PyPI - kafka-python - Versions diffs - 3.0.0__py3-none-any.whl - Mend

kafka-python 3.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

kafka/__init__.py +34 -0
kafka/__main__.py +5 -0
kafka/admin/__init__.py +29 -0
kafka/admin/__main__.py +5 -0
kafka/admin/_acls.py +355 -0
kafka/admin/_cluster.py +359 -0
kafka/admin/_configs.py +479 -0
kafka/admin/_groups.py +754 -0
kafka/admin/_partitions.py +595 -0
kafka/admin/_topics.py +281 -0
kafka/admin/_transactions.py +450 -0
kafka/admin/_users.py +194 -0
kafka/admin/client.py +373 -0
kafka/benchmarks/__init__.py +0 -0
kafka/benchmarks/consumer_performance.py +138 -0
kafka/benchmarks/load_example.py +109 -0
kafka/benchmarks/producer_encode_path.py +201 -0
kafka/benchmarks/producer_performance.py +161 -0
kafka/benchmarks/profile_protocol.py +138 -0
kafka/benchmarks/protocol_old_vs_new.py +447 -0
kafka/benchmarks/record_batch_compose.py +77 -0
kafka/benchmarks/record_batch_read.py +82 -0
kafka/benchmarks/varint_speed.py +426 -0
kafka/cli/__init__.py +36 -0
kafka/cli/admin/__init__.py +117 -0
kafka/cli/admin/acls/__init__.py +9 -0
kafka/cli/admin/acls/common.py +76 -0
kafka/cli/admin/acls/create.py +19 -0
kafka/cli/admin/acls/delete.py +23 -0
kafka/cli/admin/acls/describe.py +16 -0
kafka/cli/admin/cluster/__init__.py +14 -0
kafka/cli/admin/cluster/describe.py +11 -0
kafka/cli/admin/cluster/describe_quorum.py +11 -0
kafka/cli/admin/cluster/features.py +52 -0
kafka/cli/admin/cluster/log_dirs.py +43 -0
kafka/cli/admin/cluster/versions.py +33 -0
kafka/cli/admin/configs/__init__.py +10 -0
kafka/cli/admin/configs/alter.py +43 -0
kafka/cli/admin/configs/common.py +17 -0
kafka/cli/admin/configs/describe.py +30 -0
kafka/cli/admin/configs/list.py +16 -0
kafka/cli/admin/configs/reset.py +20 -0
kafka/cli/admin/groups/__init__.py +16 -0
kafka/cli/admin/groups/alter_offsets.py +30 -0
kafka/cli/admin/groups/delete.py +11 -0
kafka/cli/admin/groups/delete_offsets.py +29 -0
kafka/cli/admin/groups/describe.py +11 -0
kafka/cli/admin/groups/list.py +28 -0
kafka/cli/admin/groups/list_offsets.py +29 -0
kafka/cli/admin/groups/remove_members.py +40 -0
kafka/cli/admin/groups/reset_offsets.py +139 -0
kafka/cli/admin/partitions/__init__.py +21 -0
kafka/cli/admin/partitions/alter_reassignments.py +37 -0
kafka/cli/admin/partitions/create.py +27 -0
kafka/cli/admin/partitions/delete_records.py +31 -0
kafka/cli/admin/partitions/describe.py +36 -0
kafka/cli/admin/partitions/elect_leaders.py +53 -0
kafka/cli/admin/partitions/list_offsets.py +88 -0
kafka/cli/admin/partitions/list_reassignments.py +35 -0
kafka/cli/admin/topics/__init__.py +10 -0
kafka/cli/admin/topics/create.py +13 -0
kafka/cli/admin/topics/delete.py +19 -0
kafka/cli/admin/topics/describe.py +18 -0
kafka/cli/admin/topics/list.py +11 -0
kafka/cli/admin/transactions/__init__.py +17 -0
kafka/cli/admin/transactions/abort.py +38 -0
kafka/cli/admin/transactions/describe.py +24 -0
kafka/cli/admin/transactions/describe_producers.py +29 -0
kafka/cli/admin/transactions/find_hanging.py +26 -0
kafka/cli/admin/transactions/list.py +37 -0
kafka/cli/admin/users/__init__.py +8 -0
kafka/cli/admin/users/alter_user_scram_credentials.py +34 -0
kafka/cli/admin/users/describe_user_scram_credentials.py +15 -0
kafka/cli/common.py +95 -0
kafka/cli/consumer/__init__.py +63 -0
kafka/cli/producer/__init__.py +57 -0
kafka/cluster.py +824 -0
kafka/codec.py +325 -0
kafka/consumer/__init__.py +5 -0
kafka/consumer/__main__.py +5 -0
kafka/consumer/fetcher.py +2012 -0
kafka/consumer/group.py +1347 -0
kafka/consumer/subscription_state.py +897 -0
kafka/coordinator/__init__.py +0 -0
kafka/coordinator/assignors/__init__.py +0 -0
kafka/coordinator/assignors/abstract.py +90 -0
kafka/coordinator/assignors/cooperative_sticky.py +167 -0
kafka/coordinator/assignors/range.py +81 -0
kafka/coordinator/assignors/roundrobin.py +101 -0
kafka/coordinator/assignors/sticky/StickyAssignorUserData.json +37 -0
kafka/coordinator/assignors/sticky/__init__.py +0 -0
kafka/coordinator/assignors/sticky/partition_movements.py +149 -0
kafka/coordinator/assignors/sticky/sorted_set.py +63 -0
kafka/coordinator/assignors/sticky/sticky_assignor.py +665 -0
kafka/coordinator/assignors/sticky/user_data.py +8 -0
kafka/coordinator/base.py +1215 -0
kafka/coordinator/consumer.py +1224 -0
kafka/coordinator/heartbeat.py +82 -0
kafka/coordinator/subscription.py +34 -0
kafka/errors.py +1004 -0
kafka/future.py +166 -0
kafka/metrics/__init__.py +13 -0
kafka/metrics/compound_stat.py +33 -0
kafka/metrics/dict_reporter.py +81 -0
kafka/metrics/kafka_metric.py +36 -0
kafka/metrics/measurable.py +27 -0
kafka/metrics/measurable_stat.py +13 -0
kafka/metrics/metric_config.py +33 -0
kafka/metrics/metric_name.py +105 -0
kafka/metrics/metrics.py +261 -0
kafka/metrics/metrics_reporter.py +53 -0
kafka/metrics/quota.py +41 -0
kafka/metrics/stat.py +19 -0
kafka/metrics/stats/__init__.py +15 -0
kafka/metrics/stats/avg.py +24 -0
kafka/metrics/stats/count.py +17 -0
kafka/metrics/stats/histogram.py +99 -0
kafka/metrics/stats/max_stat.py +17 -0
kafka/metrics/stats/min_stat.py +19 -0
kafka/metrics/stats/percentile.py +14 -0
kafka/metrics/stats/percentiles.py +75 -0
kafka/metrics/stats/rate.py +118 -0
kafka/metrics/stats/sampled_stat.py +99 -0
kafka/metrics/stats/sensor.py +136 -0
kafka/metrics/stats/total.py +15 -0
kafka/net/__init__.py +19 -0
kafka/net/compat.py +165 -0
kafka/net/connection.py +593 -0
kafka/net/http_connect.py +144 -0
kafka/net/inet.py +122 -0
kafka/net/manager.py +451 -0
kafka/net/metrics.py +149 -0
kafka/net/sasl/__init__.py +32 -0
kafka/net/sasl/abc.py +28 -0
kafka/net/sasl/gssapi.py +95 -0
kafka/net/sasl/msk.py +245 -0
kafka/net/sasl/oauth.py +98 -0
kafka/net/sasl/plain.py +42 -0
kafka/net/sasl/scram.py +135 -0
kafka/net/sasl/sspi.py +111 -0
kafka/net/selector.py +644 -0
kafka/net/socks5.py +262 -0
kafka/net/transport.py +415 -0
kafka/net/wakeup_notifier.py +72 -0
kafka/partitioner/__init__.py +8 -0
kafka/partitioner/abc.py +8 -0
kafka/partitioner/default.py +89 -0
kafka/partitioner/sticky.py +109 -0
kafka/producer/__init__.py +5 -0
kafka/producer/__main__.py +5 -0
kafka/producer/future.py +101 -0
kafka/producer/kafka.py +1123 -0
kafka/producer/producer_batch.py +192 -0
kafka/producer/record_accumulator.py +647 -0
kafka/producer/sender.py +884 -0
kafka/producer/transaction_manager.py +1326 -0
kafka/protocol/__init__.py +0 -0
kafka/protocol/admin/__init__.py +29 -0
kafka/protocol/admin/acl.py +83 -0
kafka/protocol/admin/acl.pyi +375 -0
kafka/protocol/admin/client_quotas.py +14 -0
kafka/protocol/admin/client_quotas.pyi +265 -0
kafka/protocol/admin/cluster.py +31 -0
kafka/protocol/admin/cluster.pyi +620 -0
kafka/protocol/admin/configs.py +22 -0
kafka/protocol/admin/configs.pyi +437 -0
kafka/protocol/admin/groups.py +24 -0
kafka/protocol/admin/groups.pyi +261 -0
kafka/protocol/admin/topics.py +53 -0
kafka/protocol/admin/topics.pyi +982 -0
kafka/protocol/admin/transactions.py +18 -0
kafka/protocol/admin/transactions.pyi +311 -0
kafka/protocol/admin/users.py +14 -0
kafka/protocol/admin/users.pyi +223 -0
kafka/protocol/api_data.py +125 -0
kafka/protocol/api_header.py +55 -0
kafka/protocol/api_key.py +97 -0
kafka/protocol/api_message.py +277 -0
kafka/protocol/broker_version_data.py +246 -0
kafka/protocol/consumer/__init__.py +13 -0
kafka/protocol/consumer/fetch.py +16 -0
kafka/protocol/consumer/fetch.pyi +298 -0
kafka/protocol/consumer/group.py +38 -0
kafka/protocol/consumer/group.pyi +824 -0
kafka/protocol/consumer/metadata.py +30 -0
kafka/protocol/consumer/metadata.pyi +89 -0
kafka/protocol/consumer/offsets.py +75 -0
kafka/protocol/consumer/offsets.pyi +288 -0
kafka/protocol/data_container.py +166 -0
kafka/protocol/frame.py +30 -0
kafka/protocol/generate_stubs.py +468 -0
kafka/protocol/metadata/__init__.py +10 -0
kafka/protocol/metadata/api_versions.py +41 -0
kafka/protocol/metadata/api_versions.pyi +128 -0
kafka/protocol/metadata/find_coordinator.py +19 -0
kafka/protocol/metadata/find_coordinator.pyi +105 -0
kafka/protocol/metadata/metadata.py +34 -0
kafka/protocol/metadata/metadata.pyi +160 -0
kafka/protocol/old/__init__.py +0 -0
kafka/protocol/old/abstract.py +17 -0
kafka/protocol/old/add_offsets_to_txn.py +54 -0
kafka/protocol/old/add_partitions_to_txn.py +71 -0
kafka/protocol/old/admin.py +1086 -0
kafka/protocol/old/api.py +205 -0
kafka/protocol/old/api_versions.py +133 -0
kafka/protocol/old/commit.py +355 -0
kafka/protocol/old/consumer_protocol.py +36 -0
kafka/protocol/old/end_txn.py +53 -0
kafka/protocol/old/fetch.py +408 -0
kafka/protocol/old/find_coordinator.py +72 -0
kafka/protocol/old/group.py +451 -0
kafka/protocol/old/init_producer_id.py +42 -0
kafka/protocol/old/list_offsets.py +186 -0
kafka/protocol/old/metadata.py +290 -0
kafka/protocol/old/offset_for_leader_epoch.py +133 -0
kafka/protocol/old/produce.py +247 -0
kafka/protocol/old/sasl_authenticate.py +38 -0
kafka/protocol/old/sasl_handshake.py +39 -0
kafka/protocol/old/struct.py +87 -0
kafka/protocol/old/txn_offset_commit.py +73 -0
kafka/protocol/old/types.py +440 -0
kafka/protocol/parser.py +191 -0
kafka/protocol/producer/__init__.py +7 -0
kafka/protocol/producer/produce.py +17 -0
kafka/protocol/producer/produce.pyi +197 -0
kafka/protocol/producer/transaction.py +30 -0
kafka/protocol/producer/transaction.pyi +663 -0
kafka/protocol/sasl.py +52 -0
kafka/protocol/sasl.pyi +126 -0
kafka/protocol/schemas/__init__.py +7 -0
kafka/protocol/schemas/fields/__init__.py +7 -0
kafka/protocol/schemas/fields/array.py +127 -0
