Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
publics
/
sarama
0
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: 09cfb578b9
Atzari Tagi
sarama
/
broker.go

broker.go 32 KB
Vēsture Neapstrādāts

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211 
  1. package sarama
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/tls"
    5. 

  5. 	"encoding/binary"
    6. 

  6. 	"fmt"
    7. 

  7. 	"io"
    8. 

  8. 	"net"
    9. 

  9. 	"sort"
    10. 

  10. 	"strconv"
    11. 

  11. 	"strings"
    12. 

  12. 	"sync"
    13. 

  13. 	"sync/atomic"
    14. 

  14. 	"time"
    15. 

  15. 

  16. 	"github.com/rcrowley/go-metrics"
    17. 

  17. )
    18. 

  18. 

  19. // Broker represents a single Kafka broker connection. All operations on this object are entirely concurrency-safe.
    20. 

  20. type Broker struct {
    21. 

  21. 	id   int32
    22. 

  22. 	addr string
    23. 

  23. 	rack *string
    24. 

  24. 

  25. 	conf          *Config
    26. 

  26. 	correlationID int32
    27. 

  27. 	conn          net.Conn
    28. 

  28. 	connErr       error
    29. 

  29. 	lock          sync.Mutex
    30. 

  30. 	opened        int32
    31. 

  31. 

  32. 	responses chan responsePromise
    33. 

  33. 	done      chan bool
    34. 

  34. 

  35. 	incomingByteRate       metrics.Meter
    36. 

  36. 	requestRate            metrics.Meter
    37. 

  37. 	requestSize            metrics.Histogram
    38. 

  38. 	requestLatency         metrics.Histogram
    39. 

  39. 	outgoingByteRate       metrics.Meter
    40. 

  40. 	responseRate           metrics.Meter
    41. 

  41. 	responseSize           metrics.Histogram
    42. 

  42. 	brokerIncomingByteRate metrics.Meter
    43. 

  43. 	brokerRequestRate      metrics.Meter
    44. 

  44. 	brokerRequestSize      metrics.Histogram
    45. 

  45. 	brokerRequestLatency   metrics.Histogram
    46. 

  46. 	brokerOutgoingByteRate metrics.Meter
    47. 

  47. 	brokerResponseRate     metrics.Meter
    48. 

  48. 	brokerResponseSize     metrics.Histogram
    49. 

  49. }
    50. 

  50. 

  51. // SASLMechanism specifies the SASL mechanism the client uses to authenticate with the broker
    52. 

  52. type SASLMechanism string
    53. 

  53. 

  54. const (
    55. 

  55. 	// SASLTypeOAuth represents the SASL/OAUTHBEARER mechanism (Kafka 2.0.0+)
    56. 

  56. 	SASLTypeOAuth = "OAUTHBEARER"
    57. 

  57. 	// SASLTypePlaintext represents the SASL/PLAIN mechanism
    58. 

  58. 	SASLTypePlaintext = "PLAIN"
    59. 

  59. 	// SASLTypeSCRAMSHA256 represents the SCRAM-SHA-256 mechanism.
    60. 

  60. 	SASLTypeSCRAMSHA256 = "SCRAM-SHA-256"
    61. 

  61. 	// SASLTypeSCRAMSHA512 represents the SCRAM-SHA-512 mechanism.
    62. 

  62. 	SASLTypeSCRAMSHA512 = "SCRAM-SHA-512"
    63. 

  63. 	// SASLHandshakeV0 is v0 of the Kafka SASL handshake protocol. Client and
    64. 

  64. 	// server negotiate SASL auth using opaque packets.
    65. 

  65. 	SASLHandshakeV0 = int16(0)
    66. 

  66. 	// SASLHandshakeV1 is v1 of the Kafka SASL handshake protocol. Client and
    67. 

  67. 	// server negotiate SASL by wrapping tokens with Kafka protocol headers.
    68. 

  68. 	SASLHandshakeV1 = int16(1)
    69. 

  69. 	// SASLExtKeyAuth is the reserved extension key name sent as part of the
    70. 

  70. 	// SASL/OAUTHBEARER intial client response
    71. 

  71. 	SASLExtKeyAuth = "auth"
    72. 

  72. )
    73. 

  73. 

  74. // AccessToken contains an access token used to authenticate a
    75. 

  75. // SASL/OAUTHBEARER client along with associated metadata.
    76. 

  76. type AccessToken struct {
    77. 

  77. 	// Token is the access token payload.
    78. 

  78. 	Token string
    79. 

  79. 	// Extensions is a optional map of arbitrary key-value pairs that can be
    80. 

  80. 	// sent with the SASL/OAUTHBEARER initial client response. These values are
    81. 

  81. 	// ignored by the SASL server if they are unexpected. This feature is only
    82. 

  82. 	// supported by Kafka >= 2.1.0.
    83. 

  83. 	Extensions map[string]string
    84. 

  84. }
    85. 

  85. 

  86. // AccessTokenProvider is the interface that encapsulates how implementors
    87. 

  87. // can generate access tokens for Kafka broker authentication.
    88. 

  88. type AccessTokenProvider interface {
    89. 

  89. 	// Token returns an access token. The implementation should ensure token
    90. 

  90. 	// reuse so that multiple calls at connect time do not create multiple
    91. 

  91. 	// tokens. The implementation should also periodically refresh the token in
    92. 

  92. 	// order to guarantee that each call returns an unexpired token.  This
    93. 

  93. 	// method should not block indefinitely--a timeout error should be returned
    94. 

  94. 	// after a short period of inactivity so that the broker connection logic
    95. 

  95. 	// can log debugging information and retry.
    96. 

  96. 	Token() (*AccessToken, error)
    97. 

  97. }
    98. 

  98. 

  99. // SCRAMClient is a an interface to a SCRAM
    100. 

  100. // client implementation.
    101. 

  101. type SCRAMClient interface {
    102. 

  102. 	// Begin prepares the client for the SCRAM exchange
    103. 

  103. 	// with the server with a user name and a password
    104. 

  104. 	Begin(userName, password, authzID string) error
    105. 

  105. 	// Step steps client through the SCRAM exchange. It is
    106. 

  106. 	// called repeatedly until it errors or `Done` returns true.
    107. 

  107. 	Step(challenge string) (response string, err error)
    108. 

  108. 	// Done should return true when the SCRAM conversation
    109. 

  109. 	// is over.
    110. 

  110. 	Done() bool
    111. 

  111. }
    112. 

  112. 

  113. type responsePromise struct {
    114. 

  114. 	requestTime   time.Time
    115. 

  115. 	correlationID int32
    116. 

  116. 	packets       chan []byte
    117. 

  117. 	errors        chan error
    118. 

  118. }
    119. 

  119. 

  120. // NewBroker creates and returns a Broker targeting the given host:port address.
    121. 

  121. // This does not attempt to actually connect, you have to call Open() for that.
    122. 

  122. func NewBroker(addr string) *Broker {
    123. 

  123. 	return &Broker{id: -1, addr: addr}
    124. 

  124. }
    125. 

  125. 

  126. // Open tries to connect to the Broker if it is not already connected or connecting, but does not block
    127. 

  127. // waiting for the connection to complete. This means that any subsequent operations on the broker will
    128. 

  128. // block waiting for the connection to succeed or fail. To get the effect of a fully synchronous Open call,
    129. 

  129. // follow it by a call to Connected(). The only errors Open will return directly are ConfigurationError or
    130. 

  130. // AlreadyConnected. If conf is nil, the result of NewConfig() is used.
    131. 

  131. func (b *Broker) Open(conf *Config) error {
    132. 

  132. 	if !atomic.CompareAndSwapInt32(&b.opened, 0, 1) {
    133. 

  133. 		return ErrAlreadyConnected
    134. 

  134. 	}
    135. 

  135. 

  136. 	if conf == nil {
    137. 

  137. 		conf = NewConfig()
    138. 

  138. 	}
    139. 

  139. 

  140. 	err := conf.Validate()
    141. 

  141. 	if err != nil {
    142. 

  142. 		return err
    143. 

  143. 	}
    144. 

  144. 

  145. 	b.lock.Lock()
    146. 

  146. 

  147. 	go withRecover(func() {
    148. 

  148. 		defer b.lock.Unlock()
    149. 

  149. 

  150. 		dialer := net.Dialer{
    151. 

  151. 			Timeout:   conf.Net.DialTimeout,
    152. 

  152. 			KeepAlive: conf.Net.KeepAlive,
    153. 

  153. 			LocalAddr: conf.Net.LocalAddr,
    154. 

  154. 		}
    155. 

  155. 

  156. 		if conf.Net.TLS.Enable {
    157. 

  157. 			b.conn, b.connErr = tls.DialWithDialer(&dialer, "tcp", b.addr, conf.Net.TLS.Config)
    158. 

  158. 		} else {
    159. 

  159. 			b.conn, b.connErr = dialer.Dial("tcp", b.addr)
    160. 

  160. 		}
    161. 

  161. 		if b.connErr != nil {
    162. 

  162. 			Logger.Printf("Failed to connect to broker %s: %s\n", b.addr, b.connErr)
    163. 

  163. 			b.conn = nil
    164. 

  164. 			atomic.StoreInt32(&b.opened, 0)
    165. 

  165. 			return
    166. 

  166. 		}
    167. 

  167. 		b.conn = newBufConn(b.conn)
    168. 

  168. 

  169. 		b.conf = conf
    170. 

  170. 

  171. 		// Create or reuse the global metrics shared between brokers
    172. 

  172. 		b.incomingByteRate = metrics.GetOrRegisterMeter("incoming-byte-rate", conf.MetricRegistry)
    173. 

  173. 		b.requestRate = metrics.GetOrRegisterMeter("request-rate", conf.MetricRegistry)
    174. 

  174. 		b.requestSize = getOrRegisterHistogram("request-size", conf.MetricRegistry)
    175. 

  175. 		b.requestLatency = getOrRegisterHistogram("request-latency-in-ms", conf.MetricRegistry)
    176. 

  176. 		b.outgoingByteRate = metrics.GetOrRegisterMeter("outgoing-byte-rate", conf.MetricRegistry)
    177. 

  177. 		b.responseRate = metrics.GetOrRegisterMeter("response-rate", conf.MetricRegistry)
    178. 

  178. 		b.responseSize = getOrRegisterHistogram("response-size", conf.MetricRegistry)
    179. 

  179. 		// Do not gather metrics for seeded broker (only used during bootstrap) because they share
    180. 

  180. 		// the same id (-1) and are already exposed through the global metrics above
    181. 

  181. 		if b.id >= 0 {
    182. 

  182. 			b.brokerIncomingByteRate = getOrRegisterBrokerMeter("incoming-byte-rate", b, conf.MetricRegistry)
    183. 

  183. 			b.brokerRequestRate = getOrRegisterBrokerMeter("request-rate", b, conf.MetricRegistry)
    184. 

  184. 			b.brokerRequestSize = getOrRegisterBrokerHistogram("request-size", b, conf.MetricRegistry)
    185. 

  185. 			b.brokerRequestLatency = getOrRegisterBrokerHistogram("request-latency-in-ms", b, conf.MetricRegistry)
    186. 

  186. 			b.brokerOutgoingByteRate = getOrRegisterBrokerMeter("outgoing-byte-rate", b, conf.MetricRegistry)
    187. 

  187. 			b.brokerResponseRate = getOrRegisterBrokerMeter("response-rate", b, conf.MetricRegistry)
    188. 

  188. 			b.brokerResponseSize = getOrRegisterBrokerHistogram("response-size", b, conf.MetricRegistry)
    189. 

  189. 		}
    190. 

  190. 

  191. 		if conf.Net.SASL.Enable {
    192. 

  192. 

  193. 			b.connErr = b.authenticateViaSASL()
    194. 

  194. 

  195. 			if b.connErr != nil {
    196. 

  196. 				err = b.conn.Close()
    197. 

  197. 				if err == nil {
    198. 

  198. 					Logger.Printf("Closed connection to broker %s\n", b.addr)
    199. 

  199. 				} else {
    200. 

  200. 					Logger.Printf("Error while closing connection to broker %s: %s\n", b.addr, err)
    201. 

  201. 				}
    202. 

  202. 				b.conn = nil
    203. 

  203. 				atomic.StoreInt32(&b.opened, 0)
    204. 

  204. 				return
    205. 

  205. 			}
    206. 

  206. 		}
    207. 

  207. 

  208. 		b.done = make(chan bool)
    209. 

  209. 		b.responses = make(chan responsePromise, b.conf.Net.MaxOpenRequests-1)
    210. 

  210. 

  211. 		if b.id >= 0 {
    212. 

  212. 			Logger.Printf("Connected to broker at %s (registered as #%d)\n", b.addr, b.id)
    213. 

  213. 		} else {
    214. 

  214. 			Logger.Printf("Connected to broker at %s (unregistered)\n", b.addr)
    215. 

  215. 		}
    216. 

  216. 		go withRecover(b.responseReceiver)
    217. 

  217. 	})
    218. 

  218. 

  219. 	return nil
    220. 

  220. }
    221. 

  221. 

  222. // Connected returns true if the broker is connected and false otherwise. If the broker is not
    223. 

  223. // connected but it had tried to connect, the error from that connection attempt is also returned.
    224. 

  224. func (b *Broker) Connected() (bool, error) {
    225. 

  225. 	b.lock.Lock()
    226. 

  226. 	defer b.lock.Unlock()
    227. 

  227. 

  228. 	return b.conn != nil, b.connErr
    229. 

  229. }
    230. 

  230. 

  231. func (b *Broker) Close() error {
    232. 

  232. 	b.lock.Lock()
    233. 

  233. 	defer b.lock.Unlock()
    234. 

  234. 

  235. 	if b.conn == nil {
    236. 

  236. 		return ErrNotConnected
    237. 

  237. 	}
    238. 

  238. 

  239. 	close(b.responses)
    240. 

  240. 	<-b.done
    241. 

  241. 

  242. 	err := b.conn.Close()
    243. 

  243. 

  244. 	b.conn = nil
    245. 

  245. 	b.connErr = nil
    246. 

  246. 	b.done = nil
    247. 

  247. 	b.responses = nil
    248. 

  248. 

  249. 	if b.id >= 0 {
    250. 

  250. 		b.conf.MetricRegistry.Unregister(getMetricNameForBroker("incoming-byte-rate", b))
    251. 

  251. 		b.conf.MetricRegistry.Unregister(getMetricNameForBroker("request-rate", b))
    252. 

  252. 		b.conf.MetricRegistry.Unregister(getMetricNameForBroker("outgoing-byte-rate", b))
    253. 

  253. 		b.conf.MetricRegistry.Unregister(getMetricNameForBroker("response-rate", b))
    254. 

  254. 	}
    255. 

  255. 

  256. 	if err == nil {
    257. 

  257. 		Logger.Printf("Closed connection to broker %s\n", b.addr)
    258. 

  258. 	} else {
    259. 

  259. 		Logger.Printf("Error while closing connection to broker %s: %s\n", b.addr, err)
    260. 

  260. 	}
    261. 

  261. 

  262. 	atomic.StoreInt32(&b.opened, 0)
    263. 

  263. 

  264. 	return err
    265. 

  265. }
    266. 

  266. 

  267. // ID returns the broker ID retrieved from Kafka's metadata, or -1 if that is not known.
    268. 

  268. func (b *Broker) ID() int32 {
    269. 

  269. 	return b.id
    270. 

  270. }
    271. 

  271. 

  272. // Addr returns the broker address as either retrieved from Kafka's metadata or passed to NewBroker.
    273. 

  273. func (b *Broker) Addr() string {
    274. 

  274. 	return b.addr
    275. 

  275. }
    276. 

  276. 

  277. // Rack returns the broker's rack as retrieved from Kafka's metadata or the
    278. 

  278. // empty string if it is not known.  The returned value corresponds to the
    279. 

  279. // broker's broker.rack configuration setting.  Requires protocol version to be
    280. 

  280. // at least v0.10.0.0.
    281. 

  281. func (b *Broker) Rack() string {
    282. 

  282. 	if b.rack == nil {
    283. 

  283. 		return ""
    284. 

  284. 	}
    285. 

  285. 	return *b.rack
    286. 

  286. }
    287. 

  287. 

  288. func (b *Broker) GetMetadata(request *MetadataRequest) (*MetadataResponse, error) {
    289. 

  289. 	response := new(MetadataResponse)
    290. 

  290. 

  291. 	err := b.sendAndReceive(request, response)
    292. 

  292. 

  293. 	if err != nil {
    294. 

  294. 		return nil, err
    295. 

  295. 	}
    296. 

  296. 

  297. 	return response, nil
    298. 

  298. }
    299. 

  299. 

  300. func (b *Broker) GetConsumerMetadata(request *ConsumerMetadataRequest) (*ConsumerMetadataResponse, error) {
    301. 

  301. 	response := new(ConsumerMetadataResponse)
    302. 

  302. 

  303. 	err := b.sendAndReceive(request, response)
    304. 

  304. 

  305. 	if err != nil {
    306. 

  306. 		return nil, err
    307. 

  307. 	}
    308. 

  308. 

  309. 	return response, nil
    310. 

  310. }
    311. 

  311. 

  312. func (b *Broker) FindCoordinator(request *FindCoordinatorRequest) (*FindCoordinatorResponse, error) {
    313. 

  313. 	response := new(FindCoordinatorResponse)
    314. 

  314. 

  315. 	err := b.sendAndReceive(request, response)
    316. 

  316. 

  317. 	if err != nil {
    318. 

  318. 		return nil, err
    319. 

  319. 	}
    320. 

  320. 

  321. 	return response, nil
    322. 

  322. }
    323. 

  323. 

  324. func (b *Broker) GetAvailableOffsets(request *OffsetRequest) (*OffsetResponse, error) {
    325. 

  325. 	response := new(OffsetResponse)
    326. 

  326. 

  327. 	err := b.sendAndReceive(request, response)
    328. 

  328. 

  329. 	if err != nil {
    330. 

  330. 		return nil, err
    331. 

  331. 	}
    332. 

  332. 

  333. 	return response, nil
    334. 

  334. }
    335. 

  335. 

  336. func (b *Broker) Produce(request *ProduceRequest) (*ProduceResponse, error) {
    337. 

  337. 	var response *ProduceResponse
    338. 

  338. 	var err error
    339. 

  339. 

  340. 	if request.RequiredAcks == NoResponse {
    341. 

  341. 		err = b.sendAndReceive(request, nil)
    342. 

  342. 	} else {
    343. 

  343. 		response = new(ProduceResponse)
    344. 

  344. 		err = b.sendAndReceive(request, response)
    345. 

  345. 	}
    346. 

  346. 

  347. 	if err != nil {
    348. 

  348. 		return nil, err
    349. 

  349. 	}
    350. 

  350. 

  351. 	return response, nil
    352. 

  352. }
    353. 

  353. 

  354. func (b *Broker) Fetch(request *FetchRequest) (*FetchResponse, error) {
    355. 

  355. 	response := new(FetchResponse)
    356. 

  356. 

  357. 	err := b.sendAndReceive(request, response)
    358. 

  358. 

  359. 	if err != nil {
    360. 

  360. 		return nil, err
    361. 

  361. 	}
    362. 

  362. 

  363. 	return response, nil
    364. 

  364. }
    365. 

  365. 

  366. func (b *Broker) CommitOffset(request *OffsetCommitRequest) (*OffsetCommitResponse, error) {
    367. 

  367. 	response := new(OffsetCommitResponse)
    368. 

  368. 

  369. 	err := b.sendAndReceive(request, response)
    370. 

  370. 

  371. 	if err != nil {
    372. 

  372. 		return nil, err
    373. 

  373. 	}
    374. 

  374. 

  375. 	return response, nil
    376. 

  376. }
    377. 

  377. 

  378. func (b *Broker) FetchOffset(request *OffsetFetchRequest) (*OffsetFetchResponse, error) {
    379. 

  379. 	response := new(OffsetFetchResponse)
    380. 

  380. 

  381. 	err := b.sendAndReceive(request, response)
    382. 

  382. 

  383. 	if err != nil {
    384. 

  384. 		return nil, err
    385. 

  385. 	}
    386. 

  386. 

  387. 	return response, nil
    388. 

  388. }
    389. 

  389. 

  390. func (b *Broker) JoinGroup(request *JoinGroupRequest) (*JoinGroupResponse, error) {
    391. 

  391. 	response := new(JoinGroupResponse)
    392. 

  392. 

  393. 	err := b.sendAndReceive(request, response)
    394. 

  394. 	if err != nil {
    395. 

  395. 		return nil, err
    396. 

  396. 	}
    397. 

  397. 

  398. 	return response, nil
    399. 

  399. }
    400. 

  400. 

  401. func (b *Broker) SyncGroup(request *SyncGroupRequest) (*SyncGroupResponse, error) {
    402. 

  402. 	response := new(SyncGroupResponse)
    403. 

  403. 

  404. 	err := b.sendAndReceive(request, response)
    405. 

  405. 	if err != nil {
    406. 

  406. 		return nil, err
    407. 

  407. 	}
    408. 

  408. 

  409. 	return response, nil
    410. 

  410. }
    411. 

  411. 

  412. func (b *Broker) LeaveGroup(request *LeaveGroupRequest) (*LeaveGroupResponse, error) {
    413. 

  413. 	response := new(LeaveGroupResponse)
    414. 

  414. 

  415. 	err := b.sendAndReceive(request, response)
    416. 

  416. 	if err != nil {
    417. 

  417. 		return nil, err
    418. 

  418. 	}
    419. 

  419. 

  420. 	return response, nil
    421. 

  421. }
    422. 

  422. 

  423. func (b *Broker) Heartbeat(request *HeartbeatRequest) (*HeartbeatResponse, error) {
    424. 

  424. 	response := new(HeartbeatResponse)
    425. 

  425. 

  426. 	err := b.sendAndReceive(request, response)
    427. 

  427. 	if err != nil {
    428. 

  428. 		return nil, err
    429. 

  429. 	}
    430. 

  430. 

  431. 	return response, nil
    432. 

  432. }
    433. 

  433. 

  434. func (b *Broker) ListGroups(request *ListGroupsRequest) (*ListGroupsResponse, error) {
    435. 

  435. 	response := new(ListGroupsResponse)
    436. 

  436. 

  437. 	err := b.sendAndReceive(request, response)
    438. 

  438. 	if err != nil {
    439. 

  439. 		return nil, err
    440. 

  440. 	}
    441. 

  441. 

  442. 	return response, nil
    443. 

  443. }
    444. 

  444. 

  445. func (b *Broker) DescribeGroups(request *DescribeGroupsRequest) (*DescribeGroupsResponse, error) {
    446. 

  446. 	response := new(DescribeGroupsResponse)
    447. 

  447. 

  448. 	err := b.sendAndReceive(request, response)
    449. 

  449. 	if err != nil {
    450. 

  450. 		return nil, err
    451. 

  451. 	}
    452. 

  452. 

  453. 	return response, nil
    454. 

  454. }
    455. 

  455. 

  456. func (b *Broker) ApiVersions(request *ApiVersionsRequest) (*ApiVersionsResponse, error) {
    457. 

  457. 	response := new(ApiVersionsResponse)
    458. 

  458. 

  459. 	err := b.sendAndReceive(request, response)
    460. 

  460. 	if err != nil {
    461. 

  461. 		return nil, err
    462. 

  462. 	}
    463. 

  463. 

  464. 	return response, nil
    465. 

  465. }
    466. 

  466. 

  467. func (b *Broker) CreateTopics(request *CreateTopicsRequest) (*CreateTopicsResponse, error) {
    468. 

  468. 	response := new(CreateTopicsResponse)
    469. 

  469. 

  470. 	err := b.sendAndReceive(request, response)
    471. 

  471. 	if err != nil {
    472. 

  472. 		return nil, err
    473. 

  473. 	}
    474. 

  474. 

  475. 	return response, nil
    476. 

  476. }
    477. 

  477. 

  478. func (b *Broker) DeleteTopics(request *DeleteTopicsRequest) (*DeleteTopicsResponse, error) {
    479. 

  479. 	response := new(DeleteTopicsResponse)
    480. 

  480. 

  481. 	err := b.sendAndReceive(request, response)
    482. 

  482. 	if err != nil {
    483. 

  483. 		return nil, err
    484. 

  484. 	}
    485. 

  485. 

  486. 	return response, nil
    487. 

  487. }
    488. 

  488. 

  489. func (b *Broker) CreatePartitions(request *CreatePartitionsRequest) (*CreatePartitionsResponse, error) {
    490. 

  490. 	response := new(CreatePartitionsResponse)
    491. 

  491. 

  492. 	err := b.sendAndReceive(request, response)
    493. 

  493. 	if err != nil {
    494. 

  494. 		return nil, err
    495. 

  495. 	}
    496. 

  496. 

  497. 	return response, nil
    498. 

  498. }
    499. 

  499. 

  500. func (b *Broker) DeleteRecords(request *DeleteRecordsRequest) (*DeleteRecordsResponse, error) {
    501. 

  501. 	response := new(DeleteRecordsResponse)
    502. 

  502. 

  503. 	err := b.sendAndReceive(request, response)
    504. 

  504. 	if err != nil {
    505. 

  505. 		return nil, err
    506. 

  506. 	}
    507. 

  507. 

  508. 	return response, nil
    509. 

  509. }
    510. 

  510. 

  511. func (b *Broker) DescribeAcls(request *DescribeAclsRequest) (*DescribeAclsResponse, error) {
    512. 

  512. 	response := new(DescribeAclsResponse)
    513. 

  513. 

  514. 	err := b.sendAndReceive(request, response)
    515. 

  515. 	if err != nil {
    516. 

  516. 		return nil, err
    517. 

  517. 	}
    518. 

  518. 

  519. 	return response, nil
    520. 

  520. }
    521. 

  521. 

  522. func (b *Broker) CreateAcls(request *CreateAclsRequest) (*CreateAclsResponse, error) {
    523. 

  523. 	response := new(CreateAclsResponse)
    524. 

  524. 

  525. 	err := b.sendAndReceive(request, response)
    526. 

  526. 	if err != nil {
    527. 

  527. 		return nil, err
    528. 

  528. 	}
    529. 

  529. 

  530. 	return response, nil
    531. 

  531. }
    532. 

  532. 

  533. func (b *Broker) DeleteAcls(request *DeleteAclsRequest) (*DeleteAclsResponse, error) {
    534. 

  534. 	response := new(DeleteAclsResponse)
    535. 

  535. 

  536. 	err := b.sendAndReceive(request, response)
    537. 

  537. 	if err != nil {
    538. 

  538. 		return nil, err
    539. 

  539. 	}
    540. 

  540. 

  541. 	return response, nil
    542. 

  542. }
    543. 

  543. 

  544. func (b *Broker) InitProducerID(request *InitProducerIDRequest) (*InitProducerIDResponse, error) {
    545. 

  545. 	response := new(InitProducerIDResponse)
    546. 

  546. 

  547. 	err := b.sendAndReceive(request, response)
    548. 

  548. 	if err != nil {
    549. 

  549. 		return nil, err
    550. 

  550. 	}
    551. 

  551. 

  552. 	return response, nil
    553. 

  553. }
    554. 

  554. 

  555. func (b *Broker) AddPartitionsToTxn(request *AddPartitionsToTxnRequest) (*AddPartitionsToTxnResponse, error) {
    556. 

  556. 	response := new(AddPartitionsToTxnResponse)
    557. 

  557. 

  558. 	err := b.sendAndReceive(request, response)
    559. 

  559. 	if err != nil {
    560. 

  560. 		return nil, err
    561. 

  561. 	}
    562. 

  562. 

  563. 	return response, nil
    564. 

  564. }
    565. 

  565. 

  566. func (b *Broker) AddOffsetsToTxn(request *AddOffsetsToTxnRequest) (*AddOffsetsToTxnResponse, error) {
    567. 

  567. 	response := new(AddOffsetsToTxnResponse)
    568. 

  568. 

  569. 	err := b.sendAndReceive(request, response)
    570. 

  570. 	if err != nil {
    571. 

  571. 		return nil, err
    572. 

  572. 	}
    573. 

  573. 

  574. 	return response, nil
    575. 

  575. }
    576. 

  576. 

  577. func (b *Broker) EndTxn(request *EndTxnRequest) (*EndTxnResponse, error) {
    578. 

  578. 	response := new(EndTxnResponse)
    579. 

  579. 

  580. 	err := b.sendAndReceive(request, response)
    581. 

  581. 	if err != nil {
    582. 

  582. 		return nil, err
    583. 

  583. 	}
    584. 

  584. 

  585. 	return response, nil
    586. 

  586. }
    587. 

  587. 

  588. func (b *Broker) TxnOffsetCommit(request *TxnOffsetCommitRequest) (*TxnOffsetCommitResponse, error) {
    589. 

  589. 	response := new(TxnOffsetCommitResponse)
    590. 

  590. 

  591. 	err := b.sendAndReceive(request, response)
    592. 

  592. 	if err != nil {
    593. 

  593. 		return nil, err
    594. 

  594. 	}
    595. 

  595. 

  596. 	return response, nil
    597. 

  597. }
    598. 

  598. 

  599. func (b *Broker) DescribeConfigs(request *DescribeConfigsRequest) (*DescribeConfigsResponse, error) {
    600. 

  600. 	response := new(DescribeConfigsResponse)
    601. 

  601. 

  602. 	err := b.sendAndReceive(request, response)
    603. 

  603. 	if err != nil {
    604. 

  604. 		return nil, err
    605. 

  605. 	}
    606. 

  606. 

  607. 	return response, nil
    608. 

  608. }
    609. 

  609. 

  610. func (b *Broker) AlterConfigs(request *AlterConfigsRequest) (*AlterConfigsResponse, error) {
    611. 

  611. 	response := new(AlterConfigsResponse)
    612. 

  612. 

  613. 	err := b.sendAndReceive(request, response)
    614. 

  614. 	if err != nil {
    615. 

  615. 		return nil, err
    616. 

  616. 	}
    617. 

  617. 

  618. 	return response, nil
    619. 

  619. }
    620. 

  620. 

  621. func (b *Broker) DeleteGroups(request *DeleteGroupsRequest) (*DeleteGroupsResponse, error) {
    622. 

  622. 	response := new(DeleteGroupsResponse)
    623. 

  623. 

  624. 	if err := b.sendAndReceive(request, response); err != nil {
    625. 

  625. 		return nil, err
    626. 

  626. 	}
    627. 

  627. 

  628. 	return response, nil
    629. 

  629. }
    630. 

  630. 

  631. func (b *Broker) send(rb protocolBody, promiseResponse bool) (*responsePromise, error) {
    632. 

  632. 	b.lock.Lock()
    633. 

  633. 	defer b.lock.Unlock()
    634. 

  634. 

  635. 	if b.conn == nil {
    636. 

  636. 		if b.connErr != nil {
    637. 

  637. 			return nil, b.connErr
    638. 

  638. 		}
    639. 

  639. 		return nil, ErrNotConnected
    640. 

  640. 	}
    641. 

  641. 

  642. 	if !b.conf.Version.IsAtLeast(rb.requiredVersion()) {
    643. 

  643. 		return nil, ErrUnsupportedVersion
    644. 

  644. 	}
    645. 

  645. 

  646. 	req := &request{correlationID: b.correlationID, clientID: b.conf.ClientID, body: rb}
    647. 

  647. 	buf, err := encode(req, b.conf.MetricRegistry)
    648. 

  648. 	if err != nil {
    649. 

  649. 		return nil, err
    650. 

  650. 	}
    651. 

  651. 

  652. 	err = b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout))
    653. 

  653. 	if err != nil {
    654. 

  654. 		return nil, err
    655. 

  655. 	}
    656. 

  656. 

  657. 	requestTime := time.Now()
    658. 

  658. 	bytes, err := b.conn.Write(buf)
    659. 

  659. 	b.updateOutgoingCommunicationMetrics(bytes)
    660. 

  660. 	if err != nil {
    661. 

  661. 		return nil, err
    662. 

  662. 	}
    663. 

  663. 	b.correlationID++
    664. 

  664. 

  665. 	if !promiseResponse {
    666. 

  666. 		// Record request latency without the response
    667. 

  667. 		b.updateRequestLatencyMetrics(time.Since(requestTime))
    668. 

  668. 		return nil, nil
    669. 

  669. 	}
    670. 

  670. 

  671. 	promise := responsePromise{requestTime, req.correlationID, make(chan []byte), make(chan error)}
    672. 

  672. 	b.responses <- promise
    673. 

  673. 

  674. 	return &promise, nil
    675. 

  675. }
    676. 

  676. 

  677. func (b *Broker) sendAndReceive(req protocolBody, res versionedDecoder) error {
    678. 

  678. 	promise, err := b.send(req, res != nil)
    679. 

  679. 

  680. 	if err != nil {
    681. 

  681. 		return err
    682. 

  682. 	}
    683. 

  683. 

  684. 	if promise == nil {
    685. 

  685. 		return nil
    686. 

  686. 	}
    687. 

  687. 

  688. 	select {
    689. 

  689. 	case buf := <-promise.packets:
    690. 

  690. 		return versionedDecode(buf, res, req.version())
    691. 

  691. 	case err = <-promise.errors:
    692. 

  692. 		return err
    693. 

  693. 	}
    694. 

  694. }
    695. 

  695. 

  696. func (b *Broker) decode(pd packetDecoder, version int16) (err error) {
    697. 

  697. 	b.id, err = pd.getInt32()
    698. 

  698. 	if err != nil {
    699. 

  699. 		return err
    700. 

  700. 	}
    701. 

  701. 

  702. 	host, err := pd.getString()
    703. 

  703. 	if err != nil {
    704. 

  704. 		return err
    705. 

  705. 	}
    706. 

  706. 

  707. 	port, err := pd.getInt32()
    708. 

  708. 	if err != nil {
    709. 

  709. 		return err
    710. 

  710. 	}
    711. 

  711. 

  712. 	if version >= 1 {
    713. 

  713. 		b.rack, err = pd.getNullableString()
    714. 

  714. 		if err != nil {
    715. 

  715. 			return err
    716. 

  716. 		}
    717. 

  717. 	}
    718. 

  718. 

  719. 	b.addr = net.JoinHostPort(host, fmt.Sprint(port))
    720. 

  720. 	if _, _, err := net.SplitHostPort(b.addr); err != nil {
    721. 

  721. 		return err
    722. 

  722. 	}
    723. 

  723. 

  724. 	return nil
    725. 

  725. }
    726. 

  726. 

  727. func (b *Broker) encode(pe packetEncoder, version int16) (err error) {
    728. 

  728. 

  729. 	host, portstr, err := net.SplitHostPort(b.addr)
    730. 

  730. 	if err != nil {
    731. 

  731. 		return err
    732. 

  732. 	}
    733. 

  733. 	port, err := strconv.Atoi(portstr)
    734. 

  734. 	if err != nil {
    735. 

  735. 		return err
    736. 

  736. 	}
    737. 

  737. 

  738. 	pe.putInt32(b.id)
    739. 

  739. 

  740. 	err = pe.putString(host)
    741. 

  741. 	if err != nil {
    742. 

  742. 		return err
    743. 

  743. 	}
    744. 

  744. 

  745. 	pe.putInt32(int32(port))
    746. 

  746. 

  747. 	if version >= 1 {
    748. 

  748. 		err = pe.putNullableString(b.rack)
    749. 

  749. 		if err != nil {
    750. 

  750. 			return err
    751. 

  751. 		}
    752. 

  752. 	}
    753. 

  753. 

  754. 	return nil
    755. 

  755. }
    756. 

  756. 

  757. func (b *Broker) responseReceiver() {
    758. 

  758. 	var dead error
    759. 

  759. 	header := make([]byte, 8)
    760. 

  760. 	for response := range b.responses {
    761. 

  761. 		if dead != nil {
    762. 

  762. 			response.errors <- dead
    763. 

  763. 			continue
    764. 

  764. 		}
    765. 

  765. 

  766. 		err := b.conn.SetReadDeadline(time.Now().Add(b.conf.Net.ReadTimeout))
    767. 

  767. 		if err != nil {
    768. 

  768. 			dead = err
    769. 

  769. 			response.errors <- err
    770. 

  770. 			continue
    771. 

  771. 		}
    772. 

  772. 

  773. 		bytesReadHeader, err := io.ReadFull(b.conn, header)
    774. 

  774. 		requestLatency := time.Since(response.requestTime)
    775. 

  775. 		if err != nil {
    776. 

  776. 			b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)
    777. 

  777. 			dead = err
    778. 

  778. 			response.errors <- err
    779. 

  779. 			continue
    780. 

  780. 		}
    781. 

  781. 

  782. 		decodedHeader := responseHeader{}
    783. 

  783. 		err = decode(header, &decodedHeader)
    784. 

  784. 		if err != nil {
    785. 

  785. 			b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)
    786. 

  786. 			dead = err
    787. 

  787. 			response.errors <- err
    788. 

  788. 			continue
    789. 

  789. 		}
    790. 

  790. 		if decodedHeader.correlationID != response.correlationID {
    791. 

  791. 			b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)
    792. 

  792. 			// TODO if decoded ID < cur ID, discard until we catch up
    793. 

  793. 			// TODO if decoded ID > cur ID, save it so when cur ID catches up we have a response
    794. 

  794. 			dead = PacketDecodingError{fmt.Sprintf("correlation ID didn't match, wanted %d, got %d", response.correlationID, decodedHeader.correlationID)}
    795. 

  795. 			response.errors <- dead
    796. 

  796. 			continue
    797. 

  797. 		}
    798. 

  798. 

  799. 		buf := make([]byte, decodedHeader.length-4)
    800. 

  800. 		bytesReadBody, err := io.ReadFull(b.conn, buf)
    801. 

  801. 		b.updateIncomingCommunicationMetrics(bytesReadHeader+bytesReadBody, requestLatency)
    802. 

  802. 		if err != nil {
    803. 

  803. 			dead = err
    804. 

  804. 			response.errors <- err
    805. 

  805. 			continue
    806. 

  806. 		}
    807. 

  807. 

  808. 		response.packets <- buf
    809. 

  809. 	}
    810. 

  810. 	close(b.done)
    811. 

  811. }
    812. 

  812. 

  813. func (b *Broker) authenticateViaSASL() error {
    814. 

  814. 	switch b.conf.Net.SASL.Mechanism {
    815. 

  815. 	case SASLTypeOAuth:
    816. 

  816. 		return b.sendAndReceiveSASLOAuth(b.conf.Net.SASL.TokenProvider)
    817. 

  817. 	case SASLTypeSCRAMSHA256, SASLTypeSCRAMSHA512:
    818. 

  818. 		return b.sendAndReceiveSASLSCRAMv1()
    819. 

  819. 	default:
    820. 

  820. 		return b.sendAndReceiveSASLPlainAuth()
    821. 

  821. 	}
    822. 

  822. 

  823. }
    824. 

  824. 

  825. func (b *Broker) sendAndReceiveSASLHandshake(saslType SASLMechanism, version int16) error {
    826. 

  826. 	rb := &SaslHandshakeRequest{Mechanism: string(saslType), Version: version}
    827. 

  827. 

  828. 	req := &request{correlationID: b.correlationID, clientID: b.conf.ClientID, body: rb}
    829. 

  829. 	buf, err := encode(req, b.conf.MetricRegistry)
    830. 

  830. 	if err != nil {
    831. 

  831. 		return err
    832. 

  832. 	}
    833. 

  833. 

  834. 	err = b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout))
    835. 

  835. 	if err != nil {
    836. 

  836. 		return err
    837. 

  837. 	}
    838. 

  838. 

  839. 	requestTime := time.Now()
    840. 

  840. 	bytes, err := b.conn.Write(buf)
    841. 

  841. 	b.updateOutgoingCommunicationMetrics(bytes)
    842. 

  842. 	if err != nil {
    843. 

  843. 		Logger.Printf("Failed to send SASL handshake %s: %s\n", b.addr, err.Error())
    844. 

  844. 		return err
    845. 

  845. 	}
    846. 

  846. 	b.correlationID++
    847. 

  847. 	//wait for the response
    848. 

  848. 	header := make([]byte, 8) // response header
    849. 

  849. 	_, err = io.ReadFull(b.conn, header)
    850. 

  850. 	if err != nil {
    851. 

  851. 		Logger.Printf("Failed to read SASL handshake header : %s\n", err.Error())
    852. 

  852. 		return err
    853. 

  853. 	}
    854. 

  854. 	length := binary.BigEndian.Uint32(header[:4])
    855. 

  855. 	payload := make([]byte, length-4)
    856. 

  856. 	n, err := io.ReadFull(b.conn, payload)
    857. 

  857. 	if err != nil {
    858. 

  858. 		Logger.Printf("Failed to read SASL handshake payload : %s\n", err.Error())
    859. 

  859. 		return err
    860. 

  860. 	}
    861. 

  861. 	b.updateIncomingCommunicationMetrics(n+8, time.Since(requestTime))
    862. 

  862. 	res := &SaslHandshakeResponse{}
    863. 

  863. 	err = versionedDecode(payload, res, 0)
    864. 

  864. 	if err != nil {
    865. 

  865. 		Logger.Printf("Failed to parse SASL handshake : %s\n", err.Error())
    866. 

  866. 		return err
    867. 

  867. 	}
    868. 

  868. 	if res.Err != ErrNoError {
    869. 

  869. 		Logger.Printf("Invalid SASL Mechanism : %s\n", res.Err.Error())
    870. 

  870. 		return res.Err
    871. 

  871. 	}
    872. 

  872. 	Logger.Print("Successful SASL handshake. Available mechanisms: ", res.EnabledMechanisms)
    873. 

  873. 	return nil
    874. 

  874. }
    875. 

  875. 

  876. // Kafka 0.10.0 plans to support SASL Plain and Kerberos as per PR #812 (KIP-43)/(JIRA KAFKA-3149)
    877. 

  877. // Some hosted kafka services such as IBM Message Hub already offer SASL/PLAIN auth with Kafka 0.9
    878. 

  878. //
    879. 

  879. // In SASL Plain, Kafka expects the auth header to be in the following format
    880. 

  880. // Message format (from https://tools.ietf.org/html/rfc4616):
    881. 

  881. //
    882. 

  882. //   message   = [authzid] UTF8NUL authcid UTF8NUL passwd
    883. 

  883. //   authcid   = 1*SAFE ; MUST accept up to 255 octets
    884. 

  884. //   authzid   = 1*SAFE ; MUST accept up to 255 octets
    885. 

  885. //   passwd    = 1*SAFE ; MUST accept up to 255 octets
    886. 

  886. //   UTF8NUL   = %x00 ; UTF-8 encoded NUL character
    887. 

  887. //
    888. 

  888. //   SAFE      = UTF1 / UTF2 / UTF3 / UTF4
    889. 

  889. //                  ;; any UTF-8 encoded Unicode character except NUL
    890. 

  890. //
    891. 

  891. // When credentials are valid, Kafka returns a 4 byte array of null characters.
    892. 

  892. // When credentials are invalid, Kafka closes the connection. This does not seem to be the ideal way
    893. 

  893. // of responding to bad credentials but thats how its being done today.
    894. 

  894. func (b *Broker) sendAndReceiveSASLPlainAuth() error {
    895. 

  895. 	if b.conf.Net.SASL.Handshake {
    896. 

  896. 		handshakeErr := b.sendAndReceiveSASLHandshake(SASLTypePlaintext, SASLHandshakeV0)
    897. 

  897. 		if handshakeErr != nil {
    898. 

  898. 			Logger.Printf("Error while performing SASL handshake %s\n", b.addr)
    899. 

  899. 			return handshakeErr
    900. 

  900. 		}
    901. 

  901. 	}
    902. 

  902. 	length := 1 + len(b.conf.Net.SASL.User) + 1 + len(b.conf.Net.SASL.Password)
    903. 

  903. 	authBytes := make([]byte, length+4) //4 byte length header + auth data
    904. 

  904. 	binary.BigEndian.PutUint32(authBytes, uint32(length))
    905. 

  905. 	copy(authBytes[4:], []byte("\x00"+b.conf.Net.SASL.User+"\x00"+b.conf.Net.SASL.Password))
    906. 

  906. 

  907. 	err := b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout))
    908. 

  908. 	if err != nil {
    909. 

  909. 		Logger.Printf("Failed to set write deadline when doing SASL auth with broker %s: %s\n", b.addr, err.Error())
    910. 

  910. 		return err
    911. 

  911. 	}
    912. 

  912. 

  913. 	requestTime := time.Now()
    914. 

  914. 	bytesWritten, err := b.conn.Write(authBytes)
    915. 

  915. 	b.updateOutgoingCommunicationMetrics(bytesWritten)
    916. 

  916. 	if err != nil {
    917. 

  917. 		Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())
    918. 

  918. 		return err
    919. 

  919. 	}
    920. 

  920. 

  921. 	header := make([]byte, 4)
    922. 

  922. 	n, err := io.ReadFull(b.conn, header)
    923. 

  923. 	b.updateIncomingCommunicationMetrics(n, time.Since(requestTime))
    924. 

  924. 	// If the credentials are valid, we would get a 4 byte response filled with null characters.
    925. 

  925. 	// Otherwise, the broker closes the connection and we get an EOF
    926. 

  926. 	if err != nil {
    927. 

  927. 		Logger.Printf("Failed to read response while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())
    928. 

  928. 		return err
    929. 

  929. 	}
    930. 

  930. 

  931. 	Logger.Printf("SASL authentication successful with broker %s:%v - %v\n", b.addr, n, header)
    932. 

  932. 	return nil
    933. 

  933. }
    934. 

  934. 

  935. // sendAndReceiveSASLOAuth performs the authentication flow as described by KIP-255
    936. 

  936. // https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75968876
    937. 

  937. func (b *Broker) sendAndReceiveSASLOAuth(provider AccessTokenProvider) error {
    938. 

  938. 

  939. 	if err := b.sendAndReceiveSASLHandshake(SASLTypeOAuth, SASLHandshakeV1); err != nil {
    940. 

  940. 		return err
    941. 

  941. 	}
    942. 

  942. 

  943. 	token, err := provider.Token()
    944. 

  944. 

  945. 	if err != nil {
    946. 

  946. 		return err
    947. 

  947. 	}
    948. 

  948. 

  949. 	requestTime := time.Now()
    950. 

  950. 

  951. 	correlationID := b.correlationID
    952. 

  952. 

  953. 	bytesWritten, err := b.sendSASLOAuthBearerClientResponse(token, correlationID)
    954. 

  954. 

  955. 	if err != nil {
    956. 

  956. 		return err
    957. 

  957. 	}
    958. 

  958. 

  959. 	b.updateOutgoingCommunicationMetrics(bytesWritten)
    960. 

  960. 

  961. 	b.correlationID++
    962. 

  962. 

  963. 	bytesRead, err := b.receiveSASLOAuthBearerServerResponse(correlationID)
    964. 

  964. 

  965. 	if err != nil {
    966. 

  966. 		return err
    967. 

  967. 	}
    968. 

  968. 

  969. 	requestLatency := time.Since(requestTime)
    970. 

  970. 	b.updateIncomingCommunicationMetrics(bytesRead, requestLatency)
    971. 

  971. 

  972. 	return nil
    973. 

  973. }
    974. 

  974. 

  975. func (b *Broker) sendAndReceiveSASLSCRAMv1() error {
    976. 

  976. 	if err := b.sendAndReceiveSASLHandshake(b.conf.Net.SASL.Mechanism, SASLHandshakeV1); err != nil {
    977. 

  977. 		return err
    978. 

  978. 	}
    979. 

  979. 

  980. 	scramClient := b.conf.Net.SASL.SCRAMClient
    981. 

  981. 	if err := scramClient.Begin(b.conf.Net.SASL.User, b.conf.Net.SASL.Password, b.conf.Net.SASL.SCRAMAuthzID); err != nil {
    982. 

  982. 		return fmt.Errorf("failed to start SCRAM exchange with the server: %s", err.Error())
    983. 

  983. 	}
    984. 

  984. 

  985. 	msg, err := scramClient.Step("")
    986. 

  986. 	if err != nil {
    987. 

  987. 		return fmt.Errorf("failed to advance the SCRAM exchange: %s", err.Error())
    988. 

  988. 

  989. 	}
    990. 

  990. 

  991. 	for !scramClient.Done() {
    992. 

  992. 		requestTime := time.Now()
    993. 

  993. 		correlationID := b.correlationID
    994. 

  994. 		bytesWritten, err := b.sendSaslAuthenticateRequest(correlationID, []byte(msg))
    995. 

  995. 		if err != nil {
    996. 

  996. 			Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())
    997. 

  997. 			return err
    998. 

  998. 		}
    999. 

  999. 

  1000. 		b.updateOutgoingCommunicationMetrics(bytesWritten)
    1001. 

  1001. 		b.correlationID++
    1002. 

  1002. 		challenge, err := b.receiveSaslAuthenticateResponse(correlationID)
    1003. 

  1003. 		if err != nil {
    1004. 

  1004. 			Logger.Printf("Failed to read response while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())
    1005. 

  1005. 			return err
    1006. 

  1006. 		}
    1007. 

  1007. 

  1008. 		b.updateIncomingCommunicationMetrics(len(challenge), time.Since(requestTime))
    1009. 

  1009. 		msg, err = scramClient.Step(string(challenge))
    1010. 

  1010. 		if err != nil {
    1011. 

  1011. 			Logger.Println("SASL authentication failed", err)
    1012. 

  1012. 			return err
    1013. 

  1013. 		}
    1014. 

  1014. 	}
    1015. 

  1015. 	Logger.Println("SASL authentication succeeded")
    1016. 

  1016. 	return nil
    1017. 

  1017. }
    1018. 

  1018. 

  1019. func (b *Broker) sendSaslAuthenticateRequest(correlationID int32, msg []byte) (int, error) {
    1020. 

  1020. 	rb := &SaslAuthenticateRequest{msg}
    1021. 

  1021. 	req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}
    1022. 

  1022. 	buf, err := encode(req, b.conf.MetricRegistry)
    1023. 

  1023. 	if err != nil {
    1024. 

  1024. 		return 0, err
    1025. 

  1025. 	}
    1026. 

  1026. 	if err := b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout)); err != nil {
    1027. 

  1027. 		return 0, err
    1028. 

  1028. 	}
    1029. 

  1029. 	return b.conn.Write(buf)
    1030. 

  1030. }
    1031. 

  1031. 

  1032. func (b *Broker) receiveSaslAuthenticateResponse(correlationID int32) ([]byte, error) {
    1033. 

  1033. 	buf := make([]byte, responseLengthSize+correlationIDSize)
    1034. 

  1034. 	_, err := io.ReadFull(b.conn, buf)
    1035. 

  1035. 	if err != nil {
    1036. 

  1036. 		return nil, err
    1037. 

  1037. 	}
    1038. 

  1038. 	header := responseHeader{}
    1039. 

  1039. 	err = decode(buf, &header)
    1040. 

  1040. 	if err != nil {
    1041. 

  1041. 		return nil, err
    1042. 

  1042. 	}
    1043. 

  1043. 	if header.correlationID != correlationID {
    1044. 

  1044. 		return nil, fmt.Errorf("correlation ID didn't match, wanted %d, got %d", b.correlationID, header.correlationID)
    1045. 

  1045. 	}
    1046. 

  1046. 	buf = make([]byte, header.length-correlationIDSize)
    1047. 

  1047. 	_, err = io.ReadFull(b.conn, buf)
    1048. 

  1048. 	if err != nil {
    1049. 

  1049. 		return nil, err
    1050. 

  1050. 	}
    1051. 

  1051. 	res := &SaslAuthenticateResponse{}
    1052. 

  1052. 	if err := versionedDecode(buf, res, 0); err != nil {
    1053. 

  1053. 		return nil, err
    1054. 

  1054. 	}
    1055. 

  1055. 	if res.Err != ErrNoError {
    1056. 

  1056. 		return nil, res.Err
    1057. 

  1057. 	}
    1058. 

  1058. 	return res.SaslAuthBytes, nil
    1059. 

  1059. }
    1060. 

  1060. 

  1061. // Build SASL/OAUTHBEARER initial client response as described by RFC-7628
    1062. 

  1062. // https://tools.ietf.org/html/rfc7628
    1063. 

  1063. func buildClientInitialResponse(token *AccessToken) ([]byte, error) {
    1064. 

  1064. 

  1065. 	var ext string
    1066. 

  1066. 

  1067. 	if token.Extensions != nil && len(token.Extensions) > 0 {
    1068. 

  1068. 		if _, ok := token.Extensions[SASLExtKeyAuth]; ok {
    1069. 

  1069. 			return []byte{}, fmt.Errorf("The extension `%s` is invalid", SASLExtKeyAuth)
    1070. 

  1070. 		}
    1071. 

  1071. 		ext = "\x01" + mapToString(token.Extensions, "=", "\x01")
    1072. 

  1072. 	}
    1073. 

  1073. 

  1074. 	resp := []byte(fmt.Sprintf("n,,\x01auth=Bearer %s%s\x01\x01", token.Token, ext))
    1075. 

  1075. 

  1076. 	return resp, nil
    1077. 

  1077. }
    1078. 

  1078. 

  1079. // mapToString returns a list of key-value pairs ordered by key.
    1080. 

  1080. // keyValSep separates the key from the value. elemSep separates each pair.
    1081. 

  1081. func mapToString(extensions map[string]string, keyValSep string, elemSep string) string {
    1082. 

  1082. 

  1083. 	buf := make([]string, 0, len(extensions))
    1084. 

  1084. 

  1085. 	for k, v := range extensions {
    1086. 

  1086. 		buf = append(buf, k+keyValSep+v)
    1087. 

  1087. 	}
    1088. 

  1088. 

  1089. 	sort.Strings(buf)
    1090. 

  1090. 

  1091. 	return strings.Join(buf, elemSep)
    1092. 

  1092. }
    1093. 

  1093. 

  1094. func (b *Broker) sendSASLOAuthBearerClientResponse(token *AccessToken, correlationID int32) (int, error) {
    1095. 

  1095. 

  1096. 	initialResp, err := buildClientInitialResponse(token)
    1097. 

  1097. 

  1098. 	if err != nil {
    1099. 

  1099. 		return 0, err
    1100. 

  1100. 	}
    1101. 

  1101. 

  1102. 	rb := &SaslAuthenticateRequest{initialResp}
    1103. 

  1103. 

  1104. 	req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}
    1105. 

  1105. 

  1106. 	buf, err := encode(req, b.conf.MetricRegistry)
    1107. 

  1107. 

  1108. 	if err != nil {
    1109. 

  1109. 		return 0, err
    1110. 

  1110. 	}
    1111. 

  1111. 

  1112. 	if err := b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout)); err != nil {
    1113. 

  1113. 		return 0, err
    1114. 

  1114. 	}
    1115. 

  1115. 

  1116. 	return b.conn.Write(buf)
    1117. 

  1117. }
    1118. 

  1118. 

  1119. func (b *Broker) receiveSASLOAuthBearerServerResponse(correlationID int32) (int, error) {
    1120. 

  1120. 

  1121. 	buf := make([]byte, 8)
    1122. 

  1122. 

  1123. 	bytesRead, err := io.ReadFull(b.conn, buf)
    1124. 

  1124. 

  1125. 	if err != nil {
    1126. 

  1126. 		return bytesRead, err
    1127. 

  1127. 	}
    1128. 

  1128. 

  1129. 	header := responseHeader{}
    1130. 

  1130. 

  1131. 	err = decode(buf, &header)
    1132. 

  1132. 

  1133. 	if err != nil {
    1134. 

  1134. 		return bytesRead, err
    1135. 

  1135. 	}
    1136. 

  1136. 

  1137. 	if header.correlationID != correlationID {
    1138. 

  1138. 		return bytesRead, fmt.Errorf("correlation ID didn't match, wanted %d, got %d", b.correlationID, header.correlationID)
    1139. 

  1139. 	}
    1140. 

  1140. 

  1141. 	buf = make([]byte, header.length-4)
    1142. 

  1142. 

  1143. 	c, err := io.ReadFull(b.conn, buf)
    1144. 

  1144. 

  1145. 	bytesRead += c
    1146. 

  1146. 

  1147. 	if err != nil {
    1148. 

  1148. 		return bytesRead, err
    1149. 

  1149. 	}
    1150. 

  1150. 

  1151. 	res := &SaslAuthenticateResponse{}
    1152. 

  1152. 

  1153. 	if err := versionedDecode(buf, res, 0); err != nil {
    1154. 

  1154. 		return bytesRead, err
    1155. 

  1155. 	}
    1156. 

  1156. 

  1157. 	if err != nil {
    1158. 

  1158. 		return bytesRead, err
    1159. 

  1159. 	}
    1160. 

  1160. 

  1161. 	if res.Err != ErrNoError {
    1162. 

  1162. 		return bytesRead, res.Err
    1163. 

  1163. 	}
    1164. 

  1164. 

  1165. 	if len(res.SaslAuthBytes) > 0 {
    1166. 

  1166. 		Logger.Printf("Received SASL auth response: %s", res.SaslAuthBytes)
    1167. 

  1167. 	}
    1168. 

  1168. 

  1169. 	return bytesRead, nil
    1170. 

  1170. }
    1171. 

  1171. 

  1172. func (b *Broker) updateIncomingCommunicationMetrics(bytes int, requestLatency time.Duration) {
    1173. 

  1173. 	b.updateRequestLatencyMetrics(requestLatency)
    1174. 

  1174. 	b.responseRate.Mark(1)
    1175. 

  1175. 	if b.brokerResponseRate != nil {
    1176. 

  1176. 		b.brokerResponseRate.Mark(1)
    1177. 

  1177. 	}
    1178. 

  1178. 	responseSize := int64(bytes)
    1179. 

  1179. 	b.incomingByteRate.Mark(responseSize)
    1180. 

  1180. 	if b.brokerIncomingByteRate != nil {
    1181. 

  1181. 		b.brokerIncomingByteRate.Mark(responseSize)
    1182. 

  1182. 	}
    1183. 

  1183. 	b.responseSize.Update(responseSize)
    1184. 

  1184. 	if b.brokerResponseSize != nil {
    1185. 

  1185. 		b.brokerResponseSize.Update(responseSize)
    1186. 

  1186. 	}
    1187. 

  1187. }
    1188. 

  1188. 

  1189. func (b *Broker) updateRequestLatencyMetrics(requestLatency time.Duration) {
    1190. 

  1190. 	requestLatencyInMs := int64(requestLatency / time.Millisecond)
    1191. 

  1191. 	b.requestLatency.Update(requestLatencyInMs)
    1192. 

  1192. 	if b.brokerRequestLatency != nil {
    1193. 

  1193. 		b.brokerRequestLatency.Update(requestLatencyInMs)
    1194. 

  1194. 	}
    1195. 

  1195. }
    1196. 

  1196. 

  1197. func (b *Broker) updateOutgoingCommunicationMetrics(bytes int) {
    1198. 

  1198. 	b.requestRate.Mark(1)
    1199. 

  1199. 	if b.brokerRequestRate != nil {
    1200. 

  1200. 		b.brokerRequestRate.Mark(1)
    1201. 

  1201. 	}
    1202. 

  1202. 	requestSize := int64(bytes)
    1203. 

  1203. 	b.outgoingByteRate.Mark(requestSize)
    1204. 

  1204. 	if b.brokerOutgoingByteRate != nil {
    1205. 

  1205. 		b.brokerOutgoingByteRate.Mark(requestSize)
    1206. 

  1206. 	}
    1207. 

  1207. 	b.requestSize.Update(requestSize)
    1208. 

  1208. 	if b.brokerRequestSize != nil {
    1209. 

  1209. 		b.brokerRequestSize.Update(requestSize)
    1210. 

  1210. 	}
    1211. 

  1211. }
    1212.