-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathsasl.go
More file actions
116 lines (96 loc) · 2.54 KB
/
sasl.go
File metadata and controls
116 lines (96 loc) · 2.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package wkafka
import (
"fmt"
"github.com/twmb/franz-go/pkg/sasl"
"github.com/twmb/franz-go/pkg/sasl/plain"
"github.com/twmb/franz-go/pkg/sasl/scram"
)
var (
ScramSha256 = "SCRAM-SHA-256"
ScramSha512 = "SCRAM-SHA-512"
)
type SaslConfigs []SalsConfig
func (c SaslConfigs) Generate() ([]sasl.Mechanism, error) {
mechanisms := []sasl.Mechanism{}
for i := range c {
mechanism, err := c[i].Generate()
if err != nil {
return nil, err
}
if mechanism != nil {
mechanisms = append(mechanisms, mechanism)
}
}
return mechanisms, nil
}
type SalsConfig struct {
Plain SaslPlain `cfg:"plain" json:"plain"`
SCRAM SaslSCRAM `cfg:"scram" json:"scram"`
}
func (c SalsConfig) Generate() (sasl.Mechanism, error) {
if c.Plain.Enabled {
return c.Plain.Generate()
}
if c.SCRAM.Enabled {
return c.SCRAM.Generate()
}
return nil, nil
}
// SaslPlain contains options for SASL/SCRAM authentication.
type SaslPlain struct {
// Enabled this config.
Enabled bool `cfg:"enabled" json:"enabled"`
// Zid is an optional authorization ID to use in authenticating.
Zid string `cfg:"zid" json:"zid"`
// User is the SASL username.
User string `cfg:"user" json:"user"`
// Pass is the SASL password.
Pass string `cfg:"pass" json:"pass" log:"false"`
}
func (s SaslPlain) Generate() (sasl.Mechanism, error) {
if !s.Enabled {
return nil, nil
}
auth := plain.Auth{
User: s.User,
Pass: s.Pass,
}
return auth.AsMechanism(), nil
}
type SaslSCRAM struct {
// Enabled this config.
Enabled bool `cfg:"enabled" json:"enabled"`
// Algorithm valid values are "SCRAM-SHA-256" and "SCRAM-SHA-512".
// Empty is plain SASL.
Algorithm string `cfg:"algorithm" json:"algorithm"`
// Zid is an optional authorization ID to use in authenticating.
Zid string `cfg:"zid" json:"zid"`
// Username is the SASL username.
User string `cfg:"user" json:"user"`
// Pass is the SASL password.
Pass string `cfg:"pass" json:"pass" log:"false"`
// IsToken, if true, suffixes the "tokenauth=true" extra attribute to
// the initial authentication message.
//
// Set this to true if the user and pass are from a delegation token.
IsToken bool `cfg:"is_token" json:"is_token"`
}
func (s SaslSCRAM) Generate() (sasl.Mechanism, error) {
if !s.Enabled {
return nil, nil
}
auth := scram.Auth{
Zid: s.Zid,
User: s.User,
Pass: s.Pass,
IsToken: s.IsToken,
}
switch s.Algorithm {
case ScramSha256:
return auth.AsSha256Mechanism(), nil
case ScramSha512:
return auth.AsSha512Mechanism(), nil
default:
return nil, fmt.Errorf("invalid algorithm %q", s.Algorithm)
}
}