Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[sasl] use a SCRAM client for each connection #1349

Merged
merged 1 commit into from
Apr 15, 2019

Conversation

mrsinham
Copy link
Contributor

@mrsinham mrsinham commented Apr 9, 2019

As sarama can connect to multiple brokers as the same time, the scram client must be different for each connection as it uses steps to connect via sasl. This avoids the auth mechanism to use the same scram client on connection that have different states.

Symptoms example:

2019/03/29 09:24:18 kafka: error while consuming *****/6: kafka server: Request is not valid given the current SASL state.

  • error while decoding scram/sasl fields

@ghost ghost added the cla-needed label Apr 9, 2019
@mrsinham mrsinham force-pushed the sasl_client_datarace branch from d8ed0fb to f87f2e8 Compare April 9, 2019 13:35
@mrsinham
Copy link
Contributor Author

mrsinham commented Apr 9, 2019

Hi ! I just signed the CLA, thx

config.go Outdated
@@ -503,8 +503,8 @@ func (c *Config) Validate() error {
if c.Net.SASL.Password == "" {
return ConfigurationError("Net.SASL.Password must not be empty when SASL is enabled")
}
if c.Net.SASL.SCRAMClient == nil {
return ConfigurationError("A SCRAMClient instance must be provided to Net.SASL.SCRAMClient")
if c.Net.SASL.SCRAMClientGenerator == nil || c.Net.SASL.SCRAMClientGenerator() == nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do you need to check both?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's kinda protecting the user against himself but it doesn't hurt IMHO.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed the second test as it is not very useful

@mrsinham mrsinham force-pushed the sasl_client_datarace branch from 687e680 to 8745624 Compare April 9, 2019 14:31
config_test.go Outdated
cfg.Net.SASL.User = "user"
cfg.Net.SASL.Password = "stong_password"
},
"A SCRAMClient instance must be provided to Net.SASL.SCRAMClient"},
"A SCRAMClientGenerator closure must be provided to Net.SASL.SCRAMClientGenerator"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest changing closure to function

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

config.go Outdated
// client used to perform the SCRAM exchange with the server.
SCRAMClient SCRAMClient
SCRAMClientGenerator func() SCRAMClient
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SCRAMClientGeneratorFunc

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@mrsinham mrsinham force-pushed the sasl_client_datarace branch from 8745624 to 5722d69 Compare April 15, 2019 13:16
@bai bai requested a review from varun06 April 15, 2019 13:50
Copy link
Contributor

@varun06 varun06 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates, looks good now. 👍

@bai bai merged commit 2a49b70 into IBM:master Apr 15, 2019
@iyedbennour
Copy link
Contributor

iyedbennour commented Apr 24, 2019

Hello guys ! A dot release with this code would be awesome. I am happy to help if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants