-
-
Notifications
You must be signed in to change notification settings - Fork 522
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for injecting authentication mechanisms #840
Labels
Comments
This was referenced May 13, 2021
This is now available in 2.2.0-beta.0. Documentation for the feature is available here. Please try it out and report back with your results and experiences. |
jmaver-plume
added a commit
to jmaver-plume/kafkajs-msk-iam-authentication-mechanism
that referenced
this issue
Jul 10, 2022
Update library to follow the latest update in tulios/kafkajs#840 (comment).
spark-e
pushed a commit
to trialspark/kafkajs-msk-iam-authentication-mechanism
that referenced
this issue
Nov 29, 2022
# 1.0.0 (2022-11-29) ### Bug Fixes * Pass region to getDefaultRoleAssumerWithWebIdentity ([jmaver-plume#16](https://github.com/trialspark/kafkajs-msk-iam-authentication-mechanism/issues/16)) ([8f65e74](8f65e74)) ### Features * add type definition ([jmaver-plume#12](https://github.com/trialspark/kafkajs-msk-iam-authentication-mechanism/issues/12)) ([64b3cf9](64b3cf9)) * Update for KafkaJS [#840](https://github.com/trialspark/kafkajs-msk-iam-authentication-mechanism/issues/840) changes ([jmaver-plume#8](https://github.com/trialspark/kafkajs-msk-iam-authentication-mechanism/issues/8)) ([4b56c7a](4b56c7a)), closes [/github.com/tulios/kafkajs/issues/840#issuecomment-1177251826](https://github.com//github.com/tulios/kafkajs/issues/840/issues/issuecomment-1177251826)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Currently there is no way for a developer to add support for SASL GSSAPI (Kerberos) without bundling that into KafkaJS itself. We would likely not want to do that, as that particular case requires a native module.
I should note that while I think this change makes sense, and I have definitely seen people asking for Kerberos authentication (#609 & #213), I don't have this use-case myself, so unless someone is willing to sponsor the work, consider this more of a roadmap ticket.
Describe the solution you'd like
Similar to how we allow users to add compression codecs, we should expose the list of supported mechanisms and allow users to add their implementations:
One challenge I see is that the interface for the authenticator is not entirely fit for external usage at the moment. Essentially, an authenticator looks something like this today:
AuthenticatorConstructor
is where we expose KafkaJS internals. Specifically:Logger
- This one is fine. This is already available and has a public interface.Connection
- This is worse. This is very much not a public interface.From what I can see from existing authenticators, we are really only providing the Connection to them because they need a subset of the following information:
host
andport
. From what I can see this is only for logging.sasl
username and password. This is obviously needed for the authenticator.The authenticator does not actually need the connection itself, because the only request it has to make to the broker is done via
SaslAuthenticationFunction
where it's safely encapsulated. We could just provide thesasl
andbroker
information.I'm also not entirely sure about the parameter and return types of
Request
andResponse
. I think I saw different authenticators returnPromise<Encoder|Buffer>
forRequest.encode()
andPromise<Encoder|Buffer|boolean>
forResponse.decode
andResponse.parse
, so there's probably some cleaning up to do there. If we make it public, it should only accept and return buffers, rather thanEncoder
s.The text was updated successfully, but these errors were encountered: