aws_msk_iam_v2

package module

v0.1.0 Latest Latest Go to latest Published: Feb 17, 2023 License: MIT Imports: 12 Imported by: 9

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/segmentio/kafka-go

Links

Open Source Insights

README ¶

AWS MSK IAM V2

This extension provides a capability to get authenticated with AWS Managed Apache Kafka through AWS IAM.

How to use

This module is an extension for MSK users and thus this is isolated from kafka-go module. You can add this module to your dependency by running the command below.

go get github.com/segmentio/kafka-go/sasl/aws_msk_iam_v2

Please find the sample code in example_test.go, you can use the Mechanism for SASL authentication of Reader and Writer.

Documentation ¶

Index ¶

type Mechanism
- func NewMechanism(awsCfg aws.Config) *Mechanism

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Mechanism ¶

type Mechanism struct {
	// The sigv4.Signer of aws-sdk-go-v2 to use when signing the request. Required.
	Signer *signer.Signer
	// The aws.Config.Credentials or config.CredentialsProvider of aws-sdk-go-v2. Required.
	Credentials aws.CredentialsProvider
	// The region where the msk cluster is hosted, e.g. "us-east-1". Required.
	Region string
	// The time the request is planned for. Optional, defaults to time.Now() at time of authentication.
	SignTime time.Time
	// The duration for which the presigned request is active. Optional, defaults to 5 minutes.
	Expiry time.Duration
}

Mechanism implements sasl.Mechanism for the AWS_MSK_IAM mechanism, based on the official java implementation: https://github.com/aws/aws-msk-iam-auth

func NewMechanism ¶

func NewMechanism(awsCfg aws.Config) *Mechanism

NewMechanism provides

func (*Mechanism) Name ¶

func (m *Mechanism) Name() string

func (*Mechanism) Next ¶

func (m *Mechanism) Next(ctx context.Context, challenge []byte) (bool, []byte, error)

func (*Mechanism) Start ¶

func (m *Mechanism) Start(ctx context.Context) (sess sasl.StateMachine, ir []byte, err error)

Start produces the authentication values required for AWS_MSK_IAM. It produces the following json as a byte array, making use of the aws-sdk to produce the signed output.

{
  "version" : "2020_10_22",
  "host" : "<broker host>",
  "user-agent": "<user agent string from the client>",
  "action": "kafka-cluster:Connect",
  "x-amz-algorithm" : "<algorithm>",
  "x-amz-credential" : "<clientAWSAccessKeyID>/<date in yyyyMMdd format>/<region>/kafka-cluster/aws4_request",
  "x-amz-date" : "<timestamp in yyyyMMdd'T'HHmmss'Z' format>",
  "x-amz-security-token" : "<clientAWSSessionToken if any>",
  "x-amz-signedheaders" : "host",
  "x-amz-expires" : "<expiration in seconds>",
  "x-amz-signature" : "<AWS SigV4 signature computed by the client>"
}

Source Files ¶

View all Source files

msk_iam.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL