|
14
14
|
sasl_oauth_token_provider:,
|
|
15
15
|
sasl_aws_msk_iam_access_key_id:,
|
|
16
16
|
sasl_aws_msk_iam_secret_key_id:,
|
|
17
|
-
sasl_aws_msk_iam_aws_region
|
|
18
|
-
|
|
17
|
+
sasl_aws_msk_iam_aws_region:,
|
|
18
|
+
sasl_aws_msk_iam_session_token: nil)
|
|
19
19
|
@logger = TaggedLogger.new(logger)
|
|
20
20
|
|
|
21
21
|
@plain = Sasl::Plain.new(
|
|
@@ -42,6 +42,7 @@ module Kafka
|
|
|
42
42
|
access_key_id: sasl_aws_msk_iam_access_key_id,
|
|
43
43
|
secret_key_id: sasl_aws_msk_iam_secret_key_id,
|
|
44
44
|
aws_region: sasl_aws_msk_iam_aws_region,
|
|
45
|
+
session_token: sasl_aws_msk_iam_session_token,
|
|
45
46
|
logger: @logger,
|
|
46
47
|
)
|
|
47
48
|
|
|
@@ -21,13 +21,12 @@ module Kafka
|
|
|
21
21
|
# @param timeout [Integer] the read and write timeout, in seconds.
|
|
22
22
|
# @param ssl_context [OpenSSL::SSL::SSLContext] which SSLContext the ssl connection should use
|
|
23
23
|
# @raise [Errno::ETIMEDOUT] if the timeout is exceeded.
|
|
24
|
-
def initialize(host, port, connect_timeout: nil, timeout: nil, ssl_context
|
|
24
|
+
def initialize(host, port, connect_timeout: nil, timeout: nil, ssl_context:)
|
|
25
25
|
addr = Socket.getaddrinfo(host, nil)
|
|
26
26
|
sockaddr = Socket.pack_sockaddr_in(port, addr[0][3])
|
|
27
27
|
|
|
28
28
|
@connect_timeout = connect_timeout
|
|
29
29
|
@timeout = timeout
|
|
30
|
-
@logger = logger
|
|
31
30
|
|
|
32
31
|
@tcp_socket = Socket.new(Socket.const_get(addr[0][0]), Socket::SOCK_STREAM, 0)
|
|
33
32
|
@tcp_socket.setsockopt(Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1)
|
|
@@ -94,7 +93,6 @@ module Kafka
|
|
|
94
93
|
def read(num_bytes)
|
|
95
94
|
buffer = String.new
|
|
96
95
|
|
|
97
|
-
@logger.debug "Reading #{num_bytes} bytes from #{@ssl_socket}"
|
|
98
96
|
until buffer.length >= num_bytes
|
|
99
97
|
begin
|
|
100
98
|
# Unlike plain TCP sockets, SSL sockets don't support IO.select
|
|
@@ -103,8 +101,6 @@ module Kafka
|
|
|
103
101
|
# catch exceptions from read_nonblock and gradually build up
|
|
104
102
|
# our read buffer.
|
|
105
103
|
buffer << @ssl_socket.read_nonblock(num_bytes - buffer.length)
|
|
106
|
-
|
|
107
|
-
@logger.debug "Bytes read: #{buffer.length}"
|
|
108
104
|
rescue IO::WaitReadable
|
|
109
105
|
if select_with_timeout(@ssl_socket, :read)
|
|
110
106
|
retry
|
data/lib/kafka/version.rb
CHANGED