@platformatic/kafka 1.2.0 → 1.3.0

package/README.md

@@ -137,6 +137,10 @@ await admin.deleteTopics({ topics: ['my-topic'] })
 await admin.close()
 ```
 
+## TLS and SASL
+
+See the relevant sections in the the [Base Client](./docs/base.md) page.
+
 ## Serialisation/Deserialisation
 
 `@platformatic/kafka` supports customisation of serialisation out of the box.

package/dist/{clients → apis}/callbacks.d.ts

@@ -1,4 +1,4 @@
-import { type Callback } from '../apis/definitions.ts';
+import { type Callback } from './definitions.ts';
 export declare const kCallbackPromise: unique symbol;
 export declare const kNoopCallbackReturnValue: unique symbol;
 export declare const noopCallback: CallbackWithPromise<any>;

package/dist/apis/enumerations.d.ts

@@ -1,3 +1,5 @@
+export declare const SASLMechanisms: readonly ["PLAIN", "SCRAM-SHA-256", "SCRAM-SHA-512"];
+export type SASLMechanism = (typeof SASLMechanisms)[number];
 export declare const FindCoordinatorKeyTypes: {
     readonly GROUP: 0;
     readonly TRANSACTION: 1;

package/dist/apis/enumerations.js

@@ -1,3 +1,5 @@
+// SASL Authentication
+export const SASLMechanisms = ['PLAIN', 'SCRAM-SHA-256', 'SCRAM-SHA-512'];
 // Metadata API
 // ./metadata/find-coordinator.ts
 export const FindCoordinatorKeyTypes = { GROUP: 0, TRANSACTION: 1, SHARE: 2 };

package/dist/apis/index.d.ts

@@ -1,3 +1,4 @@
+export * from './callbacks.ts';
 export * from './definitions.ts';
 export * from './enumerations.ts';
 export * from './admin/index.ts';

package/dist/apis/index.js

@@ -1,4 +1,5 @@
 // Generics
+export * from "./callbacks.js";
 export * from "./definitions.js";
 export * from "./enumerations.js";
 // Low-level APIs

package/dist/apis/security/sasl-handshake-v1.js

@@ -2,7 +2,7 @@ import { ResponseError } from "../../errors.js";
 import { Writer } from "../../protocol/writer.js";
 import { createAPI } from "../definitions.js";
 /*
-  SaslHandshake Request (Version: 0) => mechanism
+  SaslHandshake Request (Version: 1) => mechanism
     mechanism => STRING
 */
 export function createRequest(mechanism) {

package/dist/clients/admin/admin.d.ts

@@ -1,6 +1,6 @@
+import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { type Callback } from '../../apis/definitions.ts';
 import { Base } from '../base/base.ts';
-import { type CallbackWithPromise } from '../callbacks.ts';
 import { type AdminOptions, type CreatedTopic, type CreateTopicsOptions, type DeleteGroupsOptions, type DeleteTopicsOptions, type DescribeGroupsOptions, type Group, type GroupBase, type ListGroupsOptions } from './types.ts';
 export declare class Admin extends Base<AdminOptions> {
     #private;

package/dist/clients/admin/admin.js

@@ -1,8 +1,8 @@
+import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../../apis/callbacks.js";
 import { FindCoordinatorKeyTypes } from "../../apis/enumerations.js";
 import { adminGroupsChannel, adminTopicsChannel, createDiagnosticContext } from "../../diagnostic.js";
 import { Reader } from "../../protocol/reader.js";
-import { Base, kAfterCreate, kBootstrapBrokers, kCheckNotClosed, kConnections, kGetApi, kMetadata, kOptions, kPerformDeduplicated, kPerformWithRetry, kValidateOptions } from "../base/base.js";
-import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../callbacks.js";
+import { Base, kAfterCreate, kCheckNotClosed, kGetApi, kGetBootstrapConnection, kGetConnection, kMetadata, kOptions, kPerformDeduplicated, kPerformWithRetry, kValidateOptions } from "../base/base.js";
 import { createTopicsOptionsValidator, deleteGroupsOptionsValidator, deleteTopicsOptionsValidator, describeGroupsOptionsValidator, listGroupsOptionsValidator } from "./options.js";
 export class Admin extends Base {
     constructor(options) {
@@ -107,7 +107,7 @@ export class Admin extends Base {
         }
         this[kPerformDeduplicated]('createTopics', deduplicateCallback => {
             this[kPerformWithRetry]('createTopics', retryCallback => {
-                this[kConnections].getFirstAvailable(this[kBootstrapBrokers], (error, connection) => {
+                this[kGetBootstrapConnection]((error, connection) => {
                     if (error) {
                         retryCallback(error, undefined);
                         return;
@@ -140,7 +140,7 @@ export class Admin extends Base {
     #deleteTopics(options, callback) {
         this[kPerformDeduplicated]('deleteTopics', deduplicateCallback => {
             this[kPerformWithRetry]('deleteTopics', retryCallback => {
-                this[kConnections].getFirstAvailable(this[kBootstrapBrokers], (error, connection) => {
+                this[kGetBootstrapConnection]((error, connection) => {
                     if (error) {
                         retryCallback(error, undefined);
                         return;
@@ -168,7 +168,7 @@ export class Admin extends Base {
                 return;
             }
             runConcurrentCallbacks('Listing groups failed.', metadata.brokers, ([, broker], concurrentCallback) => {
-                this[kConnections].get(broker, (error, connection) => {
+                this[kGetConnection](broker, (error, connection) => {
                     if (error) {
                         concurrentCallback(error, undefined);
                         return;
@@ -231,7 +231,7 @@ export class Admin extends Base {
                     coordinator.push(group);
                 }
                 runConcurrentCallbacks('Describing groups failed.', coordinators, ([node, groups], concurrentCallback) => {
-                    this[kConnections].get(metadata.brokers.get(node), (error, connection) => {
+                    this[kGetConnection](metadata.brokers.get(node), (error, connection) => {
                         if (error) {
                             concurrentCallback(error, undefined);
                             return;
@@ -313,7 +313,7 @@ export class Admin extends Base {
                     coordinator.push(group);
                 }
                 runConcurrentCallbacks('Deleting groups failed.', coordinators, ([node, groups], concurrentCallback) => {
-                    this[kConnections].get(metadata.brokers.get(node), (error, connection) => {
+                    this[kGetConnection](metadata.brokers.get(node), (error, connection) => {
                         if (error) {
                             concurrentCallback(error, undefined);
                             return;
@@ -334,7 +334,7 @@ export class Admin extends Base {
     }
     #findGroupCoordinator(groups, callback) {
         this[kPerformWithRetry]('findGroupCoordinator', retryCallback => {
-            this[kConnections].getFirstAvailable(this[kBootstrapBrokers], (error, connection) => {
+            this[kGetBootstrapConnection]((error, connection) => {
                 if (error) {
                     retryCallback(error, undefined);
                     return;

package/dist/clients/base/base.d.ts

@@ -1,18 +1,20 @@
 import { type ValidateFunction } from 'ajv';
 import { EventEmitter } from 'node:events';
+import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { type API, type Callback } from '../../apis/definitions.ts';
 import { type ApiVersionsResponseApi } from '../../apis/metadata/api-versions-v3.ts';
 import { type ClientType } from '../../diagnostic.ts';
 import { ConnectionPool } from '../../network/connection-pool.ts';
-import { type Broker } from '../../network/connection.ts';
+import { type Broker, type Connection } from '../../network/connection.ts';
 import { kInstance } from '../../symbols.ts';
-import { type CallbackWithPromise } from '../callbacks.ts';
 import { type Metrics } from '../metrics.ts';
 import { type BaseOptions, type ClusterMetadata, type MetadataOptions } from './types.ts';
 export declare const kClientId: unique symbol;
 export declare const kBootstrapBrokers: unique symbol;
 export declare const kApis: unique symbol;
 export declare const kGetApi: unique symbol;
+export declare const kGetConnection: unique symbol;
+export declare const kGetBootstrapConnection: unique symbol;
 export declare const kOptions: unique symbol;
 export declare const kConnections: unique symbol;
 export declare const kFetchConnections: unique symbol;
@@ -63,6 +65,8 @@ export declare class Base<OptionsType extends BaseOptions = BaseOptions> extends
     [kPerformWithRetry]<ReturnType>(operationId: string, operation: (callback: Callback<ReturnType>) => void, callback: CallbackWithPromise<ReturnType>, attempt?: number, errors?: Error[], shouldSkipRetry?: (e: Error) => boolean): void | Promise<ReturnType>;
     [kPerformDeduplicated]<ReturnType>(operationId: string, operation: (callback: CallbackWithPromise<ReturnType>) => void, callback: CallbackWithPromise<ReturnType>): void | Promise<ReturnType>;
     [kGetApi]<RequestArguments extends Array<unknown>, ResponseType>(name: string, callback: Callback<API<RequestArguments, ResponseType>>): void;
+    [kGetConnection](broker: Broker, callback: Callback<Connection>): void;
+    [kGetBootstrapConnection](callback: Callback<Connection>): void;
     [kValidateOptions](target: unknown, validator: ValidateFunction<unknown>, targetName: string, throwOnErrors?: boolean): Error | null;
     [kInspect](...args: unknown[]): void;
     [kFormatValidationErrors](validator: ValidateFunction<unknown>, targetName: string): string;

package/dist/clients/base/base.js

@@ -1,4 +1,5 @@
 import { EventEmitter } from 'node:events';
+import { createPromisifiedCallback, kCallbackPromise } from "../../apis/callbacks.js";
 import * as apis from "../../apis/index.js";
 import { api as apiVersionsV3 } from "../../apis/metadata/api-versions-v3.js";
 import { baseApisChannel, baseMetadataChannel, createDiagnosticContext, notifyCreation } from "../../diagnostic.js";
@@ -6,12 +7,13 @@ import { MultipleErrors, NetworkError, UnsupportedApiError, UserError } from "..
 import { ConnectionPool } from "../../network/connection-pool.js";
 import { kInstance } from "../../symbols.js";
 import { ajv, debugDump, loggers } from "../../utils.js";
-import { createPromisifiedCallback, kCallbackPromise } from "../callbacks.js";
 import { baseOptionsValidator, clientSoftwareName, clientSoftwareVersion, defaultBaseOptions, defaultPort, metadataOptionsValidator } from "./options.js";
 export const kClientId = Symbol('plt.kafka.base.clientId');
 export const kBootstrapBrokers = Symbol('plt.kafka.base.bootstrapBrokers');
 export const kApis = Symbol('plt.kafka.base.apis');
 export const kGetApi = Symbol('plt.kafka.base.getApi');
+export const kGetConnection = Symbol('plt.kafka.base.getConnection');
+export const kGetBootstrapConnection = Symbol('plt.kafka.base.getBootstrapConnection');
 export const kOptions = Symbol('plt.kafka.base.options');
 export const kConnections = Symbol('plt.kafka.base.connections');
 export const kFetchConnections = Symbol('plt.kafka.base.fetchCnnections');
@@ -119,15 +121,13 @@ export class Base extends EventEmitter {
             ownerId: this[kInstance],
             ...this[kOptions]
         });
-        for (const event of ['connect', 'disconnect', 'failed', 'drain']) {
-            pool.on(event, payload => this.emitWithDebug('client', `broker:${event}`, payload));
-        }
+        this.#forwardEvents(pool, ['connect', 'disconnect', 'failed', 'drain', 'sasl:handshake', 'sasl:authentication']);
         return pool;
     }
     [kListApis](callback) {
         this[kPerformDeduplicated]('listApis', deduplicateCallback => {
             this[kPerformWithRetry]('listApis', retryCallback => {
-                this[kConnections].getFirstAvailable(this[kBootstrapBrokers], (error, connection) => {
+                this[kGetBootstrapConnection]((error, connection) => {
                     if (error) {
                         retryCallback(error, undefined);
                         return;
@@ -157,7 +157,7 @@ export class Base extends EventEmitter {
         const autocreateTopics = options.autocreateTopics ?? this[kOptions].autocreateTopics;
         this[kPerformDeduplicated]('metadata', deduplicateCallback => {
             this[kPerformWithRetry]('metadata', retryCallback => {
-                this[kConnections].getFirstAvailable(this[kBootstrapBrokers], (error, connection) => {
+                this[kGetBootstrapConnection]((error, connection) => {
                     if (error) {
                         retryCallback(error, undefined);
                         return;
@@ -305,6 +305,12 @@ export class Base extends EventEmitter {
         }
         callback(new UnsupportedApiError(`No usable implementation found for API ${name}.`, { minVersion, maxVersion }), undefined);
     }
+    [kGetConnection](broker, callback) {
+        this[kConnections].get(broker, callback);
+    }
+    [kGetBootstrapConnection](callback) {
+        this[kConnections].getFirstAvailable(this[kBootstrapBrokers], callback);
+    }
     [kValidateOptions](target, validator, targetName, throwOnErrors = true) {
         if (!this[kOptions].strict) {
             return null;
@@ -330,4 +336,11 @@ export class Base extends EventEmitter {
         this[kClientType] = type;
         notifyCreation(type, this);
     }
+    #forwardEvents(source, events) {
+        for (const event of events) {
+            source.on(event, (...args) => {
+                this.emitWithDebug('client', `broker:${event}`, ...args);
+            });
+        }
+    }
 }

package/dist/clients/base/options.d.ts

@@ -69,6 +69,27 @@ export declare const baseOptionsSchema: {
             type: string;
             minimum: number;
         };
+        tls: {
+            type: string;
+            additionalProperties: boolean;
+        };
+        sasl: {
+            type: string;
+            properties: {
+                mechanism: {
+                    type: string;
+                    enum: readonly ["PLAIN", "SCRAM-SHA-256", "SCRAM-SHA-512"];
+                };
+                username: {
+                    type: string;
+                };
+                password: {
+                    type: string;
+                };
+            };
+            required: string[];
+            additionalProperties: boolean;
+        };
         metadataMaxAge: {
             type: string;
             minimum: number;

package/dist/clients/base/options.js

@@ -1,4 +1,5 @@
 import { readFileSync } from 'node:fs';
+import { SASLMechanisms } from "../../apis/enumerations.js";
 import { ajv } from "../../utils.js";
 const packageJson = JSON.parse(readFileSync(new URL('../../../package.json', import.meta.url), 'utf-8'));
 // Note: clientSoftwareName can only contain alphanumeric characters, hyphens and dots
@@ -31,6 +32,17 @@ export const baseOptionsSchema = {
         retries: { type: 'number', minimum: 0 },
         retryDelay: { type: 'number', minimum: 0 },
         maxInflights: { type: 'number', minimum: 0 },
+        tls: { type: 'object', additionalProperties: true }, // No validation as they come from Node.js
+        sasl: {
+            type: 'object',
+            properties: {
+                mechanism: { type: 'string', enum: SASLMechanisms },
+                username: { type: 'string' },
+                password: { type: 'string' }
+            },
+            required: ['mechanism', 'username', 'password'],
+            additionalProperties: false
+        },
         metadataMaxAge: { type: 'number', minimum: 0 },
         autocreateTopics: { type: 'boolean' },
         strict: { type: 'boolean' },

package/dist/clients/consumer/consumer.d.ts

@@ -1,7 +1,7 @@
+import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { type FetchResponse } from '../../apis/consumer/fetch-v17.ts';
 import { type ConnectionPool } from '../../network/connection-pool.ts';
 import { Base, kFetchConnections } from '../base/base.ts';
-import { type CallbackWithPromise } from '../callbacks.ts';
 import { MessagesStream } from './messages-stream.ts';
 import { TopicsMap } from './topics-map.ts';
 import { type CommitOptions, type ConsumeOptions, type ConsumerOptions, type FetchOptions, type GroupAssignment, type GroupOptions, type ListCommitsOptions, type ListOffsetsOptions, type Offsets } from './types.ts';

package/dist/clients/consumer/consumer.js

@@ -1,11 +1,11 @@
+import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../../apis/callbacks.js";
 import { FetchIsolationLevels, FindCoordinatorKeyTypes } from "../../apis/enumerations.js";
 import { consumerCommitsChannel, consumerConsumesChannel, consumerFetchesChannel, consumerGroupChannel, consumerHeartbeatChannel, consumerOffsetsChannel, createDiagnosticContext } from "../../diagnostic.js";
 import { UserError } from "../../errors.js";
 import { Reader } from "../../protocol/reader.js";
 import { Writer } from "../../protocol/writer.js";
-import { Base, kAfterCreate, kBootstrapBrokers, kCheckNotClosed, kClosed, kConnections, kCreateConnectionPool, kFetchConnections, kFormatValidationErrors, kGetApi, kMetadata, kOptions, kPerformDeduplicated, kPerformWithRetry, kPrometheus, kValidateOptions } from "../base/base.js";
+import { Base, kAfterCreate, kCheckNotClosed, kClosed, kCreateConnectionPool, kFetchConnections, kFormatValidationErrors, kGetApi, kGetBootstrapConnection, kGetConnection, kMetadata, kOptions, kPerformDeduplicated, kPerformWithRetry, kPrometheus, kValidateOptions } from "../base/base.js";
 import { defaultBaseOptions } from "../base/options.js";
-import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../callbacks.js";
 import { ensureMetric } from "../metrics.js";
 import { MessagesStream } from "./messages-stream.js";
 import { commitOptionsValidator, consumeOptionsValidator, consumerOptionsValidator, defaultConsumerOptions, fetchOptionsValidator, groupIdAndOptionsValidator, groupOptionsValidator, listCommitsOptionsValidator, listOffsetsOptionsValidator } from "./options.js";
@@ -340,7 +340,7 @@ export class Consumer extends Base {
             }
             runConcurrentCallbacks('Listing offsets failed.', requests, ([leader, requests], concurrentCallback) => {
                 this[kPerformWithRetry]('listOffsets', retryCallback => {
-                    this[kConnections].get(metadata.brokers.get(leader), (error, connection) => {
+                    this[kGetConnection](metadata.brokers.get(leader), (error, connection) => {
                         if (error) {
                             retryCallback(error, undefined);
                             return;
@@ -508,7 +508,7 @@ export class Consumer extends Base {
     #performFindGroupCoordinator(callback) {
         this[kPerformDeduplicated]('findGroupCoordinator', deduplicateCallback => {
             this[kPerformWithRetry]('findGroupCoordinator', retryCallback => {
-                this[kConnections].getFirstAvailable(this[kBootstrapBrokers], (error, connection) => {
+                this[kGetBootstrapConnection]((error, connection) => {
                     if (error) {
                         retryCallback(error, undefined);
                         return;
@@ -738,7 +738,7 @@ export class Consumer extends Base {
                     return;
                 }
                 this[kPerformWithRetry](operationId, retryCallback => {
-                    this[kConnections].get(metadata.brokers.get(coordinatorId), (error, connection) => {
+                    this[kGetConnection](metadata.brokers.get(coordinatorId), (error, connection) => {
                         if (error) {
                             retryCallback(error, undefined);
                             return;

package/dist/clients/consumer/messages-stream.d.ts

@@ -1,7 +1,7 @@
 import { Readable } from 'node:stream';
+import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { type Message } from '../../protocol/records.ts';
 import { kInspect } from '../base/base.ts';
-import { type CallbackWithPromise } from '../callbacks.ts';
 import { type Consumer } from './consumer.ts';
 import { type CommitOptionsPartition, type ConsumeOptions } from './types.ts';
 export declare function noopDeserializer(data?: Buffer): Buffer | undefined;

package/dist/clients/consumer/messages-stream.js

@@ -1,9 +1,9 @@
 import { Readable } from 'node:stream';
+import { createPromisifiedCallback, kCallbackPromise, noopCallback } from "../../apis/callbacks.js";
 import { ListOffsetTimestamps } from "../../apis/enumerations.js";
 import { consumerReceivesChannel, createDiagnosticContext, notifyCreation } from "../../diagnostic.js";
 import { UserError } from "../../errors.js";
 import { kInspect, kPrometheus } from "../base/base.js";
-import { createPromisifiedCallback, kCallbackPromise, noopCallback } from "../callbacks.js";
 import { ensureMetric } from "../metrics.js";
 import { defaultConsumerOptions } from "./options.js";
 import { MessagesStreamFallbackModes, MessagesStreamModes } from "./types.js";

package/dist/clients/index.d.ts

@@ -1,4 +1,3 @@
-export * from './callbacks.ts';
 export * from './serde.ts';
 export * from './admin/index.ts';
 export * from './base/index.ts';

package/dist/clients/index.js

@@ -1,4 +1,3 @@
-export * from "./callbacks.js";
 export * from "./serde.js";
 export * from "./admin/index.js";
 export * from "./base/index.js";

package/dist/clients/producer/producer.d.ts

@@ -1,5 +1,5 @@
+import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { Base } from '../base/base.ts';
-import { type CallbackWithPromise } from '../callbacks.ts';
 import { type ProduceOptions, type ProduceResult, type ProducerInfo, type ProducerOptions, type SendOptions } from './types.ts';
 export declare class Producer<Key = Buffer, Value = Buffer, HeaderKey = Buffer, HeaderValue = Buffer> extends Base<ProducerOptions<Key, Value, HeaderKey, HeaderValue>> {
     #private;

package/dist/clients/producer/producer.js

@@ -1,10 +1,10 @@
+import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../../apis/callbacks.js";
 import { ProduceAcks } from "../../apis/enumerations.js";
 import { createDiagnosticContext, producerInitIdempotentChannel, producerSendsChannel } from "../../diagnostic.js";
 import { UserError } from "../../errors.js";
 import { murmur2 } from "../../protocol/murmur2.js";
 import { NumericMap } from "../../utils.js";
-import { Base, kAfterCreate, kBootstrapBrokers, kCheckNotClosed, kClearMetadata, kClosed, kConnections, kGetApi, kMetadata, kOptions, kPerformDeduplicated, kPerformWithRetry, kPrometheus, kValidateOptions } from "../base/base.js";
-import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../callbacks.js";
+import { Base, kAfterCreate, kCheckNotClosed, kClearMetadata, kClosed, kGetApi, kGetBootstrapConnection, kGetConnection, kMetadata, kOptions, kPerformDeduplicated, kPerformWithRetry, kPrometheus, kValidateOptions } from "../base/base.js";
 import { ensureMetric } from "../metrics.js";
 import { produceOptionsValidator, producerOptionsValidator, sendOptionsValidator } from "./options.js";
 // Don't move this function as being in the same file will enable V8 to remove.
@@ -108,7 +108,7 @@ export class Producer extends Base {
     #initIdempotentProducer(options, callback) {
         this[kPerformDeduplicated]('initProducerId', deduplicateCallback => {
             this[kPerformWithRetry]('initProducerId', retryCallback => {
-                this[kConnections].getFirstAvailable(this[kBootstrapBrokers], (error, connection) => {
+                this[kGetBootstrapConnection]((error, connection) => {
                     if (error) {
                         retryCallback(error, undefined);
                         return;
@@ -292,7 +292,7 @@ export class Producer extends Base {
             const { topic, partition } = messages[0];
             const leader = metadata.topics.get(topic).partitions[partition].leader;
             this[kPerformWithRetry]('produce', retryCallback => {
-                this[kConnections].get(metadata.brokers.get(leader), (error, connection) => {
+                this[kGetConnection](metadata.brokers.get(leader), (error, connection) => {
                     if (error) {
                         retryCallback(error, undefined);
                         return;

package/dist/diagnostic.d.ts

@@ -19,13 +19,13 @@ export type ClientDiagnosticEvent<InstanceType extends Base = Base, Attributes =
 export type TracingChannelWithName<EventType extends object> = TracingChannel<string, EventType> & {
     name: string;
 };
-export type DiagnosticContext<BaseContext> = BaseContext & {
+export type DiagnosticContext<BaseContext = {}> = BaseContext & {
     operationId: bigint;
     result?: unknown;
     error?: unknown;
 };
 export declare const channelsNamespace: "plt:kafka";
-export declare function createDiagnosticContext<BaseContext>(context: BaseContext): DiagnosticContext<BaseContext>;
+export declare function createDiagnosticContext<BaseContext = {}>(context: BaseContext): DiagnosticContext<BaseContext>;
 export declare function notifyCreation<InstanceType>(type: ClientType | 'connection' | 'connection-pool' | 'messages-stream', instance: InstanceType): void;
 export declare function createTracingChannel<DiagnosticEvent extends object>(name: string): TracingChannelWithName<DiagnosticEvent>;
 export declare const instancesChannel: import("diagnostics_channel").Channel<unknown, unknown>;

package/dist/errors.js

@@ -87,7 +87,7 @@ export * from "./protocol/errors.js";
 export class AuthenticationError extends GenericError {
     static code = 'PLT_KFK_AUTHENTICATION';
     constructor(message, properties = {}) {
-        super(AuthenticationError.code, message, properties);
+        super(AuthenticationError.code, message, { canRetry: false, ...properties });
     }
 }
 export class NetworkError extends GenericError {

package/dist/network/connection-pool.d.ts

@@ -1,5 +1,5 @@
 import EventEmitter from 'node:events';
-import { type CallbackWithPromise } from '../clients/callbacks.ts';
+import { type CallbackWithPromise } from '../apis/callbacks.ts';
 import { Connection, type Broker, type ConnectionOptions } from './connection.ts';
 export declare class ConnectionPool extends EventEmitter {
     #private;
@@ -7,6 +7,8 @@ export declare class ConnectionPool extends EventEmitter {
     get instanceId(): number;
     get(broker: Broker, callback: CallbackWithPromise<Connection>): void;
     get(broker: Broker): Promise<Connection>;
-    getFirstAvailable(brokers: Broker[], callback?: CallbackWithPromise<Connection>): void | Promise<Connection>;
-    close(callback?: CallbackWithPromise<void>): void | Promise<void>;
+    getFirstAvailable(brokers: Broker[], callback: CallbackWithPromise<Connection>): void;
+    getFirstAvailable(brokers: Broker[]): Promise<Connection>;
+    close(callback: CallbackWithPromise<void>): void;
+    close(): Promise<void>;
 }

package/dist/network/connection-pool.js

@@ -1,5 +1,5 @@
 import EventEmitter from 'node:events';
-import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../clients/callbacks.js";
+import { createPromisifiedCallback, kCallbackPromise, runConcurrentCallbacks } from "../apis/callbacks.js";
 import { connectionsPoolGetsChannel, createDiagnosticContext, notifyCreation } from "../diagnostic.js";
 import { MultipleErrors } from "../errors.js";
 import { Connection, ConnectionStatuses } from "./connection.js";
@@ -83,6 +83,12 @@ export class ConnectionPool extends EventEmitter {
             this.emit('connect', eventPayload);
             callback(null, connection);
         });
+        connection.on('sasl:handshake', mechanisms => {
+            this.emit('sasl:handshake', { ...eventPayload, mechanisms });
+        });
+        connection.on('sasl:authentication', authentication => {
+            this.emit('sasl:authentication', { ...eventPayload, authentication });
+        });
         // Remove stale connections from the pool
         connection.once('close', () => {
             this.emit('disconnect', eventPayload);

package/dist/network/connection.d.ts

@@ -1,17 +1,24 @@
 import EventEmitter from 'node:events';
 import { type Socket } from 'node:net';
 import { type ConnectionOptions as TLSConnectionOptions } from 'node:tls';
+import { type CallbackWithPromise } from '../apis/callbacks.ts';
 import { type Callback, type ResponseParser } from '../apis/definitions.ts';
-import { type CallbackWithPromise } from '../clients/callbacks.ts';
+import { type SASLMechanism } from '../apis/enumerations.ts';
 import { Writer } from '../protocol/writer.ts';
 export interface Broker {
     host: string;
     port: number;
 }
+export interface SASLOptions {
+    mechanism: SASLMechanism;
+    username: string;
+    password: string;
+}
 export interface ConnectionOptions {
     connectTimeout?: number;
     maxInflights?: number;
     tls?: TLSConnectionOptions;
+    sasl?: SASLOptions;
     ownerId?: number;
 }
 export interface Request {
@@ -28,6 +35,7 @@ export interface Request {
 export declare const ConnectionStatuses: {
     readonly NONE: "none";
     readonly CONNECTING: "connecting";
+    readonly AUTHENTICATING: "authenticating";
     readonly CONNECTED: "connected";
     readonly CLOSED: "closed";
     readonly CLOSING: "closing";
@@ -43,7 +51,9 @@ export declare class Connection extends EventEmitter {
     get status(): ConnectionStatusValue;
     get socket(): Socket;
     connect(host: string, port: number, callback?: CallbackWithPromise<void>): void | Promise<void>;
-    ready(callback?: CallbackWithPromise<void>): void | Promise<void>;
-    close(callback?: CallbackWithPromise<void>): void | Promise<void>;
+    ready(callback: CallbackWithPromise<void>): void;
+    ready(): Promise<void>;
+    close(callback: CallbackWithPromise<void>): void;
+    close(): Promise<void>;
     send<ReturnType>(apiKey: number, apiVersion: number, payload: () => Writer, responseParser: ResponseParser<ReturnType>, hasRequestHeaderTaggedFields: boolean, hasResponseHeaderTaggedFields: boolean, callback: Callback<ReturnType>): void;
 }

package/dist/network/connection.js

@@ -2,18 +2,23 @@ import fastq from 'fastq';
 import EventEmitter from 'node:events';
 import { createConnection } from 'node:net';
 import { connect as createTLSConnection } from 'node:tls';
-import { createPromisifiedCallback, kCallbackPromise } from "../clients/callbacks.js";
+import { createPromisifiedCallback, kCallbackPromise } from "../apis/callbacks.js";
+import { SASLMechanisms } from "../apis/enumerations.js";
+import { saslAuthenticateV2, saslHandshakeV1 } from "../apis/index.js";
 import { connectionsApiChannel, connectionsConnectsChannel, createDiagnosticContext, notifyCreation } from "../diagnostic.js";
-import { NetworkError, TimeoutError, UnexpectedCorrelationIdError } from "../errors.js";
+import { AuthenticationError, NetworkError, TimeoutError, UnexpectedCorrelationIdError, UserError } from "../errors.js";
 import { protocolAPIsById } from "../protocol/apis.js";
 import { EMPTY_OR_SINGLE_COMPACT_LENGTH_SIZE, INT32_SIZE } from "../protocol/definitions.js";
 import { DynamicBuffer } from "../protocol/dynamic-buffer.js";
+import { saslPlain, saslScramSha } from "../protocol/index.js";
 import { Reader } from "../protocol/reader.js";
+import { defaultCrypto } from "../protocol/sasl/scram-sha.js";
 import { Writer } from "../protocol/writer.js";
 import { loggers } from "../utils.js";
 export const ConnectionStatuses = {
     NONE: 'none',
     CONNECTING: 'connecting',
+    AUTHENTICATING: 'authenticating',
     CONNECTED: 'connected',
     CLOSED: 'closed',
     CLOSING: 'closing',
@@ -97,14 +102,8 @@ export class Connection extends EventEmitter {
                 this.emit('error', error);
                 connectionsConnectsChannel.asyncEnd.publish(diagnosticContext);
             };
-            const connectionErrorHandler = (e) => {
-                const error = new NetworkError(`Connection to ${host}:${port} failed.`, { cause: e });
-                diagnosticContext.error = error;
-                this.#status = ConnectionStatuses.ERROR;
-                connectionsConnectsChannel.error.publish(diagnosticContext);
-                connectionsConnectsChannel.asyncStart.publish(diagnosticContext);
-                this.emit('error', error);
-                connectionsConnectsChannel.asyncEnd.publish(diagnosticContext);
+            const connectionErrorHandler = (error) => {
+                this.#onConnectionError(host, port, diagnosticContext, error);
             };
             this.emit('connecting');
             /* c8 ignore next 3 - TLS connection is not tested but we rely on Node.js tests */
@@ -120,10 +119,12 @@ export class Connection extends EventEmitter {
                 this.#socket.on('drain', this.#onDrain.bind(this));
                 this.#socket.on('close', this.#onClose.bind(this));
                 this.#socket.setTimeout(0);
-                this.#status = ConnectionStatuses.CONNECTED;
-                connectionsConnectsChannel.asyncStart.publish(diagnosticContext);
-                this.emit('connect');
-                connectionsConnectsChannel.asyncEnd.publish(diagnosticContext);
+                if (this.#options.sasl) {
+                    this.#authenticate(host, port, diagnosticContext);
+                }
+                else {
+                    this.#onConnectionSucceed(diagnosticContext);
+                }
             });
             this.#socket.once('timeout', connectionTimeoutHandler);
             this.#socket.once('error', connectionErrorHandler);
@@ -212,6 +213,27 @@ export class Connection extends EventEmitter {
             return this.#sendRequest(request);
         }, callback);
     }
+    #authenticate(host, port, diagnosticContext) {
+        this.#status = ConnectionStatuses.AUTHENTICATING;
+        const { mechanism, username, password } = this.#options.sasl;
+        if (!SASLMechanisms.includes(mechanism)) {
+            this.#onConnectionError(host, port, diagnosticContext, new UserError(`SASL mechanism ${mechanism} not supported.`));
+            return;
+        }
+        saslHandshakeV1.api(this, mechanism, (error, response) => {
+            if (error) {
+                this.#onConnectionError(host, port, diagnosticContext, new AuthenticationError('Cannot find a suitable SASL mechanism.', { cause: error }));
+                return;
+            }
+            this.emit('sasl:handshake', response.mechanisms);
+            if (mechanism === 'PLAIN') {
+                saslPlain.authenticate(saslAuthenticateV2.api, this, username, password, this.#onSaslAuthenticate.bind(this, host, port, diagnosticContext));
+            }
+            else {
+                saslScramSha.authenticate(saslAuthenticateV2.api, this, mechanism.substring(6), username, password, defaultCrypto, this.#onSaslAuthenticate.bind(this, host, port, diagnosticContext));
+            }
+        });
+    }
     /*
       Request => Size [Request Header v2] [payload]
       Request Header v2 => request_api_key request_api_version correlation_id client_id TAG_BUFFER
@@ -223,7 +245,7 @@ export class Connection extends EventEmitter {
     #sendRequest(request) {
         connectionsApiChannel.start.publish(request.diagnostic);
         try {
-            if (this.#status !== ConnectionStatuses.CONNECTED) {
+            if (this.#status !== ConnectionStatuses.CONNECTED && this.#status !== ConnectionStatuses.AUTHENTICATING) {
                 request.callback(new NetworkError('Connection closed'), undefined);
                 return false;
             }
@@ -245,7 +267,7 @@ export class Connection extends EventEmitter {
             if (!payload.context.noResponse) {
                 this.#inflightRequests.set(correlationId, request);
             }
-            loggers.protocol({ apiKey: protocolAPIsById[apiKey], correlationId, request }, 'Sending request.');
+            loggers.protocol('Sending request.', { apiKey: protocolAPIsById[apiKey], correlationId, request });
             for (const buf of writer.buffers) {
                 if (!this.#socket.write(buf)) {
                     canWrite = false;
@@ -272,6 +294,34 @@ export class Connection extends EventEmitter {
             connectionsApiChannel.end.publish(request.diagnostic);
         }
     }
+    #onConnectionSucceed(diagnosticContext) {
+        this.#status = ConnectionStatuses.CONNECTED;
+        connectionsConnectsChannel.asyncStart.publish(diagnosticContext);
+        this.emit('connect');
+        connectionsConnectsChannel.asyncEnd.publish(diagnosticContext);
+    }
+    #onConnectionError(host, port, diagnosticContext, cause) {
+        const error = new NetworkError(`Connection to ${host}:${port} failed.`, { cause });
+        this.#status = ConnectionStatuses.ERROR;
+        diagnosticContext.error = error;
+        connectionsConnectsChannel.error.publish(diagnosticContext);
+        connectionsConnectsChannel.asyncStart.publish(diagnosticContext);
+        this.emit('error', error);
+        connectionsConnectsChannel.asyncEnd.publish(diagnosticContext);
+        this.#socket.end();
+    }
+    #onSaslAuthenticate(host, port, diagnosticContext, error, response) {
+        if (error) {
+            const protocolError = error.errors[0];
+            if (protocolError.apiId === 'SASL_AUTHENTICATION_FAILED') {
+                error = new AuthenticationError('SASL authentication failed.', { cause: error });
+            }
+            this.#onConnectionError(host, port, diagnosticContext, error);
+            return;
+        }
+        this.emit('sasl:authentication', response.authBytes);
+        this.#onConnectionSucceed(diagnosticContext);
+    }
     /*
       Response Header v1 => correlation_id TAG_BUFFER
         correlation_id => INT32
@@ -327,7 +377,7 @@ export class Connection extends EventEmitter {
             //   apiKey: protocolAPIsById[apiKey],
             //   correlationId
             // })
-            loggers.protocol({ apiKey: protocolAPIsById[apiKey], correlationId, request }, 'Received response.');
+            loggers.protocol('Received response.', { apiKey: protocolAPIsById[apiKey], correlationId, request, deserialized });
             if (responseError) {
                 request.diagnostic.error = responseError;
                 connectionsApiChannel.error.publish(request.diagnostic);

package/dist/protocol/sasl/plain.d.ts

@@ -1,3 +1,5 @@
+import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { type SASLAuthenticationAPI, type SaslAuthenticateResponse } from '../../apis/security/sasl-authenticate-v2.ts';
 import { type Connection } from '../../network/connection.ts';
+export declare function authenticate(authenticateAPI: SASLAuthenticationAPI, connection: Connection, username: string, password: string, callback: CallbackWithPromise<SaslAuthenticateResponse>): void;
 export declare function authenticate(authenticateAPI: SASLAuthenticationAPI, connection: Connection, username: string, password: string): Promise<SaslAuthenticateResponse>;

package/dist/protocol/sasl/plain.js

@@ -1,3 +1,8 @@
-export function authenticate(authenticateAPI, connection, username, password) {
-    return authenticateAPI.async(connection, Buffer.from(['', username, password].join('\0')));
+import { createPromisifiedCallback, kCallbackPromise } from "../../apis/callbacks.js";
+export function authenticate(authenticateAPI, connection, username, password, callback) {
+    if (!callback) {
+        callback = createPromisifiedCallback();
+    }
+    authenticateAPI(connection, Buffer.from(['', username, password].join('\0')), callback);
+    return callback[kCallbackPromise];
 }

package/dist/protocol/sasl/scram-sha.d.ts

@@ -1,3 +1,4 @@
+import { type CallbackWithPromise } from '../../apis/callbacks.ts';
 import { type SASLAuthenticationAPI, type SaslAuthenticateResponse } from '../../apis/security/sasl-authenticate-v2.ts';
 import { type Connection } from '../../network/connection.ts';
 export interface ScramAlgorithmDefinition {
@@ -32,4 +33,5 @@ export declare function hi(definition: ScramAlgorithmDefinition, password: strin
 export declare function hmac(definition: ScramAlgorithmDefinition, key: Buffer, data: string | Buffer): Buffer;
 export declare function xor(a: Buffer, b: Buffer): Buffer;
 export declare const defaultCrypto: ScramCryptoModule;
+export declare function authenticate(authenticateAPI: SASLAuthenticationAPI, connection: Connection, algorithm: ScramAlgorithm, username: string, password: string, crypto: ScramCryptoModule, callback: CallbackWithPromise<SaslAuthenticateResponse>): void;
 export declare function authenticate(authenticateAPI: SASLAuthenticationAPI, connection: Connection, algorithm: ScramAlgorithm, username: string, password: string, crypto?: ScramCryptoModule): Promise<SaslAuthenticateResponse>;

package/dist/protocol/sasl/scram-sha.js

@@ -1,4 +1,5 @@
 import { createHash, createHmac, pbkdf2Sync, randomBytes } from 'node:crypto';
+import { createPromisifiedCallback, kCallbackPromise } from "../../apis/callbacks.js";
 import { AuthenticationError } from "../../errors.js";
 const GS2_HEADER = 'n,,';
 const GS2_HEADER_BASE64 = Buffer.from(GS2_HEADER).toString('base64');
@@ -56,8 +57,10 @@ export const defaultCrypto = {
     hmac,
     xor
 };
-// Implements https://datatracker.ietf.org/doc/html/rfc5802#section-9
-export async function authenticate(authenticateAPI, connection, algorithm, username, password, crypto = defaultCrypto) {
+export function authenticate(authenticateAPI, connection, algorithm, username, password, crypto = defaultCrypto, callback) {
+    if (!callback) {
+        callback = createPromisifiedCallback();
+    }
     const { h, hi, hmac, xor } = crypto;
     const definition = ScramAlgorithms[algorithm];
     if (!definition) {
@@ -66,45 +69,60 @@ export async function authenticate(authenticateAPI, connection, algorithm, usern
     const clientNonce = createNonce();
     const clientFirstMessageBare = `n=${sanitizeString(username)},r=${clientNonce}`;
     // First of all, send the first message
-    const firstResponse = await authenticateAPI.async(connection, Buffer.from(`${GS2_HEADER}${clientFirstMessageBare}`));
-    const firstData = parseParameters(firstResponse.authBytes);
-    // Extract some parameters
-    const salt = Buffer.from(firstData.s, 'base64');
-    const iterations = parseInt(firstData.i, 10);
-    const serverNonce = firstData.r;
-    const serverFirstMessage = firstData.__original;
-    // Validate response
-    if (!serverNonce.startsWith(clientNonce)) {
-        throw new AuthenticationError('Server nonce does not start with client nonce.');
-    }
-    if (definition.minIterations > iterations) {
-        throw new AuthenticationError(`Algorithm ${algorithm} requires at least ${definition.minIterations} iterations, while ${iterations} were requested.`);
-    }
-    // SaltedPassword  := Hi(Normalize(password), salt, i)
-    // ClientKey       := HMAC(SaltedPassword, "Client Key")
-    // StoredKey       := H(ClientKey)
-    // AuthMessage     := ClientFirstMessageBare + "," ServerFirstMessage + "," + ClientFinalMessageWithoutProof
-    // ClientSignature := HMAC(StoredKey, AuthMessage)
-    // ClientProof     := ClientKey XOR ClientSignature
-    // ServerKey       := HMAC(SaltedPassword, "Server Key")
-    // ServerSignature := HMAC(ServerKey, AuthMessage)
-    const saltedPassword = hi(definition, password, salt, iterations);
-    const clientKey = hmac(definition, saltedPassword, HMAC_CLIENT_KEY);
-    const storedKey = h(definition, clientKey);
-    const clientFinalMessageWithoutProof = `c=${GS2_HEADER_BASE64},r=${serverNonce}`;
-    const authMessage = `${clientFirstMessageBare},${serverFirstMessage},${clientFinalMessageWithoutProof}`;
-    const clientSignature = hmac(definition, storedKey, authMessage);
-    const clientProof = xor(clientKey, clientSignature);
-    const serverKey = hmac(definition, saltedPassword, HMAC_SERVER_KEY);
-    const serverSignature = hmac(definition, serverKey, authMessage);
-    // Send the last message to the server
-    const lastResponse = await authenticateAPI.async(connection, Buffer.from(`${clientFinalMessageWithoutProof},p=${clientProof.toString('base64')}`));
-    const lastData = parseParameters(lastResponse.authBytes);
-    if (lastData.e) {
-        throw new AuthenticationError(lastData.e);
-    }
-    else if (lastData.v !== serverSignature.toString('base64')) {
-        throw new AuthenticationError('Invalid server signature.');
-    }
-    return lastResponse;
+    authenticateAPI(connection, Buffer.from(`${GS2_HEADER}${clientFirstMessageBare}`), (error, firstResponse) => {
+        if (error) {
+            callback(new AuthenticationError('Authentication failed.', { cause: error }), undefined);
+            return;
+        }
+        const firstData = parseParameters(firstResponse.authBytes);
+        // Extract some parameters
+        const salt = Buffer.from(firstData.s, 'base64');
+        const iterations = parseInt(firstData.i, 10);
+        const serverNonce = firstData.r;
+        const serverFirstMessage = firstData.__original;
+        // Validate response
+        if (!serverNonce.startsWith(clientNonce)) {
+            callback(new AuthenticationError('Server nonce does not start with client nonce.'), undefined);
+            return;
+        }
+        else if (definition.minIterations > iterations) {
+            callback(new AuthenticationError(`Algorithm ${algorithm} requires at least ${definition.minIterations} iterations, while ${iterations} were requested.`), undefined);
+            return;
+        }
+        // SaltedPassword  := Hi(Normalize(password), salt, i)
+        // ClientKey       := HMAC(SaltedPassword, "Client Key")
+        // StoredKey       := H(ClientKey)
+        // AuthMessage     := ClientFirstMessageBare + "," ServerFirstMessage + "," + ClientFinalMessageWithoutProof
+        // ClientSignature := HMAC(StoredKey, AuthMessage)
+        // ClientProof     := ClientKey XOR ClientSignature
+        // ServerKey       := HMAC(SaltedPassword, "Server Key")
+        // ServerSignature := HMAC(ServerKey, AuthMessage)
+        const saltedPassword = hi(definition, password, salt, iterations);
+        const clientKey = hmac(definition, saltedPassword, HMAC_CLIENT_KEY);
+        const storedKey = h(definition, clientKey);
+        const clientFinalMessageWithoutProof = `c=${GS2_HEADER_BASE64},r=${serverNonce}`;
+        const authMessage = `${clientFirstMessageBare},${serverFirstMessage},${clientFinalMessageWithoutProof}`;
+        const clientSignature = hmac(definition, storedKey, authMessage);
+        const clientProof = xor(clientKey, clientSignature);
+        const serverKey = hmac(definition, saltedPassword, HMAC_SERVER_KEY);
+        const serverSignature = hmac(definition, serverKey, authMessage);
+        authenticateAPI(connection, Buffer.from(`${clientFinalMessageWithoutProof},p=${clientProof.toString('base64')}`), (error, lastResponse) => {
+            if (error) {
+                callback(new AuthenticationError('Authentication failed.', { cause: error }), undefined);
+                return;
+            }
+            // Send the last message to the server
+            const lastData = parseParameters(lastResponse.authBytes);
+            if (lastData.e) {
+                callback(new AuthenticationError(lastData.e), undefined);
+                return;
+            }
+            else if (lastData.v !== serverSignature.toString('base64')) {
+                callback(new AuthenticationError('Invalid server signature.'), undefined);
+                return;
+            }
+            callback(null, lastResponse);
+        });
+    });
+    return callback[kCallbackPromise];
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@platformatic/kafka",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "Modern and performant client for Apache Kafka",
   "homepage": "https://github.com/platformatic/kafka",
   "author": "Platformatic Inc. <oss@platformatic.dev> (https://platformatic.dev)",