-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[kafka/internal, kafkaexporter, kafkareceiver] Add SASL mechanism "AWS_MSK_IAM_OAUTHBEARER" to kafkaexporter #32500
base: main
Are you sure you want to change the base?
Conversation
This PR was marked stale due to lack of activity. It will be closed in 14 days. |
@donald-cheung Thanks for your contribution! We need to you to sign the CLA in order to be able to accept your contribution |
@mx-psi |
This PR was marked stale due to lack of activity. It will be closed in 14 days. |
Closed as inactive. Feel free to reopen if this PR is still being worked on. |
Hey, this would be awesome to have. What's going on? |
Sorry, we are in the process of getting approval from the upper organization. This will take some time. Thank you. |
We will have a meeting and update the progress next week. |
@donald-cheung Let me know when you have approval from your org and want to reopen the PR and I can do it for you :) |
@mx-psi Thanks. The meeting is rescheduled to next week so I will update you later. |
Hi @donald-cheung, could you please keep posted on the result? This MR is useful for us. |
Sorry for the late reply. The feedback from the upper organization is good. The upper organization will start their procedures to approve. |
@mx-psi, @dmitryax, @MovieStoreGuy, @pavolloffay, @jpkrohling. This PR is ready for review. Thank you very much. |
@pavolloffay @MovieStoreGuy PTAL! |
@pavolloffay @MovieStoreGuy Please let me know if there is anything to follow up. Thank you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM,
is there a way to add some functional test?
change_type: enhancement | ||
|
||
# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver) | ||
component: kafkaexporter, internal/kafka |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
isn't receiver missing here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess we can remove the internal/kafka?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks. I updated the changelog.
No simple way, a AWS MSK is needed for testing. |
@MovieStoreGuy PTAL and let me know if there is anything to follow up. Thank you. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, one minor nit and that is it from me.
type AWSMSKConfig struct { | ||
// Region is the AWS region the MSK cluster is based in | ||
Region string `mapstructure:"region"` | ||
// BrokerAddr is the client is connecting to in order to perform the auth required | ||
BrokerAddr string `mapstructure:"broker_addr"` | ||
} | ||
|
||
// Token return the AWS session token for the AWS_MSK_IAM_OAUTHBEARER mechanism | ||
func (c *AWSMSKConfig) Token() (*sarama.AccessToken, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please pass in the context to avoid using context.TODO
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have changed the code to pass the context from parent's function. PTAL. Thank you.
Sorry it has taken me a bit, there is only one outstanding nit from me @donald-cheung |
Waiting for this PR to be merged! 🙇 |
@MovieStoreGuy Could we get this merged if ready? |
e94ace8
to
fd12dd2
Compare
Any idea what is left before this can be merged? :D |
If I can add any more support to this PR, my team built and tested this locally against MSK, and it works as expected. Really looking forward to a mainline release! |
@MovieStoreGuy, @pavolloffay |
Our team is also looking for this feature, hope it can be merged soon 🙇 |
Description:
This PR added the SASL mechanism "AWS_MSK_IAM_OAUTHBEARER" to kafkaexporter and kafkareceiver. This mechanism use the AWS MSK IAM SASL Signer for Go https://github.com/aws/aws-msk-iam-sasl-signer-go. This mechanism is added because the "AWS_MSK_IAM" is not working in our cluster and also in this issue. We added an new mechanism instead of replace the existing one because we want to keep the backward compatibility just in case someone is using "AWS_MSK_IAM".
Link to tracking Issue:
19747
Testing:
We built the images and tested the SASL mechanism in our team.
We added related unit tests.
Documentation:
We updated the kafkaexporter and kafakreciever README on the SASL mechanism.