diff --git a/core/internal/helpers/sarama.go b/core/internal/helpers/sarama.go index a2af25b6..ef084ed0 100644 --- a/core/internal/helpers/sarama.go +++ b/core/internal/helpers/sarama.go @@ -135,6 +135,20 @@ func GetSaramaConfigFromClientProfile(profileName string) *sarama.Config { saramaConfig.Net.SASL.Password = viper.GetString("sasl." + saslName + ".password") } + // Configure kerberos if enabled + if viper.IsSet(configRoot + ".kerberos") { + saslName := viper.GetString(configRoot + ".kerberos") + saramaConfig.Net.SASL.Enable = true + + saramaConfig.Net.SASL.Mechanism = sarama.SASLTypeGSSAPI + saramaConfig.Net.SASL.GSSAPI.AuthType = sarama.KRB5_KEYTAB_AUTH + saramaConfig.Net.SASL.GSSAPI.ServiceName = viper.GetString("kerberos." + saslName + ".servicename") + saramaConfig.Net.SASL.GSSAPI.KerberosConfigPath = viper.GetString("kerberos." + saslName + ".krb5conf") + saramaConfig.Net.SASL.GSSAPI.Realm = viper.GetString("kerberos." + saslName + ".realm") + saramaConfig.Net.SASL.GSSAPI.KeyTabPath = viper.GetString("kerberos." + saslName + ".keytab") + saramaConfig.Net.SASL.GSSAPI.Username = viper.GetString("kerberos." + saslName + ".username") + } + // Timeout for the initial connection if viper.IsSet(configRoot + ".dial-timeout") { saramaConfig.Net.DialTimeout = time.Duration(viper.GetInt(configRoot+".dial-timeout")) * time.Second diff --git a/core/internal/httpserver/kafka.go b/core/internal/httpserver/kafka.go index 3869e554..fc9adeaf 100644 --- a/core/internal/httpserver/kafka.go +++ b/core/internal/httpserver/kafka.go @@ -65,6 +65,22 @@ func getSASLProfile(name string) *httpResponseSASLProfile { } } +func getKerberosProfile(name string) *httpResponseKerberosProfile { + configRoot := "kerberos." + name + if !viper.IsSet(configRoot) { + return nil + } + + return &httpResponseKerberosProfile{ + Name: name, + KeyTab: viper.GetString(configRoot + ".keytab"), + Krb5Conf: viper.GetString(configRoot + ".krb5conf"), + Realm: viper.GetString(configRoot + ".realm"), + ServiceName: viper.GetString(configRoot + ".servicename"), + Username: viper.GetString(configRoot + ".username"), + } +} + func getClientProfile(name string) httpResponseClientProfile { configRoot := "client-profile." + name return httpResponseClientProfile{ @@ -73,6 +89,7 @@ func getClientProfile(name string) httpResponseClientProfile { KafkaVersion: viper.GetString(configRoot + ".kafka-version"), TLS: getTLSProfile(viper.GetString(configRoot + ".tls")), SASL: getSASLProfile(viper.GetString(configRoot + ".sasl")), + Kerberos: getKerberosProfile(viper.GetString(configRoot + ".kerberos")), } } diff --git a/core/internal/httpserver/structs.go b/core/internal/httpserver/structs.go index 6b634468..997d0d63 100644 --- a/core/internal/httpserver/structs.go +++ b/core/internal/httpserver/structs.go @@ -48,12 +48,22 @@ type httpResponseSASLProfile struct { Username string `json:"username"` } +type httpResponseKerberosProfile struct { + Name string `json:"name"` + KeyTab string `json:"keytab"` + Krb5Conf string `json:"krb5conf"` + Realm string `json:"realm"` + ServiceName string `json:"servicename"` + Username string `json:"username"` +} + type httpResponseClientProfile struct { - Name string `json:"name"` - ClientID string `json:"client-id"` - KafkaVersion string `json:"kafka-version"` - TLS *httpResponseTLSProfile `json:"tls"` - SASL *httpResponseSASLProfile `json:"sasl"` + Name string `json:"name"` + ClientID string `json:"client-id"` + KafkaVersion string `json:"kafka-version"` + TLS *httpResponseTLSProfile `json:"tls"` + SASL *httpResponseSASLProfile `json:"sasl"` + Kerberos *httpResponseKerberosProfile `json:"kerberos"` } type httpResponseClusterList struct {