aws_msk_iam_v2

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2023 License: MIT Imports: 12 Imported by: 16

README

AWS MSK IAM V2

This extension provides a capability to get authenticated with AWS Managed Apache Kafka through AWS IAM.

How to use

This module is an extension for MSK users and thus this is isolated from kafka-go module. You can add this module to your dependency by running the command below.

go get github.com/segmentio/kafka-go/sasl/aws_msk_iam_v2

Please find the sample code in example_test.go, you can use the Mechanism for SASL authentication of Reader and Writer.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Mechanism 

type Mechanism struct {
	// The sigv4.Signer of aws-sdk-go-v2 to use when signing the request. Required.
	Signer *signer.Signer
	// The aws.Config.Credentials or config.CredentialsProvider of aws-sdk-go-v2. Required.
	Credentials aws.CredentialsProvider
	// The region where the msk cluster is hosted, e.g. "us-east-1". Required.
	Region string
	// The time the request is planned for. Optional, defaults to time.Now() at time of authentication.
	SignTime time.Time
	// The duration for which the presigned request is active. Optional, defaults to 5 minutes.
	Expiry time.Duration
}

Mechanism implements sasl.Mechanism for the AWS_MSK_IAM mechanism, based on the official java implementation: https://github.com/aws/aws-msk-iam-auth

func NewMechanism 

func NewMechanism(awsCfg aws.Config) *Mechanism

NewMechanism provides

func (*Mechanism) Name 

func (m *Mechanism) Name() string

func (*Mechanism) Next 

func (m *Mechanism) Next(ctx context.Context, challenge []byte) (bool, []byte, error)

func (*Mechanism) Start 

func (m *Mechanism) Start(ctx context.Context) (sess sasl.StateMachine, ir []byte, err error)

Start produces the authentication values required for AWS_MSK_IAM. It produces the following json as a byte array, making use of the aws-sdk to produce the signed output. 

{
  "version" : "2020_10_22",
  "host" : "<broker host>",
  "user-agent": "<user agent string from the client>",
  "action": "kafka-cluster:Connect",
  "x-amz-algorithm" : "<algorithm>",
  "x-amz-credential" : "<clientAWSAccessKeyID>/<date in yyyyMMdd format>/<region>/kafka-cluster/aws4_request",
  "x-amz-date" : "<timestamp in yyyyMMdd'T'HHmmss'Z' format>",
  "x-amz-security-token" : "<clientAWSSessionToken if any>",
  "x-amz-signedheaders" : "host",
  "x-amz-expires" : "<expiration in seconds>",
  "x-amz-signature" : "<AWS SigV4 signature computed by the client>"
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.