-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add "mechanism" in output.kafka to support SCRAM-SHA-512 and SCRAM-SHA-256 #12867
Conversation
… and SCRAM-SHA-256 mechanism. How to use it: ``` output.kafka: codec.format: string: '%{[@timestamp]} %{[message]}' hosts: ["localhost:9092"] topic: 'mytopic' partition.round_robin: reachable_only: false required_acks: 1 compression: gzip max_message_bytes: 1000000 username: user password: pass mechanism: SCRAM-SHA-512 ```
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
1 similar comment
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
libbeat/outputs/kafka/config.go
Outdated
return | ||
} | ||
|
||
func (x *XDGSCRAMClient) Done() bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method XDGSCRAMClient.Done should have comment or be unexported
libbeat/outputs/kafka/config.go
Outdated
return nil | ||
} | ||
|
||
func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method XDGSCRAMClient.Step should have comment or be unexported
libbeat/outputs/kafka/config.go
Outdated
scram.HashGeneratorFcn | ||
} | ||
|
||
func (x *XDGSCRAMClient) Begin(userName, password, authzID string) (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method XDGSCRAMClient.Begin should have comment or be unexported
libbeat/outputs/kafka/config.go
Outdated
var SHA256 scram.HashGeneratorFcn = func() hash.Hash { return sha256.New() } | ||
var SHA512 scram.HashGeneratorFcn = func() hash.Hash { return sha512.New() } | ||
|
||
type XDGSCRAMClient struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported type XDGSCRAMClient should have comment or be unexported
libbeat/outputs/kafka/config.go
Outdated
) | ||
|
||
var SHA256 scram.HashGeneratorFcn = func() hash.Hash { return sha256.New() } | ||
var SHA512 scram.HashGeneratorFcn = func() hash.Hash { return sha512.New() } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var SHA512 should have comment or be unexported
libbeat/outputs/kafka/config.go
Outdated
) | ||
|
||
var SHA256 scram.HashGeneratorFcn = func() hash.Hash { return sha256.New() } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var SHA256 should have comment or be unexported
@zvictorino thanks for opening this PR! Tests are failing because there is a missing package, you will need to add it with |
let's name the setting The setting will also need some docs. Almost all symbols are private to the package, don't export them. |
libbeat/outputs/kafka/config.go
Outdated
@@ -58,6 +89,7 @@ type kafkaConfig struct { | |||
Username string `config:"username"` | |||
Password string `config:"password"` | |||
Codec codec.Config `config:"codec"` | |||
Mechanism string `config:"mechanism"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this calls for an enum like type (over string):
type saslMechanism string
const (
saslTypePlaintext = sarama.SASLTypePlaintext
...
)
func (m *saslMechanism) Unpack(in string) error {
in = strings.ToUpper(in) // try not to force users to use all upper case
switch in {
case saslTypePlaintext, ...:
*m = saslMechanism(in)
default:
return fmt.Errorf("not valid mechanism '%v', only supported with PLAIN|SCRAM-SHA-512|SCRAM-SHA-256", in)
}
return nil
}
The unpack method will be called by (*Config).Unpack
. If it fails the full config name and the config file the setting comes from will be reported.
There is another 'string' comparison in order to fill in the sarama SASL settings. Having magic strings in different places is a good way to introduce Bugs (future developer might have typo when adding another mechanism). Better use an enum and use contanstants (compiler will complain if there is a typo). By having our own type we can also do this (optional):
func (m saslMechanism) configureSarama(... <other input>?, config *sarama.Config) error {
switch m {
case saslScramSHA256:
...
case sasl<type>:
...
default:
panic(<we shouldn't get here, assuming no developer messed up>)
}
}
Hi @zvictorino, we have found your signature in our records, but it seems like you have signed with a different e-mail than the one used in your Git commit. Can you please add both of these e-mails into your Github profile (they can be hidden), so we can match your e-mails to your Github profile? |
Move some codes to separate file.
return nil | ||
} | ||
|
||
func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method XDGSCRAMClient.Step should have comment or be unexported
scram.HashGeneratorFcn | ||
} | ||
|
||
func (x *XDGSCRAMClient) Begin(userName, password, authzID string) (err error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported method XDGSCRAMClient.Begin should have comment or be unexported
var SHA256 scram.HashGeneratorFcn = func() hash.Hash { return sha256.New() } | ||
var SHA512 scram.HashGeneratorFcn = func() hash.Hash { return sha512.New() } | ||
|
||
type XDGSCRAMClient struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported type XDGSCRAMClient should have comment or be unexported
) | ||
|
||
var SHA256 scram.HashGeneratorFcn = func() hash.Hash { return sha256.New() } | ||
var SHA512 scram.HashGeneratorFcn = func() hash.Hash { return sha512.New() } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var SHA512 should have comment or be unexported
"github.com/xdg/scram" | ||
) | ||
|
||
var SHA256 scram.HashGeneratorFcn = func() hash.Hash { return sha256.New() } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exported var SHA256 should have comment or be unexported
@@ -0,0 +1,37 @@ | |||
// https://github.com/Shopify/sarama/blob/master/examples/sasl_scram_client/scram_client.go |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
package comment should be of the form "Package kafka ..."
Hello @zvictorino this is a really nice addition, its there anything we could help to move it forward with you? |
jenkins, test this |
can anyone merge this pull request plz ? |
@zvictorino there is a merge conflict, could you please update the branch with master? Thanks! |
💚 CLA has been signed |
Update code to master
ok to test |
jenkins, test this again please |
Code LGTM, but there would be some pending things. We would need a changelog entry, docs for the new options, and some tests. @zvictorino let me know if you can continue with this, if not I am ok with merging this as is and create an issue with some follow up tasks. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Merging this as is by now, but not backporting to 7.x, I will create an issue for follow ups. Thanks @zvictorino!
Follow up issue for this: #16723 |
…A-256 (elastic#12867) (cherry picked from commit e935b26)
(cherry picked from commit 87ff5c0)
… SCRAM-SHA-512 and SCRAM-SHA-256 (#23110) Add "mechanism" in output.kafka to support SCRAM-SHA-512 and SCRAM-SHA-256. (cherry picked from commit e935b26) (cherry picked from commit 87ff5c0) Co-authored-by: zvictorino <[email protected]>
New config key
mechanism
was introduced.How to use it: