ruby-kafka 0.5.0 → 0.5.1.beta1

data/lib/kafka/sasl_authenticator.rb

@@ -1,56 +1,48 @@
-require 'kafka/sasl_gssapi_authenticator'
-require 'kafka/sasl_plain_authenticator'
+require 'kafka/sasl/plain'
+require 'kafka/sasl/gssapi'
+require 'kafka/sasl/scram'
 
 module Kafka
   class SaslAuthenticator
-    def initialize(logger:, sasl_gssapi_principal:, sasl_gssapi_keytab:, sasl_plain_authzid:, sasl_plain_username:, sasl_plain_password:)
+    def initialize(logger:, sasl_gssapi_principal:, sasl_gssapi_keytab:,
+                   sasl_plain_authzid:, sasl_plain_username:, sasl_plain_password:,
+                   sasl_scram_username:, sasl_scram_password:, sasl_scram_mechanism:)
       @logger = logger
-      @sasl_gssapi_principal = sasl_gssapi_principal
-      @sasl_gssapi_keytab = sasl_gssapi_keytab
-      @sasl_plain_authzid = sasl_plain_authzid
-      @sasl_plain_username = sasl_plain_username
-      @sasl_plain_password = sasl_plain_password
-    end
-
-    def authenticate!(connection)
-      if authenticate_using_sasl_gssapi?
-        sasl_gssapi_authenticate(connection)
-      elsif authenticate_using_sasl_plain?
-        sasl_plain_authenticate(connection)
-      end
-    end
-
-    private
 
-    def sasl_gssapi_authenticate(connection)
-      auth = SaslGssapiAuthenticator.new(
-        connection: connection,
+      @plain = Sasl::Plain.new(
+        authzid: sasl_plain_authzid,
+        username: sasl_plain_username,
+        password: sasl_plain_password,
         logger: @logger,
-        sasl_gssapi_principal: @sasl_gssapi_principal,
-        sasl_gssapi_keytab: @sasl_gssapi_keytab
       )
 
-      auth.authenticate!
-    end
-
-    def sasl_plain_authenticate(connection)
-      auth = SaslPlainAuthenticator.new(
-        connection: connection,
+      @gssapi = Sasl::Gssapi.new(
+        principal: sasl_gssapi_principal,
+        keytab: sasl_gssapi_keytab,
         logger: @logger,
-        authzid: @sasl_plain_authzid,
-        username: @sasl_plain_username,
-        password: @sasl_plain_password
       )
 
-      auth.authenticate!
+      @scram = Sasl::Scram.new(
+        username: sasl_scram_username,
+        password: sasl_scram_password,
+        mechanism: sasl_scram_mechanism,
+        logger: @logger,
+      )
     end
 
-    def authenticate_using_sasl_gssapi?
-      !@ssl_context && @sasl_gssapi_principal && !@sasl_gssapi_principal.empty?
-    end
+    def authenticate!(connection)
+      mechanism = [@gssapi, @plain, @scram].find(&:configured?)
+
+      return if mechanism.nil?
+
+      ident = mechanism.ident
+      response = connection.send_request(Kafka::Protocol::SaslHandshakeRequest.new(ident))
+
+      unless response.error_code == 0 && response.enabled_mechanisms.include?(ident)
+        raise Kafka::Error, "#{ident} is not supported."
+      end
 
-    def authenticate_using_sasl_plain?
-      @sasl_plain_authzid && @sasl_plain_username && @sasl_plain_password
+      mechanism.authenticate!(connection.to_s, connection.encoder, connection.decoder)
     end
   end
 end

data/lib/kafka/version.rb

@@ -1,3 +1,3 @@
 module Kafka
-  VERSION = "0.5.0"
+  VERSION = "0.5.1.beta1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-kafka
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.1.beta1
 platform: ruby
 authors:
 - Daniel Schierbeck
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-10-27 00:00:00.000000000 Z
+date: 2017-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -255,6 +255,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
@@ -271,7 +272,7 @@ files:
 - ci/consumer.rb
 - ci/init.rb
 - ci/producer.rb
-- circle.yml
+- docker-compose.yml
 - examples/consumer-group.rb
 - examples/firehose-consumer.rb
 - examples/firehose-producer.rb
@@ -305,7 +306,11 @@ files:
 - lib/kafka/produce_operation.rb
 - lib/kafka/producer.rb
 - lib/kafka/protocol.rb
+- lib/kafka/protocol/api_versions_request.rb
+- lib/kafka/protocol/api_versions_response.rb
 - lib/kafka/protocol/consumer_group_protocol.rb
+- lib/kafka/protocol/create_topics_request.rb
+- lib/kafka/protocol/create_topics_response.rb
 - lib/kafka/protocol/decoder.rb
 - lib/kafka/protocol/encoder.rb
 - lib/kafka/protocol/fetch_request.rb
@@ -337,9 +342,10 @@ files:
 - lib/kafka/protocol/sync_group_response.rb
 - lib/kafka/protocol/topic_metadata_request.rb
 - lib/kafka/round_robin_assignment_strategy.rb
+- lib/kafka/sasl/gssapi.rb
+- lib/kafka/sasl/plain.rb
+- lib/kafka/sasl/scram.rb
 - lib/kafka/sasl_authenticator.rb
-- lib/kafka/sasl_gssapi_authenticator.rb
-- lib/kafka/sasl_plain_authenticator.rb
 - lib/kafka/snappy_codec.rb
 - lib/kafka/socket_with_timeout.rb
 - lib/kafka/ssl_socket_with_timeout.rb
@@ -376,12 +382,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.1.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: A client library for the Kafka distributed commit log.

data/circle.yml

@@ -1,23 +0,0 @@
-machine:
-  pre:
-    - curl -sSL https://s3.amazonaws.com/circle-downloads/install-circleci-docker.sh | bash -s -- 1.10.0
-  services:
-    - docker
-  environment:
-    LOG_LEVEL: DEBUG
-  ruby:
-    version: 2.4.1
-
-dependencies:
-  pre:
-    - docker -v
-    - docker pull ches/kafka:0.10.0.0
-    - docker pull jplock/zookeeper:3.4.6
-
-test:
-  override:
-    - bundle exec rspec -r rspec_junit_formatter --format RspecJunitFormatter -o $CIRCLE_TEST_REPORTS/rspec/unit.xml
-    - bundle exec rspec -r rspec_junit_formatter --format RspecJunitFormatter -o $CIRCLE_TEST_REPORTS/rspec/functional.xml --tag functional
-  post:
-    - bundle exec rubocop
-    - cp *.log $CIRCLE_ARTIFACTS/ || true

data/lib/kafka/sasl_gssapi_authenticator.rb

@@ -1,77 +0,0 @@
-module Kafka
-  class SaslGssapiAuthenticator
-    GSSAPI_IDENT = "GSSAPI"
-    GSSAPI_CONFIDENTIALITY = false
-
-    def initialize(connection:, logger:, sasl_gssapi_principal:, sasl_gssapi_keytab:)
-      @connection = connection
-      @logger = logger
-      @principal = sasl_gssapi_principal
-      @keytab = sasl_gssapi_keytab
-
-      load_gssapi
-      initialize_gssapi_context
-    end
-
-    def authenticate!
-      proceed_sasl_gssapi_negotiation
-    end
-
-    private
-
-    def proceed_sasl_gssapi_negotiation
-      response = @connection.send_request(Kafka::Protocol::SaslHandshakeRequest.new(GSSAPI_IDENT))
-
-      @encoder = @connection.encoder
-      @decoder = @connection.decoder
-
-      unless response.error_code == 0 && response.enabled_mechanisms.include?(GSSAPI_IDENT)
-        raise Kafka::Error, "#{GSSAPI_IDENT} is not supported."
-      end
-
-      # send gssapi token and receive token to verify
-      token_to_verify = send_and_receive_sasl_token
-
-      # verify incoming token
-      unless @gssapi_ctx.init_context(token_to_verify)
-        raise Kafka::Error, "GSSAPI context verification failed."
-      end
-
-      # we can continue, so send OK
-      @encoder.write([0, 2].pack('l>c'))
-
-      # read wrapped message and return it back with principal
-      handshake_messages
-    end
-
-    def handshake_messages
-      msg = @decoder.bytes
-      raise Kafka::Error, "GSSAPI negotiation failed." unless msg
-      # unwrap with integrity only
-      msg_unwrapped = @gssapi_ctx.unwrap_message(msg, GSSAPI_CONFIDENTIALITY)
-      msg_wrapped = @gssapi_ctx.wrap_message(msg_unwrapped + @principal, GSSAPI_CONFIDENTIALITY)
-      @encoder.write_bytes(msg_wrapped)
-    end
-
-    def send_and_receive_sasl_token
-      @encoder.write_bytes(@gssapi_token)
-      @decoder.bytes
-    end
-
-    def load_gssapi
-      begin
-        require "gssapi"
-      rescue LoadError
-        @logger.error "In order to use GSSAPI authentication you need to install the `gssapi` gem."
-        raise
-      end
-    end
-
-    def initialize_gssapi_context
-      @logger.debug "GSSAPI: Initializing context with #{@connection.to_s}, principal #{@principal}"
-
-      @gssapi_ctx = GSSAPI::Simple.new(@connection.to_s, @principal, @keytab)
-      @gssapi_token = @gssapi_ctx.init_context(nil)
-    end
-  end
-end

data/lib/kafka/sasl_plain_authenticator.rb

@@ -1,37 +0,0 @@
-module Kafka
-  class SaslPlainAuthenticator
-    PLAIN_IDENT = "PLAIN"
-
-    def initialize(connection:, logger:, authzid:, username:, password:)
-      @connection = connection
-      @logger = logger
-      @authzid = authzid
-      @username = username
-      @password = password
-    end
-
-    def authenticate!
-      response = @connection.send_request(Kafka::Protocol::SaslHandshakeRequest.new(PLAIN_IDENT))
-
-      @encoder = @connection.encoder
-      @decoder = @connection.decoder
-
-      unless response.error_code == 0 && response.enabled_mechanisms.include?(PLAIN_IDENT)
-        raise Kafka::Error, "#{PLAIN_IDENT} is not supported."
-      end
-
-      # SASL PLAIN
-      msg = [@authzid.to_s,
-             @username.to_s,
-             @password.to_s].join("\000").force_encoding('utf-8')
-      @encoder.write_bytes(msg)
-      begin
-        msg = @decoder.bytes
-        raise Kafka::Error, 'SASL PLAIN authentication failed: unknown error' unless msg
-      rescue Errno::ETIMEDOUT, EOFError => e
-        raise Kafka::Error, "SASL PLAIN authentication failed: #{e.message}"
-      end
-      @logger.debug 'SASL PLAIN authentication successful.'
-    end
-  end
-end