Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Mechanism ¶
type Mechanism struct { // The sigv4.Signer of aws-sdk-go-v2 to use when signing the request. Required. Signer *signer.Signer // The aws.Config.Credentials or config.CredentialsProvider of aws-sdk-go-v2. Required. Credentials aws.CredentialsProvider // The region where the msk cluster is hosted, e.g. "us-east-1". Required. Region string // The time the request is planned for. Optional, defaults to time.Now() at time of authentication. SignTime time.Time // The duration for which the presigned request is active. Optional, defaults to 5 minutes. Expiry time.Duration }
Mechanism implements sasl.Mechanism for the AWS_MSK_IAM mechanism, based on the official java implementation: https://github.com/aws/aws-msk-iam-auth
func (*Mechanism) Start ¶
Start produces the authentication values required for AWS_MSK_IAM. It produces the following json as a byte array, making use of the aws-sdk to produce the signed output.
{ "version" : "2020_10_22", "host" : "<broker host>", "user-agent": "<user agent string from the client>", "action": "kafka-cluster:Connect", "x-amz-algorithm" : "<algorithm>", "x-amz-credential" : "<clientAWSAccessKeyID>/<date in yyyyMMdd format>/<region>/kafka-cluster/aws4_request", "x-amz-date" : "<timestamp in yyyyMMdd'T'HHmmss'Z' format>", "x-amz-security-token" : "<clientAWSSessionToken if any>", "x-amz-signedheaders" : "host", "x-amz-expires" : "<expiration in seconds>", "x-amz-signature" : "<AWS SigV4 signature computed by the client>" }
Click to show internal directories.
Click to hide internal directories.