From 113180f6f005fd8bf1f40b423ffe2b65f462faa2 Mon Sep 17 00:00:00 2001 From: chaoqun-wu <57609131+chaoqun-wu@users.noreply.github.com> Date: Mon, 9 Nov 2020 16:22:50 +0800 Subject: [PATCH 1/2] Update sarama.go Add SASL_PLAINTEXT ability to Kafka connection --- core/internal/helpers/sarama.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/core/internal/helpers/sarama.go b/core/internal/helpers/sarama.go index a2af25b6..d661843a 100644 --- a/core/internal/helpers/sarama.go +++ b/core/internal/helpers/sarama.go @@ -135,6 +135,25 @@ func GetSaramaConfigFromClientProfile(profileName string) *sarama.Config { saramaConfig.Net.SASL.Password = viper.GetString("sasl." + saslName + ".password") } + // Configure kerberos if enabled + if viper.IsSet(configRoot + ".kerberos") { + saslName := viper.GetString(configRoot + ".kerberos") + saramaConfig.Net.SASL.Enable = true + + saramaConfig.Net.SASL.Mechanism = sarama.SASLTypeGSSAPI + saramaConfig.Net.SASL.GSSAPI.AuthType = sarama.KRB5_KEYTAB_AUTH + //sasl.kerberos.service.name + saramaConfig.Net.SASL.GSSAPI.ServiceName = viper.GetString("kerberos." + saslName + ".servicename") + //krb5.conf + saramaConfig.Net.SASL.GSSAPI.KerberosConfigPath = viper.GetString("kerberos." + saslName + ".krb5") + //realm + saramaConfig.Net.SASL.GSSAPI.Realm = viper.GetString("kerberos." + saslName + ".realm") + //keytab + saramaConfig.Net.SASL.GSSAPI.KeyTabPath = viper.GetString("kerberos." + saslName + ".keytab") + //username + saramaConfig.Net.SASL.GSSAPI.Username = viper.GetString("kerberos." + saslName + ".username") + } + // Timeout for the initial connection if viper.IsSet(configRoot + ".dial-timeout") { saramaConfig.Net.DialTimeout = time.Duration(viper.GetInt(configRoot+".dial-timeout")) * time.Second From b9d1c5bd631d692d25b2be2e0786a6acec43c5c7 Mon Sep 17 00:00:00 2001 From: Sungpeo Kook Date: Fri, 27 May 2022 23:45:27 +0900 Subject: [PATCH 2/2] Add kerberos profile to support sasl plaintext with gssapi --- core/internal/helpers/sarama.go | 7 +------ core/internal/httpserver/kafka.go | 17 +++++++++++++++++ core/internal/httpserver/structs.go | 20 +++++++++++++++----- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/core/internal/helpers/sarama.go b/core/internal/helpers/sarama.go index d661843a..ef084ed0 100644 --- a/core/internal/helpers/sarama.go +++ b/core/internal/helpers/sarama.go @@ -142,15 +142,10 @@ func GetSaramaConfigFromClientProfile(profileName string) *sarama.Config { saramaConfig.Net.SASL.Mechanism = sarama.SASLTypeGSSAPI saramaConfig.Net.SASL.GSSAPI.AuthType = sarama.KRB5_KEYTAB_AUTH - //sasl.kerberos.service.name saramaConfig.Net.SASL.GSSAPI.ServiceName = viper.GetString("kerberos." + saslName + ".servicename") - //krb5.conf - saramaConfig.Net.SASL.GSSAPI.KerberosConfigPath = viper.GetString("kerberos." + saslName + ".krb5") - //realm + saramaConfig.Net.SASL.GSSAPI.KerberosConfigPath = viper.GetString("kerberos." + saslName + ".krb5conf") saramaConfig.Net.SASL.GSSAPI.Realm = viper.GetString("kerberos." + saslName + ".realm") - //keytab saramaConfig.Net.SASL.GSSAPI.KeyTabPath = viper.GetString("kerberos." + saslName + ".keytab") - //username saramaConfig.Net.SASL.GSSAPI.Username = viper.GetString("kerberos." + saslName + ".username") } diff --git a/core/internal/httpserver/kafka.go b/core/internal/httpserver/kafka.go index 3869e554..fc9adeaf 100644 --- a/core/internal/httpserver/kafka.go +++ b/core/internal/httpserver/kafka.go @@ -65,6 +65,22 @@ func getSASLProfile(name string) *httpResponseSASLProfile { } } +func getKerberosProfile(name string) *httpResponseKerberosProfile { + configRoot := "kerberos." + name + if !viper.IsSet(configRoot) { + return nil + } + + return &httpResponseKerberosProfile{ + Name: name, + KeyTab: viper.GetString(configRoot + ".keytab"), + Krb5Conf: viper.GetString(configRoot + ".krb5conf"), + Realm: viper.GetString(configRoot + ".realm"), + ServiceName: viper.GetString(configRoot + ".servicename"), + Username: viper.GetString(configRoot + ".username"), + } +} + func getClientProfile(name string) httpResponseClientProfile { configRoot := "client-profile." + name return httpResponseClientProfile{ @@ -73,6 +89,7 @@ func getClientProfile(name string) httpResponseClientProfile { KafkaVersion: viper.GetString(configRoot + ".kafka-version"), TLS: getTLSProfile(viper.GetString(configRoot + ".tls")), SASL: getSASLProfile(viper.GetString(configRoot + ".sasl")), + Kerberos: getKerberosProfile(viper.GetString(configRoot + ".kerberos")), } } diff --git a/core/internal/httpserver/structs.go b/core/internal/httpserver/structs.go index 6b634468..997d0d63 100644 --- a/core/internal/httpserver/structs.go +++ b/core/internal/httpserver/structs.go @@ -48,12 +48,22 @@ type httpResponseSASLProfile struct { Username string `json:"username"` } +type httpResponseKerberosProfile struct { + Name string `json:"name"` + KeyTab string `json:"keytab"` + Krb5Conf string `json:"krb5conf"` + Realm string `json:"realm"` + ServiceName string `json:"servicename"` + Username string `json:"username"` +} + type httpResponseClientProfile struct { - Name string `json:"name"` - ClientID string `json:"client-id"` - KafkaVersion string `json:"kafka-version"` - TLS *httpResponseTLSProfile `json:"tls"` - SASL *httpResponseSASLProfile `json:"sasl"` + Name string `json:"name"` + ClientID string `json:"client-id"` + KafkaVersion string `json:"kafka-version"` + TLS *httpResponseTLSProfile `json:"tls"` + SASL *httpResponseSASLProfile `json:"sasl"` + Kerberos *httpResponseKerberosProfile `json:"kerberos"` } type httpResponseClusterList struct {