aws_msk_iam_v2

package module
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 16, 2024 License: MIT Imports: 12 Imported by: 1

README

AWS MSK IAM V2

This extension provides a capability to get authenticated with AWS Managed Apache Kafka through AWS IAM.

How to use

This module is an extension for MSK users and thus this is isolated from kafka-go module. You can add this module to your dependency by running the command below.

go get github.com/generalmotors/kafka-go/sasl/aws_msk_iam_v2

Please find the sample code in example_test.go, you can use the Mechanism for SASL authentication of Reader and Writer.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Mechanism

type Mechanism struct {
	// The sigv4.Signer of aws-sdk-go-v2 to use when signing the request. Required.
	Signer *signer.Signer
	// The aws.Config.Credentials or config.CredentialsProvider of aws-sdk-go-v2. Required.
	Credentials aws.CredentialsProvider
	// The region where the msk cluster is hosted, e.g. "us-east-1". Required.
	Region string
	// The time the request is planned for. Optional, defaults to time.Now() at time of authentication.
	SignTime time.Time
	// The duration for which the presigned request is active. Optional, defaults to 5 minutes.
	Expiry time.Duration
}

Mechanism implements sasl.Mechanism for the AWS_MSK_IAM mechanism, based on the official java implementation: https://github.com/aws/aws-msk-iam-auth

func NewMechanism

func NewMechanism(awsCfg aws.Config) *Mechanism

NewMechanism provides

func (*Mechanism) Name

func (m *Mechanism) Name() string

func (*Mechanism) Next

func (m *Mechanism) Next(ctx context.Context, challenge []byte) (bool, []byte, error)

func (*Mechanism) Start

func (m *Mechanism) Start(ctx context.Context) (sess sasl.StateMachine, ir []byte, err error)

Start produces the authentication values required for AWS_MSK_IAM. It produces the following json as a byte array, making use of the aws-sdk to produce the signed output.

{
  "version" : "2020_10_22",
  "host" : "<broker host>",
  "user-agent": "<user agent string from the client>",
  "action": "kafka-cluster:Connect",
  "x-amz-algorithm" : "<algorithm>",
  "x-amz-credential" : "<clientAWSAccessKeyID>/<date in yyyyMMdd format>/<region>/kafka-cluster/aws4_request",
  "x-amz-date" : "<timestamp in yyyyMMdd'T'HHmmss'Z' format>",
  "x-amz-security-token" : "<clientAWSSessionToken if any>",
  "x-amz-signedheaders" : "host",
  "x-amz-expires" : "<expiration in seconds>",
  "x-amz-signature" : "<AWS SigV4 signature computed by the client>"
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL