Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backend: OAuth SASL extensions support #1445

Merged
merged 3 commits into from
Sep 22, 2024

Conversation

smaxx
Copy link
Contributor

@smaxx smaxx commented Sep 12, 2024

Kafka SASL OAuth supports sending extensions(custom key-value pairs) during OAuth authentication. These extensions are also supported by franz-go(https://pkg.go.dev/github.com/twmb/franz-go/pkg/sasl/oauth).
So this PR adds a support for these custom properties

@CLAassistant
Copy link

CLAassistant commented Sep 12, 2024

CLA assistant check
All committers have signed the CLA.

@smaxx smaxx force-pushed the oauth_custom_properties branch from 6e22963 to f385996 Compare September 12, 2024 05:42
@smaxx smaxx force-pushed the oauth_custom_properties branch from f385996 to d3ed991 Compare September 12, 2024 09:30
@smaxx smaxx changed the title backend: OAuth custom properties support backend: OAuth SASL extensions support Sep 12, 2024
@@ -28,6 +28,7 @@ type KafkaSASLOAuthBearer struct {
ClientSecret string `yaml:"clientSecret"`
TokenEndpoint string `yaml:"tokenEndpoint"`
Scope string `yaml:"scope"`
Extensions string `yaml:"extensions"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Extensions string `yaml:"extensions"`
Extensions map[string]string `yaml:"extensions"`

Mapstructure has decode hooks that can parse the maps apropriately when reading from YAML. We should use the apropriate type here. Not entirely sure whether we can use flags for that, but we primarily recommend YAML configuration to our users.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

honestly i thought about this option as well(wouldn't require manual parsing as a major pro), however focused on the option which allows using as both yaml and command line flag.
Theoretically we could have 2nd hidden property which would be populated from a flag and then parsed only when we deal with a flag. What do you think? Or not to overcomplicate things just to support the yaml-based approach?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

imo we can just omit the flag parsing here and keep things simple.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please see the new version. Long story short: i tried introducing string-to-string map as you suggested, however Go parses map with lowercasing the keys(as far as i understand it is a well known issue in Go world). That is why not to depend on any case-related restrictions i fell back to collection of key-value structs. Works perfectly well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

actually the lowercasing happens in backend/pkg/config/config.go(see around line 163), due to the way how we deal with yaml keys vs env variable names. So either the approach has to be reworked to support whatever possible key format or we need to leave the actual SASL extension key as a property value which by default is not modified during Yaml parsing process

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@weeco please review if the current implementation is valid and makes sense to you. Thanks

@smaxx smaxx force-pushed the oauth_custom_properties branch from 918aaae to 4761b3d Compare September 19, 2024 08:13
@weeco
Copy link
Contributor

weeco commented Sep 22, 2024

Thanks for the contribution @smaxx , LGTM!

@weeco weeco merged commit 6c1bdf8 into redpanda-data:master Sep 22, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants