-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SASL handshake negotiation #748
Conversation
Any news on that issue? We're not able to make SASL work with Sarama without this patch. |
@sebgl are you running this patch in production? |
@wvanbergen We are. Since we recently switched our Kafka clusters to SASL_SSL, this patch is the only way we can use Sarama (and we deeply rely on it :) ). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't really know too much about SASL, but the go code looks pretty good except for one remark. @eapache ?
b.connErr = b.sendAndReceiveSASLPlainHandshake() | ||
if b.connErr != nil { | ||
Logger.Printf("Error while performing SASL handshake %s\n", b.addr) | ||
return |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What error are we returning in this case? Should we set the err
variable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for reviewing it @wvanbergen
I might have miss something here. I guess that the connection should also be closed and the "b.opened" flag set to 0.
However as we are in a goroutine, I don't understand why the err variable should be set. We just stop the connection routine and the b.connErr is used to detect and error.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be simpler just to call sendAndReceiveSASLPlainHandshake
from sendAndReceiveSASLPlainAuth
and re-use the existing error handling for that method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@eapache indeed, it seems to be a good way of doing it 👍
a0ddbc8
to
8561c1d
Compare
This PR have a bug, more info in #781 |
This patch adds the mandatory SASL handshake for SASL negotiation.
8561c1d
to
610a3bd
Compare
@Alkorin thanks for the heads up. Just patched the PR 👍 |
Sorry for the delay on this. I manually rebased, tweaked and merged this. |
Here is a description of the problem I found :
Versions
Sarama Version: 482c471
Kafka Version: 0.10.0.1
Go Version: go1.7 darwin/amd64
Configuration
Kafka configuration
Sarama configuration
Problem Description
Using tcp-proxy ang golang I have the following frames :
Using tcp-proxy and python we have the following frames :
With SASL plain authentication activated, sarama sends the username/password but does not send the SASL handshake to start the SASL negotiation. As a result, Kafka closes the connection.
This patch add the SASL handshake negotiation.