forked from segmentio/kafka-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sasl.go
65 lines (57 loc) · 2.58 KB
/
sasl.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
package sasl
import "context"
type ctxKey struct{}
// Mechanism implements the SASL state machine for a particular mode of
// authentication. It is used by the kafka.Dialer to perform the SASL
// handshake.
//
// A Mechanism must be re-usable and safe for concurrent access by multiple
// goroutines.
type Mechanism interface {
// Name returns the identifier for this SASL mechanism. This string will be
// passed to the SASL handshake request and much match one of the mechanisms
// supported by Kafka.
Name() string
// Start begins SASL authentication. It returns an authentication state
// machine and "initial response" data (if required by the selected
// mechanism). A non-nil error causes the client to abort the authentication
// attempt.
//
// A nil ir value is different from a zero-length value. The nil value
// indicates that the selected mechanism does not use an initial response,
// while a zero-length value indicates an empty initial response, which must
// be sent to the server.
Start(ctx context.Context) (sess StateMachine, ir []byte, err error)
}
// StateMachine implements the SASL challenge/response flow for a single SASL
// handshake. A StateMachine will be created by the Mechanism per connection,
// so it does not need to be safe for concurrent access by multiple goroutines.
//
// Once the StateMachine is created by the Mechanism, the caller loops by
// passing the server's response into Next and then sending Next's returned
// bytes to the server. Eventually either Next will indicate that the
// authentication has been successfully completed via the done return value, or
// it will indicate that the authentication failed by returning a non-nil error.
type StateMachine interface {
// Next continues challenge-response authentication. A non-nil error
// indicates that the client should abort the authentication attempt. If
// the client has been successfully authenticated, then the done return
// value will be true.
Next(ctx context.Context, challenge []byte) (done bool, response []byte, err error)
}
// Metadata contains additional data for performing SASL authentication.
type Metadata struct {
// Host is the address of the broker the authentication will be
// performed on.
Host string
Port int
}
// WithMetadata returns a copy of the context with associated Metadata.
func WithMetadata(ctx context.Context, m *Metadata) context.Context {
return context.WithValue(ctx, ctxKey{}, m)
}
// MetadataFromContext retrieves the Metadata from the context.
func MetadataFromContext(ctx context.Context) *Metadata {
m, _ := ctx.Value(ctxKey{}).(*Metadata)
return m
}