kafka/protocol/schemas/fields/base.py +156 -0
kafka/protocol/schemas/fields/codecs/__init__.py +12 -0
kafka/protocol/schemas/fields/codecs/encode_buffer.py +82 -0
kafka/protocol/schemas/fields/codecs/tagged_fields.py +109 -0
kafka/protocol/schemas/fields/codecs/types.py +505 -0
kafka/protocol/schemas/fields/codegen.py +40 -0
kafka/protocol/schemas/fields/simple.py +127 -0
kafka/protocol/schemas/fields/struct.py +357 -0
kafka/protocol/schemas/fields/struct_array.py +142 -0
kafka/protocol/schemas/load_json.py +42 -0
kafka/protocol/schemas/resources/AddOffsetsToTxnRequest.json +40 -0
kafka/protocol/schemas/resources/AddOffsetsToTxnResponse.json +35 -0
kafka/protocol/schemas/resources/AddPartitionsToTxnRequest.json +65 -0
kafka/protocol/schemas/resources/AddPartitionsToTxnResponse.json +60 -0
kafka/protocol/schemas/resources/AlterClientQuotasRequest.json +47 -0
kafka/protocol/schemas/resources/AlterClientQuotasResponse.json +41 -0
kafka/protocol/schemas/resources/AlterConfigsRequest.json +43 -0
kafka/protocol/schemas/resources/AlterConfigsResponse.json +39 -0
kafka/protocol/schemas/resources/AlterPartitionReassignmentsRequest.json +42 -0
kafka/protocol/schemas/resources/AlterPartitionReassignmentsResponse.json +47 -0
kafka/protocol/schemas/resources/AlterReplicaLogDirsRequest.json +41 -0
kafka/protocol/schemas/resources/AlterReplicaLogDirsResponse.json +41 -0
kafka/protocol/schemas/resources/AlterUserScramCredentialsRequest.json +45 -0
kafka/protocol/schemas/resources/AlterUserScramCredentialsResponse.json +35 -0
kafka/protocol/schemas/resources/ApiVersionsRequest.json +34 -0
kafka/protocol/schemas/resources/ApiVersionsResponse.json +79 -0
kafka/protocol/schemas/resources/ConsumerProtocolAssignment.json +42 -0
kafka/protocol/schemas/resources/ConsumerProtocolSubscription.json +49 -0
kafka/protocol/schemas/resources/CreateAclsRequest.json +46 -0
kafka/protocol/schemas/resources/CreateAclsResponse.json +37 -0
kafka/protocol/schemas/resources/CreatePartitionsRequest.json +47 -0
kafka/protocol/schemas/resources/CreatePartitionsResponse.json +41 -0
kafka/protocol/schemas/resources/CreateTopicsRequest.json +65 -0
kafka/protocol/schemas/resources/CreateTopicsResponse.json +72 -0
kafka/protocol/schemas/resources/DeleteAclsRequest.json +46 -0
kafka/protocol/schemas/resources/DeleteAclsResponse.json +59 -0
kafka/protocol/schemas/resources/DeleteGroupsRequest.json +30 -0
kafka/protocol/schemas/resources/DeleteGroupsResponse.json +36 -0
kafka/protocol/schemas/resources/DeleteRecordsRequest.json +42 -0
kafka/protocol/schemas/resources/DeleteRecordsResponse.json +43 -0
kafka/protocol/schemas/resources/DeleteTopicsRequest.json +43 -0
kafka/protocol/schemas/resources/DeleteTopicsResponse.json +52 -0
kafka/protocol/schemas/resources/DescribeAclsRequest.json +43 -0
kafka/protocol/schemas/resources/DescribeAclsResponse.json +55 -0
kafka/protocol/schemas/resources/DescribeClientQuotasRequest.json +37 -0
kafka/protocol/schemas/resources/DescribeClientQuotasResponse.json +47 -0
kafka/protocol/schemas/resources/DescribeClusterRequest.json +35 -0
kafka/protocol/schemas/resources/DescribeClusterResponse.json +56 -0
kafka/protocol/schemas/resources/DescribeConfigsRequest.json +42 -0
kafka/protocol/schemas/resources/DescribeConfigsResponse.json +69 -0
kafka/protocol/schemas/resources/DescribeGroupsRequest.json +38 -0
kafka/protocol/schemas/resources/DescribeGroupsResponse.json +74 -0
kafka/protocol/schemas/resources/DescribeLogDirsRequest.json +38 -0
kafka/protocol/schemas/resources/DescribeLogDirsResponse.json +65 -0
kafka/protocol/schemas/resources/DescribeProducersRequest.json +32 -0
kafka/protocol/schemas/resources/DescribeProducersResponse.json +55 -0
kafka/protocol/schemas/resources/DescribeQuorumRequest.json +39 -0
kafka/protocol/schemas/resources/DescribeQuorumResponse.json +82 -0
kafka/protocol/schemas/resources/DescribeTopicPartitionsRequest.json +40 -0
kafka/protocol/schemas/resources/DescribeTopicPartitionsResponse.json +66 -0
kafka/protocol/schemas/resources/DescribeTransactionsRequest.json +27 -0
kafka/protocol/schemas/resources/DescribeTransactionsResponse.json +52 -0
kafka/protocol/schemas/resources/DescribeUserScramCredentialsRequest.json +30 -0
kafka/protocol/schemas/resources/DescribeUserScramCredentialsResponse.json +45 -0
kafka/protocol/schemas/resources/ElectLeadersRequest.json +41 -0
kafka/protocol/schemas/resources/ElectLeadersResponse.json +45 -0
kafka/protocol/schemas/resources/EndTxnRequest.json +43 -0
kafka/protocol/schemas/resources/EndTxnResponse.json +41 -0
kafka/protocol/schemas/resources/FetchRequest.json +125 -0
kafka/protocol/schemas/resources/FetchResponse.json +124 -0
kafka/protocol/schemas/resources/FindCoordinatorRequest.json +43 -0
kafka/protocol/schemas/resources/FindCoordinatorResponse.json +58 -0
kafka/protocol/schemas/resources/HeartbeatRequest.json +39 -0
kafka/protocol/schemas/resources/HeartbeatResponse.json +35 -0
kafka/protocol/schemas/resources/IncrementalAlterConfigsRequest.json +44 -0
kafka/protocol/schemas/resources/IncrementalAlterConfigsResponse.json +38 -0
kafka/protocol/schemas/resources/InitProducerIdRequest.json +50 -0
kafka/protocol/schemas/resources/InitProducerIdResponse.json +47 -0
kafka/protocol/schemas/resources/JoinGroupRequest.json +63 -0
kafka/protocol/schemas/resources/JoinGroupResponse.json +69 -0
kafka/protocol/schemas/resources/LeaveGroupRequest.json +47 -0
kafka/protocol/schemas/resources/LeaveGroupResponse.json +47 -0
kafka/protocol/schemas/resources/ListConfigResourcesRequest.json +31 -0
kafka/protocol/schemas/resources/ListConfigResourcesResponse.json +37 -0
kafka/protocol/schemas/resources/ListGroupsRequest.json +36 -0
kafka/protocol/schemas/resources/ListGroupsResponse.json +49 -0
kafka/protocol/schemas/resources/ListOffsetsRequest.json +72 -0
kafka/protocol/schemas/resources/ListOffsetsResponse.json +71 -0
kafka/protocol/schemas/resources/ListPartitionReassignmentsRequest.json +34 -0
kafka/protocol/schemas/resources/ListPartitionReassignmentsResponse.json +46 -0
kafka/protocol/schemas/resources/ListTransactionsRequest.json +40 -0
kafka/protocol/schemas/resources/ListTransactionsResponse.json +42 -0
kafka/protocol/schemas/resources/MetadataRequest.json +56 -0
kafka/protocol/schemas/resources/MetadataResponse.json +101 -0
kafka/protocol/schemas/resources/OffsetCommitRequest.json +76 -0
kafka/protocol/schemas/resources/OffsetCommitResponse.json +71 -0
kafka/protocol/schemas/resources/OffsetDeleteRequest.json +39 -0
kafka/protocol/schemas/resources/OffsetDeleteResponse.json +42 -0
kafka/protocol/schemas/resources/OffsetFetchRequest.json +76 -0
kafka/protocol/schemas/resources/OffsetFetchResponse.json +107 -0
kafka/protocol/schemas/resources/OffsetForLeaderEpochRequest.json +52 -0
kafka/protocol/schemas/resources/OffsetForLeaderEpochResponse.json +51 -0
kafka/protocol/schemas/resources/ProduceRequest.json +73 -0
kafka/protocol/schemas/resources/ProduceResponse.json +96 -0
kafka/protocol/schemas/resources/RequestHeader.json +44 -0
kafka/protocol/schemas/resources/ResponseHeader.json +26 -0
kafka/protocol/schemas/resources/SaslAuthenticateRequest.json +29 -0
kafka/protocol/schemas/resources/SaslAuthenticateResponse.json +34 -0
kafka/protocol/schemas/resources/SaslHandshakeRequest.json +31 -0
kafka/protocol/schemas/resources/SaslHandshakeResponse.json +32 -0
kafka/protocol/schemas/resources/SyncGroupRequest.json +56 -0
kafka/protocol/schemas/resources/SyncGroupResponse.json +46 -0
kafka/protocol/schemas/resources/TxnOffsetCommitRequest.json +68 -0
kafka/protocol/schemas/resources/TxnOffsetCommitResponse.json +47 -0
kafka/protocol/schemas/resources/UpdateFeaturesRequest.json +43 -0
kafka/protocol/schemas/resources/UpdateFeaturesResponse.json +39 -0
kafka/protocol/schemas/resources/WriteTxnMarkersRequest.json +49 -0
kafka/protocol/schemas/resources/WriteTxnMarkersResponse.json +45 -0
kafka/protocol/schemas/resources/__init__.py +0 -0
kafka/record/__init__.py +3 -0
kafka/record/_crc32c.py +161 -0
kafka/record/abc.py +144 -0
kafka/record/default_records.py +782 -0
kafka/record/legacy_records.py +587 -0
kafka/record/memory_records.py +255 -0
kafka/record/util.py +135 -0
kafka/serializer/__init__.py +4 -0
kafka/serializer/abstract.py +20 -0
kafka/serializer/default.py +16 -0
kafka/serializer/json.py +17 -0
kafka/serializer/wrapper.py +21 -0
kafka/structs.py +69 -0
kafka/util.py +159 -0
kafka/vendor/__init__.py +0 -0
kafka/version.py +1 -0
kafka_python-3.0.0.dist-info/METADATA +319 -0
kafka_python-3.0.0.dist-info/RECORD +373 -0
kafka_python-3.0.0.dist-info/WHEEL +5 -0
kafka_python-3.0.0.dist-info/entry_points.txt +2 -0
kafka_python-3.0.0.dist-info/licenses/LICENSE +202 -0
kafka_python-3.0.0.dist-info/top_level.txt +1 -0

kafka/net/sasl/gssapi.py ADDED Viewed

@@ -0,0 +1,95 @@
+import struct
+# needed for SASL_GSSAPI authentication:
+try:
+    import gssapi
+    from gssapi.raw.misc import GSSError
+except (ImportError, OSError):
+    #no gssapi available, will disable gssapi mechanism
+    gssapi = None
+    GSSError = None
+from .abc import SaslMechanism
+class SaslMechanismGSSAPI(SaslMechanism):
+    # Establish security context and negotiate protection level
+    # For reference RFC 2222, section 7.2.1
+    SASL_QOP_AUTH = 1
+    SASL_QOP_AUTH_INT = 2
+    SASL_QOP_AUTH_CONF = 4
+    def __init__(self, **config):
+        if gssapi is None:
+            raise RuntimeError('GSSAPI lib not found!')
+        if 'sasl_kerberos_name' not in config and 'sasl_kerberos_service_name' not in config:
+            raise ValueError('sasl_kerberos_service_name or sasl_kerberos_name required for GSSAPI sasl configuration')
+        self._is_done = False
+        self._is_authenticated = False
+        self.gssapi_name = None
+        if config.get('sasl_kerberos_name', None) is not None:
+            self.auth_id = str(config['sasl_kerberos_name'])
+            if isinstance(config['sasl_kerberos_name'], gssapi.Name):
+                self.gssapi_name = config['sasl_kerberos_name']
+        else:
+            kerberos_domain_name = config.get('sasl_kerberos_domain_name', '') or config.get('host', '')
+            self.auth_id = config['sasl_kerberos_service_name'] + '@' + kerberos_domain_name
+        if self.gssapi_name is None:
+            self.gssapi_name = gssapi.Name(self.auth_id, name_type=gssapi.NameType.hostbased_service).canonicalize(gssapi.MechType.kerberos)
+        self._client_ctx = gssapi.SecurityContext(name=self.gssapi_name, usage='initiate')
+        self._next_token = self._client_ctx.step(None)
+    def auth_bytes(self):
+        # GSSAPI Auth does not have a final broker->client message
+        # so mark is_done after the final auth_bytes are provided
+        # in practice we'll still receive a response when using SaslAuthenticate
+        # but not when using the prior unframed approach.
+        if self._is_authenticated:
+            self._is_done = True
+        return self._next_token or b''
+    def receive(self, auth_bytes):
+        if not self._client_ctx.complete:
+            # The server will send a token back. Processing of this token either
+            # establishes a security context, or it needs further token exchange.
+            # The gssapi will be able to identify the needed next step.
+            self._next_token = self._client_ctx.step(auth_bytes)
+        elif self._is_done:
+            # The final step of gssapi is send, so we do not expect any additional bytes
+            # however, allow an empty message to support SaslAuthenticate response
+            if auth_bytes != b'':
+                raise ValueError("Unexpected receive auth_bytes after sasl/gssapi completion")
+        else:
+            # unwraps message containing supported protection levels and msg size
+            msg = self._client_ctx.unwrap(auth_bytes).message
+            # Kafka currently doesn't support integrity or confidentiality security layers, so we
+            # simply set QoP to 'auth' only (first octet). We reuse the max message size proposed
+            # by the server
+            client_flags = self.SASL_QOP_AUTH
+            server_flags = struct.Struct('>b').unpack(msg[0:1])[0]
+            message_parts = [
+                struct.Struct('>b').pack(client_flags & server_flags),
+                msg[1:], # always agree to max message size from server
+                self.auth_id.encode('utf-8'),
+            ]
+            # add authorization identity to the response, and GSS-wrap
+            self._next_token = self._client_ctx.wrap(b''.join(message_parts), False).message
+            # We need to identify the last token in auth_bytes();
+            # we can't rely on client_ctx.complete because it becomes True after generating
+            # the second-to-last token (after calling .step(auth_bytes) for the final time)
+            # We could introduce an additional state variable (i.e., self._final_token),
+            # but instead we just set _is_authenticated. Since the plugin interface does
+            # not read is_authenticated() until after is_done() is True, this should be fine.
+            self._is_authenticated = True
+    def is_done(self):
+        return self._is_done
+    def is_authenticated(self):
+        return self._is_authenticated
+    def auth_details(self):
+        if not self.is_authenticated:
+            raise RuntimeError('Not authenticated yet!')
+        return 'Authenticated as %s to %s via SASL / GSSAPI' % (self._client_ctx.initiator_name, self._client_ctx.target_name)

kafka/net/sasl/msk.py ADDED Viewed

@@ -0,0 +1,245 @@
+import datetime
+import hashlib
+import hmac
+import json
+import logging
+import string
+import urllib
+# needed for AWS_MSK_IAM authentication:
+try:
+    from botocore.session import Session as BotoSession
+except ImportError:
+    # no botocore available, will disable AWS_MSK_IAM mechanism
+    BotoSession = None
+from .abc import SaslMechanism
+from kafka.errors import KafkaConfigurationError
+log = logging.getLogger(__name__)
+class SaslMechanismAwsMskIam(SaslMechanism):
+    def __init__(self, **config):
+        if BotoSession is None:
+            raise RuntimeError('AWS_MSK_IAM requires the "botocore" package')
+        if config.get('security_protocol', '') != 'SASL_SSL':
+            raise KafkaConfigurationError('AWS_MSK_IAM requires SASL_SSL')
+        if 'host' not in config:
+            raise KafkaConfigurationError('AWS_MSK_IAM requires host configuration')
+        self.host = config['host']
+        self._auth = None
+        self._is_done = False
+        self._is_authenticated = False
+    def _build_client(self):
+        session = BotoSession()
+        credentials = session.get_credentials().get_frozen_credentials()
+        if not session.get_config_variable('region'):
+            raise KafkaConfigurationError('Unable to determine region for AWS MSK cluster. Is AWS_DEFAULT_REGION set?')
+        return AwsMskIamClient(
+            host=self.host,
+            access_key=credentials.access_key,
+            secret_key=credentials.secret_key,
+            region=session.get_config_variable('region'),
+            token=credentials.token,
+        )
+    def auth_bytes(self):
+        client = self._build_client()
+        log.debug("Generating auth token for MSK scope: %s", client._scope)
+        return client.first_message()
+    def receive(self, auth_bytes):
+        self._is_done = True
+        self._is_authenticated = auth_bytes != b''
+        self._auth = auth_bytes.decode('utf-8')
+    def is_done(self):
+        return self._is_done
+    def is_authenticated(self):
+        return self._is_authenticated
+    def auth_details(self):
+        if not self.is_authenticated:
+            raise RuntimeError('Not authenticated yet!')
+        return 'Authenticated via SASL / AWS_MSK_IAM %s' % (self._auth,)
+class AwsMskIamClient:
+    UNRESERVED_CHARS = string.ascii_letters + string.digits + '-._~'
+    def __init__(self, host, access_key, secret_key, region, token=None):
+        """
+        Arguments:
+            host (str): The hostname of the broker.
+            access_key (str): An AWS_ACCESS_KEY_ID.
+            secret_key (str): An AWS_SECRET_ACCESS_KEY.
+            region (str): An AWS_REGION.
+            token (Optional[str]): An AWS_SESSION_TOKEN if using temporary
+                credentials.
+        """
+        self.algorithm = 'AWS4-HMAC-SHA256'
+        self.expires = '900'
+        self.hashfunc = hashlib.sha256
+        self.headers = [
+            ('host', host)
+        ]
+        self.version = '2020_10_22'
+        self.service = 'kafka-cluster'
+        self.action = '{}:Connect'.format(self.service)
+        now = datetime.datetime.utcnow()
+        self.datestamp = now.strftime('%Y%m%d')
+        self.timestamp = now.strftime('%Y%m%dT%H%M%SZ')
+        self.host = host
+        self.access_key = access_key
+        self.secret_key = secret_key
+        self.region = region
+        self.token = token
+    @property
+    def _credential(self):
+        return '{0.access_key}/{0._scope}'.format(self)
+    @property
+    def _scope(self):
+        return '{0.datestamp}/{0.region}/{0.service}/aws4_request'.format(self)
+    @property
+    def _signed_headers(self):
+        """
+        Returns (str):
+            An alphabetically sorted, semicolon-delimited list of lowercase
+            request header names.
+        """
+        return ';'.join(sorted(k.lower() for k, _ in self.headers))
+    @property
+    def _canonical_headers(self):
+        """
+        Returns (str):
+            A newline-delited list of header names and values.
+            Header names are lowercased.
+        """
+        return '\n'.join(map(':'.join, self.headers)) + '\n'
+    @property
+    def _canonical_request(self):
+        """
+        Returns (str):
+            An AWS Signature Version 4 canonical request in the format:
+                <Method>\n
+                <Path>\n
+                <CanonicalQueryString>\n
+                <CanonicalHeaders>\n
+                <SignedHeaders>\n
+                <HashedPayload>
+        """
+        # The hashed_payload is always an empty string for MSK.
+        hashed_payload = self.hashfunc(b'').hexdigest()
+        return '\n'.join((
+            'GET',
+            '/',
+            self._canonical_querystring,
+            self._canonical_headers,
+            self._signed_headers,
+            hashed_payload,
+        ))
+    @property
+    def _canonical_querystring(self):
+        """
+        Returns (str):
+            A '&'-separated list of URI-encoded key/value pairs.
+        """
+        params = []
+        params.append(('Action', self.action))
+        params.append(('X-Amz-Algorithm', self.algorithm))
+        params.append(('X-Amz-Credential', self._credential))
+        params.append(('X-Amz-Date', self.timestamp))
+        params.append(('X-Amz-Expires', self.expires))
+        if self.token:
+            params.append(('X-Amz-Security-Token', self.token))
+        params.append(('X-Amz-SignedHeaders', self._signed_headers))
+        return '&'.join(self._uriencode(k) + '=' + self._uriencode(v) for k, v in params)
+    @property
+    def _signing_key(self):
+        """
+        Returns (bytes):
+            An AWS Signature V4 signing key generated from the secret_key, date,
+            region, service, and request type.
+        """
+        key = self._hmac(('AWS4' + self.secret_key).encode('utf-8'), self.datestamp)
+        key = self._hmac(key, self.region)
+        key = self._hmac(key, self.service)
+        key = self._hmac(key, 'aws4_request')
+        return key
+    @property
+    def _signing_str(self):
+        """
+        Returns (str):
+            A string used to sign the AWS Signature V4 payload in the format:
+                <Algorithm>\n
+                <Timestamp>\n
+                <Scope>\n
+                <CanonicalRequestHash>
+        """
+        canonical_request_hash = self.hashfunc(self._canonical_request.encode('utf-8')).hexdigest()
+        return '\n'.join((self.algorithm, self.timestamp, self._scope, canonical_request_hash))
+    def _uriencode(self, msg):
+        """
+        Arguments:
+            msg (str): A string to URI-encode.
+        Returns (str):
+            The URI-encoded version of the provided msg, following the encoding
+            rules specified: https://github.com/aws/aws-msk-iam-auth#uriencode
+        """
+        return urllib.parse.quote(msg, safe=self.UNRESERVED_CHARS)
+    def _hmac(self, key, msg):
+        """
+        Arguments:
+            key (bytes): A key to use for the HMAC digest.
+            msg (str): A value to include in the HMAC digest.
+        Returns (bytes):
+            An HMAC digest of the given key and msg.
+        """
+        return hmac.new(key, msg.encode('utf-8'), digestmod=self.hashfunc).digest()
+    def first_message(self):
+        """
+        Returns (bytes):
+            An encoded JSON authentication payload that can be sent to the
+            broker.
+        """
+        signature = hmac.new(
+            self._signing_key,
+            self._signing_str.encode('utf-8'),
+            digestmod=self.hashfunc,
+        ).hexdigest()
+        msg = {
+            'version':  self.version,
+            'host': self.host,
+            'user-agent': 'kafka-python',
+            'action': self.action,
+            'x-amz-algorithm': self.algorithm,
+            'x-amz-credential': self._credential,
+            'x-amz-date': self.timestamp,
+            'x-amz-signedheaders': self._signed_headers,
+            'x-amz-expires': self.expires,
+            'x-amz-signature': signature,
+        }
+        if self.token:
+            msg['x-amz-security-token'] = self.token
+        return json.dumps(msg, separators=(',', ':')).encode('utf-8')

kafka/net/sasl/oauth.py ADDED Viewed

@@ -0,0 +1,98 @@
+from abc import ABC, abstractmethod
+import logging
+from .abc import SaslMechanism
+from kafka.errors import KafkaConfigurationError
+log = logging.getLogger(__name__)
+class SaslMechanismOAuth(SaslMechanism):
+    def __init__(self, **config):
+        if 'sasl_oauth_token_provider' not in config:
+            raise KafkaConfigurationError('sasl_oauth_token_provider required for OAUTHBEARER sasl')
+        if not isinstance(config['sasl_oauth_token_provider'], AbstractTokenProvider):
+            raise KafkaConfigurationError('sasl_oauth_token_provider must implement kafka.net.sasl.oauth.AbstractTokenProvider')
+        self.token_provider = config['sasl_oauth_token_provider']
+        self._error = None
+        self._is_done = False
+        self._is_authenticated = False
+    def auth_bytes(self):
+        if self._error:
+            # Server should respond to this with SaslAuthenticate failure, which ends the auth process
+            return self._error
+        token = self.token_provider.token()
+        extensions = self._token_extensions()
+        return "n,,\x01auth=Bearer {}{}\x01\x01".format(token, extensions).encode('utf-8')
+    def receive(self, auth_bytes):
+        if auth_bytes != b'':
+            error = auth_bytes.decode('utf-8')
+            log.debug("Sending x01 response to server after receiving SASL OAuth error: %s", error)
+            self._error = b'\x01'
+        else:
+            self._is_done = True
+            self._is_authenticated = True
+    def is_done(self):
+        return self._is_done
+    def is_authenticated(self):
+        return self._is_authenticated
+    def _token_extensions(self):
+        """
+        Return a string representation of the OPTIONAL key-value pairs that can be sent with an OAUTHBEARER
+        initial request.
+        """
+        # Builds up a string separated by \x01 via a dict of key value pairs
+        extensions = self.token_provider.extensions()
+        msg = '\x01'.join(['{}={}'.format(k, v) for k, v in extensions.items()])
+        return '\x01' + msg if msg else ''
+    def auth_details(self):
+        if not self.is_authenticated:
+            raise RuntimeError('Not authenticated yet!')
+        return 'Authenticated via SASL / OAuth'
+class AbstractTokenProvider(ABC):
+    """
+    A Token Provider must be used for the SASL OAuthBearer protocol.
+    The implementation should ensure token reuse so that multiple
+    calls at connect time do not create multiple tokens. The implementation
+    should also periodically refresh the token in order to guarantee
+    that each call returns an unexpired token. A timeout error should
+    be returned after a short period of inactivity so that the
+    broker can log debugging info and retry.
+    Token Providers MUST implement the token() method
+    """
+    def __init__(self, **config):
+        pass
+    @abstractmethod
+    def token(self):
+        """
+        Returns a (str) ID/Access Token to be sent to the Kafka
+        client.
+        """
+        pass
+    def extensions(self):
+        """
+        This is an OPTIONAL method that may be implemented.
+        Returns a map of key-value pairs that can
+        be sent with the SASL/OAUTHBEARER initial client request. If
+        not implemented, the values are ignored. This feature is only available
+        in Kafka >= 2.1.0.
+        All returned keys and values should be type str
+        """
+        return {}

kafka/net/sasl/plain.py ADDED Viewed

@@ -0,0 +1,42 @@
+import logging
+from .abc import SaslMechanism
+from kafka.errors import KafkaConfigurationError
+log = logging.getLogger(__name__)
+class SaslMechanismPlain(SaslMechanism):
+    def __init__(self, **config):
+        if config.get('security_protocol', '') == 'SASL_PLAINTEXT':
+            log.warning('Sending username and password in the clear')
+        if 'sasl_plain_username' not in config:
+            raise KafkaConfigurationError('sasl_plain_username required for PLAIN sasl')
+        if 'sasl_plain_password' not in config:
+            raise KafkaConfigurationError('sasl_plain_password required for PLAIN sasl')
+        self.username = config['sasl_plain_username']
+        self.password = config['sasl_plain_password']
+        self._is_done = False
+        self._is_authenticated = False
+    def auth_bytes(self):
+        # Send PLAIN credentials per RFC-4616
+        return bytes('\0'.join([self.username, self.username, self.password]).encode('utf-8'))
+    def receive(self, auth_bytes):
+        self._is_done = True
+        self._is_authenticated = auth_bytes == b''
+    def is_done(self):
+        return self._is_done
+    def is_authenticated(self):
+        return self._is_authenticated
+    def auth_details(self):
+        if not self.is_authenticated:
+            raise RuntimeError('Not authenticated yet!')
+        return 'Authenticated as %s via SASL / Plain' % self.username

kafka/net/sasl/scram.py ADDED Viewed

@@ -0,0 +1,135 @@
+import base64
+import hashlib
+import hmac
+import logging
+import uuid
+from .abc import SaslMechanism
+from kafka.errors import KafkaConfigurationError
+log = logging.getLogger(__name__)
+def xor_bytes(left, right):
+    return bytes(lb ^ rb for lb, rb in zip(left, right))
+class SaslMechanismScram(SaslMechanism):
+    def __init__(self, **config):
+        if not config.get('sasl_plain_username', ''):
+            KafkaConfigurationError('sasl_plain_username required for SCRAM sasl')
+        if not config.get('sasl_plain_password', ''):
+            KafkaConfigurationError('sasl_plain_password required for SCRAM sasl')
+        if config.get('sasl_mechanism', '') not in ScramClient.MECHANISMS:
+            KafkaConfigurationError('Unrecognized SCRAM mechanism')
+        if config.get('security_protocol', '') == 'SASL_PLAINTEXT':
+            log.warning('Exchanging credentials in the clear during Sasl Authentication')
+        self.username = config['sasl_plain_username']
+        self.mechanism = config['sasl_mechanism']
+        self._scram_client = ScramClient(
+            config['sasl_plain_username'],
+            config['sasl_plain_password'],
+            config['sasl_mechanism']
+        )
+        self._state = 0
+    def auth_bytes(self):
+        if self._state == 0:
+            return self._scram_client.first_message()
+        elif self._state == 1:
+            return self._scram_client.final_message()
+        else:
+            raise ValueError('No auth_bytes for state: %s' % self._state)
+    def receive(self, auth_bytes):
+        if self._state == 0:
+            self._scram_client.process_server_first_message(auth_bytes)
+        elif self._state == 1:
+            self._scram_client.process_server_final_message(auth_bytes)
+        else:
+            raise ValueError('Cannot receive bytes in state: %s' % self._state)
+        self._state += 1
+        return self.is_done()
+    def is_done(self):
+        return self._state == 2
+    def is_authenticated(self):
+        # receive raises if authentication fails...?
+        return self._state == 2
+    def auth_details(self):
+        if not self.is_authenticated:
+            raise RuntimeError('Not authenticated yet!')
+        return 'Authenticated as %s via SASL / %s' % (self.username, self.mechanism)
+class ScramClient:
+    MECHANISMS = {
+        'SCRAM-SHA-256': hashlib.sha256,
+        'SCRAM-SHA-512': hashlib.sha512
+    }
+    def __init__(self, user, password, mechanism):
+        self.nonce = str(uuid.uuid4()).replace('-', '').encode('utf-8')
+        self.auth_message = b''
+        self.salted_password = None
+        self.user = user.encode('utf-8')
+        self.password = password.encode('utf-8')
+        self.hashfunc = self.MECHANISMS[mechanism]
+        self.hashname = ''.join(mechanism.lower().split('-')[1:3])
+        self.stored_key = None
+        self.client_key = None
+        self.client_signature = None
+        self.client_proof = None
+        self.server_key = None
+        self.server_signature = None
+    def first_message(self):
+        client_first_bare = b'n=' + self.user + b',r=' + self.nonce
+        self.auth_message += client_first_bare
+        return b'n,,' + client_first_bare
+    def process_server_first_message(self, server_first_message):
+        self.auth_message += b',' + server_first_message
+        params = dict(pair.split('=', 1) for pair in server_first_message.decode('utf-8').split(','))
+        server_nonce = params['r'].encode('utf-8')
+        if not server_nonce.startswith(self.nonce):
+            raise ValueError("Server nonce, did not start with client nonce!")
+        self.nonce = server_nonce
+        self.auth_message += b',c=biws,r=' + self.nonce
+        salt = base64.b64decode(params['s'].encode('utf-8'))
+        try:
+            iterations = int(params['i'])
+            if iterations > 1000000:
+                raise ValueError('too many iterations')
+        except (TypeError, ValueError):
+            raise ValueError('Invalid value (not integer or too large) for Iteration count in server-first-message')
+        self.create_salted_password(salt, iterations)
+        self.client_key = self.hmac(self.salted_password, b'Client Key')
+        self.stored_key = self.hashfunc(self.client_key).digest()
+        self.client_signature = self.hmac(self.stored_key, self.auth_message)
+        self.client_proof = xor_bytes(self.client_key, self.client_signature)
+        self.server_key = self.hmac(self.salted_password, b'Server Key')
+        self.server_signature = self.hmac(self.server_key, self.auth_message)
+    def hmac(self, key, msg):
+        return hmac.new(key, msg, digestmod=self.hashfunc).digest()
+    def create_salted_password(self, salt, iterations):
+        self.salted_password = hashlib.pbkdf2_hmac(
+            self.hashname, self.password, salt, iterations
+        )
+    def final_message(self):
+        return b'c=biws,r=' + self.nonce + b',p=' + base64.b64encode(self.client_proof)
+    def process_server_final_message(self, server_final_message):
+        params = dict(pair.split('=', 1) for pair in server_final_message.decode('utf-8').split(','))
+        if self.server_signature != base64.b64decode(params['v'].encode('utf-8')):
+            raise ValueError("Server sent wrong signature!")