Skip to content

Commit 38f85c3

Browse files
kirkokadakirkokada
committed
Add session token to iam mechanism
1 parent f274edf commit 38f85c3

File tree

3 files changed

+15
-6
lines changed

3 files changed

+15
-6
lines changed

lib/kafka/client.rb

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,9 @@ def initialize(seed_brokers:, client_id: "ruby-kafka", logger: nil, connect_time
8686
sasl_gssapi_keytab: nil, sasl_plain_authzid: '', sasl_plain_username: nil, sasl_plain_password: nil,
8787
sasl_scram_username: nil, sasl_scram_password: nil, sasl_scram_mechanism: nil,
8888
sasl_aws_msk_iam_access_key_id: nil,
89-
sasl_aws_msk_iam_secret_key_id: nil, sasl_aws_msk_iam_aws_region: nil,
89+
sasl_aws_msk_iam_secret_key_id: nil,
90+
sasl_aws_msk_iam_aws_region: nil,
91+
sasl_aws_msk_iam_session_token: nil,
9092
sasl_over_ssl: true, ssl_ca_certs_from_system: false, partitioner: nil, sasl_oauth_token_provider: nil, ssl_verify_hostname: true,
9193
resolve_seed_brokers: false)
9294
@logger = TaggedLogger.new(logger)
@@ -117,6 +119,7 @@ def initialize(seed_brokers:, client_id: "ruby-kafka", logger: nil, connect_time
117119
sasl_aws_msk_iam_access_key_id: sasl_aws_msk_iam_access_key_id,
118120
sasl_aws_msk_iam_secret_key_id: sasl_aws_msk_iam_secret_key_id,
119121
sasl_aws_msk_iam_aws_region: sasl_aws_msk_iam_aws_region,
122+
sasl_aws_msk_iam_session_token: sasl_aws_msk_iam_session_token,
120123
sasl_oauth_token_provider: sasl_oauth_token_provider,
121124
logger: @logger
122125
)

lib/kafka/sasl/awsmskiam.rb

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,13 @@ module Sasl
99
class AwsMskIam
1010
AWS_MSK_IAM = "AWS_MSK_IAM"
1111

12-
def initialize(aws_region:, access_key_id:, secret_key_id:, logger:)
12+
def initialize(aws_region:, access_key_id:, secret_key_id:, session_token: nil,logger:)
1313
@semaphore = Mutex.new
1414

1515
@aws_region = aws_region
1616
@access_key_id = access_key_id
1717
@secret_key_id = secret_key_id
18+
@session_token = session_token
1819
@logger = TaggedLogger.new(logger)
1920
end
2021

@@ -61,7 +62,7 @@ def digest
6162
end
6263

6364
def authentication_payload(host:, time_now:)
64-
{
65+
payload = {
6566
'version': "2020_10_22",
6667
'host': host,
6768
'user-agent': "ruby-kafka",
@@ -72,7 +73,11 @@ def authentication_payload(host:, time_now:)
7273
'x-amz-signedheaders': "host",
7374
'x-amz-expires': "900",
7475
'x-amz-signature': signature(host: host, time_now: time_now)
75-
}.to_json
76+
}
77+
78+
payload['x-amz-security-token'] = @session_token unless @session_token.nil?
79+
80+
payload.to_json
7681
end
7782

7883
def canonical_request(host:, time_now:)

lib/kafka/sasl_authenticator.rb

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ def initialize(logger:, sasl_gssapi_principal:, sasl_gssapi_keytab:,
1414
sasl_oauth_token_provider:,
1515
sasl_aws_msk_iam_access_key_id:,
1616
sasl_aws_msk_iam_secret_key_id:,
17-
sasl_aws_msk_iam_aws_region:
18-
)
17+
sasl_aws_msk_iam_aws_region:,
18+
sasl_aws_msk_iam_session_token: nil)
1919
@logger = TaggedLogger.new(logger)
2020

2121
@plain = Sasl::Plain.new(
@@ -42,6 +42,7 @@ def initialize(logger:, sasl_gssapi_principal:, sasl_gssapi_keytab:,
4242
access_key_id: sasl_aws_msk_iam_access_key_id,
4343
secret_key_id: sasl_aws_msk_iam_secret_key_id,
4444
aws_region: sasl_aws_msk_iam_aws_region,
45+
session_token: sasl_aws_msk_iam_session_token,
4546
logger: @logger,
4647
)
4748

0 commit comments

Comments
 (0)