ruby-kafka-temp-fork 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.circleci/config.yml +393 -0
- data/.github/workflows/stale.yml +19 -0
- data/.gitignore +13 -0
- data/.readygo +1 -0
- data/.rspec +3 -0
- data/.rubocop.yml +44 -0
- data/.ruby-version +1 -0
- data/.yardopts +3 -0
- data/CHANGELOG.md +310 -0
- data/Gemfile +5 -0
- data/ISSUE_TEMPLATE.md +23 -0
- data/LICENSE.txt +176 -0
- data/Procfile +2 -0
- data/README.md +1342 -0
- data/Rakefile +8 -0
- data/benchmarks/message_encoding.rb +23 -0
- data/bin/console +8 -0
- data/bin/setup +5 -0
- data/docker-compose.yml +39 -0
- data/examples/consumer-group.rb +35 -0
- data/examples/firehose-consumer.rb +64 -0
- data/examples/firehose-producer.rb +54 -0
- data/examples/simple-consumer.rb +34 -0
- data/examples/simple-producer.rb +42 -0
- data/examples/ssl-producer.rb +44 -0
- data/lib/kafka.rb +373 -0
- data/lib/kafka/async_producer.rb +291 -0
- data/lib/kafka/broker.rb +217 -0
- data/lib/kafka/broker_info.rb +16 -0
- data/lib/kafka/broker_pool.rb +41 -0
- data/lib/kafka/broker_uri.rb +43 -0
- data/lib/kafka/client.rb +833 -0
- data/lib/kafka/cluster.rb +513 -0
- data/lib/kafka/compression.rb +45 -0
- data/lib/kafka/compressor.rb +86 -0
- data/lib/kafka/connection.rb +223 -0
- data/lib/kafka/connection_builder.rb +33 -0
- data/lib/kafka/consumer.rb +642 -0
- data/lib/kafka/consumer_group.rb +231 -0
- data/lib/kafka/consumer_group/assignor.rb +63 -0
- data/lib/kafka/crc32_hash.rb +15 -0
- data/lib/kafka/datadog.rb +420 -0
- data/lib/kafka/digest.rb +22 -0
- data/lib/kafka/fetch_operation.rb +115 -0
- data/lib/kafka/fetched_batch.rb +58 -0
- data/lib/kafka/fetched_batch_generator.rb +120 -0
- data/lib/kafka/fetched_message.rb +48 -0
- data/lib/kafka/fetched_offset_resolver.rb +48 -0
- data/lib/kafka/fetcher.rb +224 -0
- data/lib/kafka/gzip_codec.rb +34 -0
- data/lib/kafka/heartbeat.rb +25 -0
- data/lib/kafka/instrumenter.rb +38 -0
- data/lib/kafka/interceptors.rb +33 -0
- data/lib/kafka/lz4_codec.rb +27 -0
- data/lib/kafka/message_buffer.rb +87 -0
- data/lib/kafka/murmur2_hash.rb +17 -0
- data/lib/kafka/offset_manager.rb +259 -0
- data/lib/kafka/partitioner.rb +40 -0
- data/lib/kafka/pause.rb +92 -0
- data/lib/kafka/pending_message.rb +29 -0
- data/lib/kafka/pending_message_queue.rb +41 -0
- data/lib/kafka/produce_operation.rb +205 -0
- data/lib/kafka/producer.rb +528 -0
- data/lib/kafka/prometheus.rb +316 -0
- data/lib/kafka/protocol.rb +225 -0
- data/lib/kafka/protocol/add_offsets_to_txn_request.rb +29 -0
- data/lib/kafka/protocol/add_offsets_to_txn_response.rb +21 -0
- data/lib/kafka/protocol/add_partitions_to_txn_request.rb +34 -0
- data/lib/kafka/protocol/add_partitions_to_txn_response.rb +47 -0
- data/lib/kafka/protocol/alter_configs_request.rb +44 -0
- data/lib/kafka/protocol/alter_configs_response.rb +49 -0
- data/lib/kafka/protocol/api_versions_request.rb +21 -0
- data/lib/kafka/protocol/api_versions_response.rb +53 -0
- data/lib/kafka/protocol/consumer_group_protocol.rb +19 -0
- data/lib/kafka/protocol/create_partitions_request.rb +42 -0
- data/lib/kafka/protocol/create_partitions_response.rb +28 -0
- data/lib/kafka/protocol/create_topics_request.rb +45 -0
- data/lib/kafka/protocol/create_topics_response.rb +26 -0
- data/lib/kafka/protocol/decoder.rb +175 -0
- data/lib/kafka/protocol/delete_topics_request.rb +33 -0
- data/lib/kafka/protocol/delete_topics_response.rb +26 -0
- data/lib/kafka/protocol/describe_configs_request.rb +35 -0
- data/lib/kafka/protocol/describe_configs_response.rb +73 -0
- data/lib/kafka/protocol/describe_groups_request.rb +27 -0
- data/lib/kafka/protocol/describe_groups_response.rb +73 -0
- data/lib/kafka/protocol/encoder.rb +184 -0
- data/lib/kafka/protocol/end_txn_request.rb +29 -0
- data/lib/kafka/protocol/end_txn_response.rb +19 -0
- data/lib/kafka/protocol/fetch_request.rb +70 -0
- data/lib/kafka/protocol/fetch_response.rb +136 -0
- data/lib/kafka/protocol/find_coordinator_request.rb +29 -0
- data/lib/kafka/protocol/find_coordinator_response.rb +29 -0
- data/lib/kafka/protocol/heartbeat_request.rb +27 -0
- data/lib/kafka/protocol/heartbeat_response.rb +17 -0
- data/lib/kafka/protocol/init_producer_id_request.rb +26 -0
- data/lib/kafka/protocol/init_producer_id_response.rb +27 -0
- data/lib/kafka/protocol/join_group_request.rb +47 -0
- data/lib/kafka/protocol/join_group_response.rb +41 -0
- data/lib/kafka/protocol/leave_group_request.rb +25 -0
- data/lib/kafka/protocol/leave_group_response.rb +17 -0
- data/lib/kafka/protocol/list_groups_request.rb +23 -0
- data/lib/kafka/protocol/list_groups_response.rb +35 -0
- data/lib/kafka/protocol/list_offset_request.rb +53 -0
- data/lib/kafka/protocol/list_offset_response.rb +89 -0
- data/lib/kafka/protocol/member_assignment.rb +42 -0
- data/lib/kafka/protocol/message.rb +172 -0
- data/lib/kafka/protocol/message_set.rb +55 -0
- data/lib/kafka/protocol/metadata_request.rb +31 -0
- data/lib/kafka/protocol/metadata_response.rb +185 -0
- data/lib/kafka/protocol/offset_commit_request.rb +47 -0
- data/lib/kafka/protocol/offset_commit_response.rb +29 -0
- data/lib/kafka/protocol/offset_fetch_request.rb +38 -0
- data/lib/kafka/protocol/offset_fetch_response.rb +56 -0
- data/lib/kafka/protocol/produce_request.rb +94 -0
- data/lib/kafka/protocol/produce_response.rb +63 -0
- data/lib/kafka/protocol/record.rb +88 -0
- data/lib/kafka/protocol/record_batch.rb +223 -0
- data/lib/kafka/protocol/request_message.rb +26 -0
- data/lib/kafka/protocol/sasl_handshake_request.rb +33 -0
- data/lib/kafka/protocol/sasl_handshake_response.rb +28 -0
- data/lib/kafka/protocol/sync_group_request.rb +33 -0
- data/lib/kafka/protocol/sync_group_response.rb +26 -0
- data/lib/kafka/protocol/txn_offset_commit_request.rb +46 -0
- data/lib/kafka/protocol/txn_offset_commit_response.rb +47 -0
- data/lib/kafka/round_robin_assignment_strategy.rb +52 -0
- data/lib/kafka/sasl/gssapi.rb +76 -0
- data/lib/kafka/sasl/oauth.rb +64 -0
- data/lib/kafka/sasl/plain.rb +39 -0
- data/lib/kafka/sasl/scram.rb +180 -0
- data/lib/kafka/sasl_authenticator.rb +61 -0
- data/lib/kafka/snappy_codec.rb +29 -0
- data/lib/kafka/socket_with_timeout.rb +96 -0
- data/lib/kafka/ssl_context.rb +66 -0
- data/lib/kafka/ssl_socket_with_timeout.rb +188 -0
- data/lib/kafka/statsd.rb +296 -0
- data/lib/kafka/tagged_logger.rb +77 -0
- data/lib/kafka/transaction_manager.rb +306 -0
- data/lib/kafka/transaction_state_machine.rb +72 -0
- data/lib/kafka/version.rb +5 -0
- data/lib/kafka/zstd_codec.rb +27 -0
- data/lib/ruby-kafka-temp-fork.rb +5 -0
- data/ruby-kafka-temp-fork.gemspec +54 -0
- metadata +520 -0
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Protocol
|
5
|
+
class RequestMessage
|
6
|
+
API_VERSION = 0
|
7
|
+
|
8
|
+
def initialize(api_key:, api_version: API_VERSION, correlation_id:, client_id:, request:)
|
9
|
+
@api_key = api_key
|
10
|
+
@api_version = api_version
|
11
|
+
@correlation_id = correlation_id
|
12
|
+
@client_id = client_id
|
13
|
+
@request = request
|
14
|
+
end
|
15
|
+
|
16
|
+
def encode(encoder)
|
17
|
+
encoder.write_int16(@api_key)
|
18
|
+
encoder.write_int16(@api_version)
|
19
|
+
encoder.write_int32(@correlation_id)
|
20
|
+
encoder.write_string(@client_id)
|
21
|
+
|
22
|
+
@request.encode(encoder)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Protocol
|
5
|
+
|
6
|
+
# SaslHandshake Request (Version: 0) => mechanism
|
7
|
+
# mechanism => string
|
8
|
+
|
9
|
+
class SaslHandshakeRequest
|
10
|
+
|
11
|
+
SUPPORTED_MECHANISMS = %w(GSSAPI PLAIN SCRAM-SHA-256 SCRAM-SHA-512 OAUTHBEARER)
|
12
|
+
|
13
|
+
def initialize(mechanism)
|
14
|
+
unless SUPPORTED_MECHANISMS.include?(mechanism)
|
15
|
+
raise Kafka::Error, "Unsupported SASL mechanism #{mechanism}. Supported are #{SUPPORTED_MECHANISMS.join(', ')}"
|
16
|
+
end
|
17
|
+
@mechanism = mechanism
|
18
|
+
end
|
19
|
+
|
20
|
+
def api_key
|
21
|
+
SASL_HANDSHAKE_API
|
22
|
+
end
|
23
|
+
|
24
|
+
def response_class
|
25
|
+
SaslHandshakeResponse
|
26
|
+
end
|
27
|
+
|
28
|
+
def encode(encoder)
|
29
|
+
encoder.write_string(@mechanism)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Protocol
|
5
|
+
|
6
|
+
# SaslHandshake Response (Version: 0) => error_code [enabled_mechanisms]
|
7
|
+
# error_code => int16
|
8
|
+
# enabled_mechanisms => array of strings
|
9
|
+
|
10
|
+
class SaslHandshakeResponse
|
11
|
+
attr_reader :error_code
|
12
|
+
|
13
|
+
attr_reader :enabled_mechanisms
|
14
|
+
|
15
|
+
def initialize(error_code:, enabled_mechanisms:)
|
16
|
+
@error_code = error_code
|
17
|
+
@enabled_mechanisms = enabled_mechanisms
|
18
|
+
end
|
19
|
+
|
20
|
+
def self.decode(decoder)
|
21
|
+
new(
|
22
|
+
error_code: decoder.int16,
|
23
|
+
enabled_mechanisms: decoder.array { decoder.string }
|
24
|
+
)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Protocol
|
5
|
+
class SyncGroupRequest
|
6
|
+
def initialize(group_id:, generation_id:, member_id:, group_assignment: {})
|
7
|
+
@group_id = group_id
|
8
|
+
@generation_id = generation_id
|
9
|
+
@member_id = member_id
|
10
|
+
@group_assignment = group_assignment
|
11
|
+
end
|
12
|
+
|
13
|
+
def api_key
|
14
|
+
SYNC_GROUP_API
|
15
|
+
end
|
16
|
+
|
17
|
+
def response_class
|
18
|
+
SyncGroupResponse
|
19
|
+
end
|
20
|
+
|
21
|
+
def encode(encoder)
|
22
|
+
encoder.write_string(@group_id)
|
23
|
+
encoder.write_int32(@generation_id)
|
24
|
+
encoder.write_string(@member_id)
|
25
|
+
|
26
|
+
encoder.write_array(@group_assignment) do |member_id, member_assignment|
|
27
|
+
encoder.write_string(member_id)
|
28
|
+
encoder.write_bytes(Encoder.encode_with(member_assignment))
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "kafka/protocol/member_assignment"
|
4
|
+
|
5
|
+
module Kafka
|
6
|
+
module Protocol
|
7
|
+
class SyncGroupResponse
|
8
|
+
attr_reader :error_code, :member_assignment
|
9
|
+
|
10
|
+
def initialize(error_code:, member_assignment:)
|
11
|
+
@error_code = error_code
|
12
|
+
@member_assignment = member_assignment
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.decode(decoder)
|
16
|
+
error_code = decoder.int16
|
17
|
+
member_assignment_bytes = decoder.bytes
|
18
|
+
|
19
|
+
new(
|
20
|
+
error_code: error_code,
|
21
|
+
member_assignment: member_assignment_bytes ? MemberAssignment.decode(Decoder.from_string(member_assignment_bytes)) : nil
|
22
|
+
)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Protocol
|
5
|
+
class TxnOffsetCommitRequest
|
6
|
+
|
7
|
+
def api_key
|
8
|
+
TXN_OFFSET_COMMIT_API
|
9
|
+
end
|
10
|
+
|
11
|
+
def api_version
|
12
|
+
2
|
13
|
+
end
|
14
|
+
|
15
|
+
def response_class
|
16
|
+
TxnOffsetCommitResponse
|
17
|
+
end
|
18
|
+
|
19
|
+
def initialize(transactional_id:, group_id:, producer_id:, producer_epoch:, offsets:)
|
20
|
+
@transactional_id = transactional_id
|
21
|
+
@producer_id = producer_id
|
22
|
+
@producer_epoch = producer_epoch
|
23
|
+
@group_id = group_id
|
24
|
+
@offsets = offsets
|
25
|
+
end
|
26
|
+
|
27
|
+
def encode(encoder)
|
28
|
+
encoder.write_string(@transactional_id.to_s)
|
29
|
+
encoder.write_string(@group_id)
|
30
|
+
encoder.write_int64(@producer_id)
|
31
|
+
encoder.write_int16(@producer_epoch)
|
32
|
+
|
33
|
+
encoder.write_array(@offsets) do |topic, partitions|
|
34
|
+
encoder.write_string(topic)
|
35
|
+
encoder.write_array(partitions) do |partition, offset|
|
36
|
+
encoder.write_int32(partition)
|
37
|
+
encoder.write_int64(offset[:offset])
|
38
|
+
encoder.write_string(nil) # metadata
|
39
|
+
encoder.write_int32(offset[:leader_epoch])
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Protocol
|
5
|
+
class TxnOffsetCommitResponse
|
6
|
+
class PartitionError
|
7
|
+
attr_reader :partition, :error_code
|
8
|
+
|
9
|
+
def initialize(partition:, error_code:)
|
10
|
+
@partition = partition
|
11
|
+
@error_code = error_code
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
class TopicPartitionsError
|
16
|
+
attr_reader :topic, :partitions
|
17
|
+
|
18
|
+
def initialize(topic:, partitions:)
|
19
|
+
@topic = topic
|
20
|
+
@partitions = partitions
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
attr_reader :errors
|
25
|
+
|
26
|
+
def initialize(errors:)
|
27
|
+
@errors = errors
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.decode(decoder)
|
31
|
+
_throttle_time_ms = decoder.int32
|
32
|
+
errors = decoder.array do
|
33
|
+
TopicPartitionsError.new(
|
34
|
+
topic: decoder.string,
|
35
|
+
partitions: decoder.array do
|
36
|
+
PartitionError.new(
|
37
|
+
partition: decoder.int32,
|
38
|
+
error_code: decoder.int16
|
39
|
+
)
|
40
|
+
end
|
41
|
+
)
|
42
|
+
end
|
43
|
+
new(errors: errors)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module Kafka
|
2
|
+
|
3
|
+
# A round robin assignment strategy inpired on the
|
4
|
+
# original java client round robin assignor. It's capable
|
5
|
+
# of handling identical as well as different topic subscriptions
|
6
|
+
# accross the same consumer group.
|
7
|
+
class RoundRobinAssignmentStrategy
|
8
|
+
def protocol_name
|
9
|
+
"roundrobin"
|
10
|
+
end
|
11
|
+
|
12
|
+
# Assign the topic partitions to the group members.
|
13
|
+
#
|
14
|
+
# @param cluster [Kafka::Cluster]
|
15
|
+
# @param members [Hash<String, Kafka::Protocol::JoinGroupResponse::Metadata>] a hash
|
16
|
+
# mapping member ids to metadata
|
17
|
+
# @param partitions [Array<Kafka::ConsumerGroup::Assignor::Partition>] a list of
|
18
|
+
# partitions the consumer group processes
|
19
|
+
# @return [Hash<String, Array<Kafka::ConsumerGroup::Assignor::Partition>] a hash
|
20
|
+
# mapping member ids to partitions.
|
21
|
+
def call(cluster:, members:, partitions:)
|
22
|
+
partitions_per_member = Hash.new {|h, k| h[k] = [] }
|
23
|
+
relevant_partitions = valid_sorted_partitions(members, partitions)
|
24
|
+
members_ids = members.keys
|
25
|
+
iterator = (0...members.size).cycle
|
26
|
+
idx = iterator.next
|
27
|
+
|
28
|
+
relevant_partitions.each do |partition|
|
29
|
+
topic = partition.topic
|
30
|
+
|
31
|
+
while !members[members_ids[idx]].topics.include?(topic)
|
32
|
+
idx = iterator.next
|
33
|
+
end
|
34
|
+
|
35
|
+
partitions_per_member[members_ids[idx]] << partition
|
36
|
+
idx = iterator.next
|
37
|
+
end
|
38
|
+
|
39
|
+
partitions_per_member
|
40
|
+
end
|
41
|
+
|
42
|
+
def valid_sorted_partitions(members, partitions)
|
43
|
+
subscribed_topics = members.map do |id, metadata|
|
44
|
+
metadata && metadata.topics
|
45
|
+
end.flatten.compact
|
46
|
+
|
47
|
+
partitions
|
48
|
+
.select { |partition| subscribed_topics.include?(partition.topic) }
|
49
|
+
.sort_by { |partition| partition.topic }
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,76 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Sasl
|
5
|
+
class Gssapi
|
6
|
+
GSSAPI_IDENT = "GSSAPI"
|
7
|
+
GSSAPI_CONFIDENTIALITY = false
|
8
|
+
|
9
|
+
def initialize(logger:, principal:, keytab:)
|
10
|
+
@logger = TaggedLogger.new(logger)
|
11
|
+
@principal = principal
|
12
|
+
@keytab = keytab
|
13
|
+
end
|
14
|
+
|
15
|
+
def configured?
|
16
|
+
@principal && !@principal.empty?
|
17
|
+
end
|
18
|
+
|
19
|
+
def ident
|
20
|
+
GSSAPI_IDENT
|
21
|
+
end
|
22
|
+
|
23
|
+
def authenticate!(host, encoder, decoder)
|
24
|
+
load_gssapi
|
25
|
+
initialize_gssapi_context(host)
|
26
|
+
|
27
|
+
@encoder = encoder
|
28
|
+
@decoder = decoder
|
29
|
+
|
30
|
+
# send gssapi token and receive token to verify
|
31
|
+
token_to_verify = send_and_receive_sasl_token
|
32
|
+
|
33
|
+
# verify incoming token
|
34
|
+
unless @gssapi_ctx.init_context(token_to_verify)
|
35
|
+
raise Kafka::Error, "GSSAPI context verification failed."
|
36
|
+
end
|
37
|
+
|
38
|
+
# we can continue, so send OK
|
39
|
+
@encoder.write([0, 2].pack('l>c'))
|
40
|
+
|
41
|
+
# read wrapped message and return it back with principal
|
42
|
+
handshake_messages
|
43
|
+
end
|
44
|
+
|
45
|
+
def handshake_messages
|
46
|
+
msg = @decoder.bytes
|
47
|
+
raise Kafka::Error, "GSSAPI negotiation failed." unless msg
|
48
|
+
# unwrap with integrity only
|
49
|
+
msg_unwrapped = @gssapi_ctx.unwrap_message(msg, GSSAPI_CONFIDENTIALITY)
|
50
|
+
msg_wrapped = @gssapi_ctx.wrap_message(msg_unwrapped + @principal, GSSAPI_CONFIDENTIALITY)
|
51
|
+
@encoder.write_bytes(msg_wrapped)
|
52
|
+
end
|
53
|
+
|
54
|
+
def send_and_receive_sasl_token
|
55
|
+
@encoder.write_bytes(@gssapi_token)
|
56
|
+
@decoder.bytes
|
57
|
+
end
|
58
|
+
|
59
|
+
def load_gssapi
|
60
|
+
begin
|
61
|
+
require "gssapi"
|
62
|
+
rescue LoadError
|
63
|
+
@logger.error "In order to use GSSAPI authentication you need to install the `gssapi` gem."
|
64
|
+
raise
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
def initialize_gssapi_context(host)
|
69
|
+
@logger.debug "GSSAPI: Initializing context with #{host}, principal #{@principal}"
|
70
|
+
|
71
|
+
@gssapi_ctx = GSSAPI::Simple.new(host, @principal, @keytab)
|
72
|
+
@gssapi_token = @gssapi_ctx.init_context(nil)
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Kafka
|
4
|
+
module Sasl
|
5
|
+
class OAuth
|
6
|
+
OAUTH_IDENT = "OAUTHBEARER"
|
7
|
+
|
8
|
+
# token_provider: THE FOLLOWING INTERFACE MUST BE FULFILLED:
|
9
|
+
#
|
10
|
+
# [REQUIRED] TokenProvider#token - Returns an ID/Access Token to be sent to the Kafka client.
|
11
|
+
# The implementation should ensure token reuse so that multiple calls at connect time do not
|
12
|
+
# create multiple tokens. The implementation should also periodically refresh the token in
|
13
|
+
# order to guarantee that each call returns an unexpired token. A timeout error should
|
14
|
+
# be returned after a short period of inactivity so that the broker can log debugging
|
15
|
+
# info and retry.
|
16
|
+
#
|
17
|
+
# [OPTIONAL] TokenProvider#extensions - Returns a map of key-value pairs that can be sent with the
|
18
|
+
# SASL/OAUTHBEARER initial client response. If not provided, the values are ignored. This feature
|
19
|
+
# is only available in Kafka >= 2.1.0.
|
20
|
+
#
|
21
|
+
def initialize(logger:, token_provider:)
|
22
|
+
@logger = TaggedLogger.new(logger)
|
23
|
+
@token_provider = token_provider
|
24
|
+
end
|
25
|
+
|
26
|
+
def ident
|
27
|
+
OAUTH_IDENT
|
28
|
+
end
|
29
|
+
|
30
|
+
def configured?
|
31
|
+
@token_provider
|
32
|
+
end
|
33
|
+
|
34
|
+
def authenticate!(host, encoder, decoder)
|
35
|
+
# Send SASLOauthBearerClientResponse with token
|
36
|
+
@logger.debug "Authenticating to #{host} with SASL #{OAUTH_IDENT}"
|
37
|
+
|
38
|
+
encoder.write_bytes(initial_client_response)
|
39
|
+
|
40
|
+
begin
|
41
|
+
# receive SASL OAuthBearer Server Response
|
42
|
+
msg = decoder.bytes
|
43
|
+
raise Kafka::Error, "SASL #{OAUTH_IDENT} authentication failed: unknown error" unless msg
|
44
|
+
rescue Errno::ETIMEDOUT, EOFError => e
|
45
|
+
raise Kafka::Error, "SASL #{OAUTH_IDENT} authentication failed: #{e.message}"
|
46
|
+
end
|
47
|
+
|
48
|
+
@logger.debug "SASL #{OAUTH_IDENT} authentication successful."
|
49
|
+
end
|
50
|
+
|
51
|
+
private
|
52
|
+
|
53
|
+
def initial_client_response
|
54
|
+
raise Kafka::TokenMethodNotImplementedError, "Token provider doesn't define 'token'" unless @token_provider.respond_to? :token
|
55
|
+
"n,,\x01auth=Bearer #{@token_provider.token}#{token_extensions}\x01\x01"
|
56
|
+
end
|
57
|
+
|
58
|
+
def token_extensions
|
59
|
+
return nil unless @token_provider.respond_to? :extensions
|
60
|
+
"\x01#{@token_provider.extensions.map {|e| e.join("=")}.join("\x01")}"
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|