Página inicial Explorar Ajuda
Registrar Entrar
publics
/
sarama
0
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Tree: c3d174d3a2
Branches Tags
sarama
/
broker.go

broker.go 38 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374 
  1. package sarama
    2. 

  2. 

  3. import (
    4. 

  4. 	"crypto/tls"
    5. 

  5. 	"encoding/binary"
    6. 

  6. 	"fmt"
    7. 

  7. 	"io"
    8. 

  8. 	"net"
    9. 

  9. 	"sort"
    10. 

  10. 	"strconv"
    11. 

  11. 	"strings"
    12. 

  12. 	"sync"
    13. 

  13. 	"sync/atomic"
    14. 

  14. 	"time"
    15. 

  15. 

  16. 	metrics "github.com/rcrowley/go-metrics"
    17. 

  17. )
    18. 

  18. 

  19. // Broker represents a single Kafka broker connection. All operations on this object are entirely concurrency-safe.
    20. 

  20. type Broker struct {
    21. 

  21. 	conf *Config
    22. 

  22. 	rack *string
    23. 

  23. 

  24. 	id            int32
    25. 

  25. 	addr          string
    26. 

  26. 	correlationID int32
    27. 

  27. 	conn          net.Conn
    28. 

  28. 	connErr       error
    29. 

  29. 	lock          sync.Mutex
    30. 

  30. 	opened        int32
    31. 

  31. 	responses     chan responsePromise
    32. 

  32. 	done          chan bool
    33. 

  33. 

  34. 	registeredMetrics []string
    35. 

  35. 

  36. 	incomingByteRate       metrics.Meter
    37. 

  37. 	requestRate            metrics.Meter
    38. 

  38. 	requestSize            metrics.Histogram
    39. 

  39. 	requestLatency         metrics.Histogram
    40. 

  40. 	outgoingByteRate       metrics.Meter
    41. 

  41. 	responseRate           metrics.Meter
    42. 

  42. 	responseSize           metrics.Histogram
    43. 

  43. 	brokerIncomingByteRate metrics.Meter
    44. 

  44. 	brokerRequestRate      metrics.Meter
    45. 

  45. 	brokerRequestSize      metrics.Histogram
    46. 

  46. 	brokerRequestLatency   metrics.Histogram
    47. 

  47. 	brokerOutgoingByteRate metrics.Meter
    48. 

  48. 	brokerResponseRate     metrics.Meter
    49. 

  49. 	brokerResponseSize     metrics.Histogram
    50. 

  50. 

  51. 	kerberosAuthenticator GSSAPIKerberosAuth
    52. 

  52. }
    53. 

  53. 

  54. // SASLMechanism specifies the SASL mechanism the client uses to authenticate with the broker
    55. 

  55. type SASLMechanism string
    56. 

  56. 

  57. const (
    58. 

  58. 	// SASLTypeOAuth represents the SASL/OAUTHBEARER mechanism (Kafka 2.0.0+)
    59. 

  59. 	SASLTypeOAuth = "OAUTHBEARER"
    60. 

  60. 	// SASLTypePlaintext represents the SASL/PLAIN mechanism
    61. 

  61. 	SASLTypePlaintext = "PLAIN"
    62. 

  62. 	// SASLTypeSCRAMSHA256 represents the SCRAM-SHA-256 mechanism.
    63. 

  63. 	SASLTypeSCRAMSHA256 = "SCRAM-SHA-256"
    64. 

  64. 	// SASLTypeSCRAMSHA512 represents the SCRAM-SHA-512 mechanism.
    65. 

  65. 	SASLTypeSCRAMSHA512 = "SCRAM-SHA-512"
    66. 

  66. 	SASLTypeGSSAPI      = "GSSAPI"
    67. 

  67. 	// SASLHandshakeV0 is v0 of the Kafka SASL handshake protocol. Client and
    68. 

  68. 	// server negotiate SASL auth using opaque packets.
    69. 

  69. 	SASLHandshakeV0 = int16(0)
    70. 

  70. 	// SASLHandshakeV1 is v1 of the Kafka SASL handshake protocol. Client and
    71. 

  71. 	// server negotiate SASL by wrapping tokens with Kafka protocol headers.
    72. 

  72. 	SASLHandshakeV1 = int16(1)
    73. 

  73. 	// SASLExtKeyAuth is the reserved extension key name sent as part of the
    74. 

  74. 	// SASL/OAUTHBEARER intial client response
    75. 

  75. 	SASLExtKeyAuth = "auth"
    76. 

  76. )
    77. 

  77. 

  78. // AccessToken contains an access token used to authenticate a
    79. 

  79. // SASL/OAUTHBEARER client along with associated metadata.
    80. 

  80. type AccessToken struct {
    81. 

  81. 	// Token is the access token payload.
    82. 

  82. 	Token string
    83. 

  83. 	// Extensions is a optional map of arbitrary key-value pairs that can be
    84. 

  84. 	// sent with the SASL/OAUTHBEARER initial client response. These values are
    85. 

  85. 	// ignored by the SASL server if they are unexpected. This feature is only
    86. 

  86. 	// supported by Kafka >= 2.1.0.
    87. 

  87. 	Extensions map[string]string
    88. 

  88. }
    89. 

  89. 

  90. // AccessTokenProvider is the interface that encapsulates how implementors
    91. 

  91. // can generate access tokens for Kafka broker authentication.
    92. 

  92. type AccessTokenProvider interface {
    93. 

  93. 	// Token returns an access token. The implementation should ensure token
    94. 

  94. 	// reuse so that multiple calls at connect time do not create multiple
    95. 

  95. 	// tokens. The implementation should also periodically refresh the token in
    96. 

  96. 	// order to guarantee that each call returns an unexpired token.  This
    97. 

  97. 	// method should not block indefinitely--a timeout error should be returned
    98. 

  98. 	// after a short period of inactivity so that the broker connection logic
    99. 

  99. 	// can log debugging information and retry.
    100. 

  100. 	Token() (*AccessToken, error)
    101. 

  101. }
    102. 

  102. 

  103. // SCRAMClient is a an interface to a SCRAM
    104. 

  104. // client implementation.
    105. 

  105. type SCRAMClient interface {
    106. 

  106. 	// Begin prepares the client for the SCRAM exchange
    107. 

  107. 	// with the server with a user name and a password
    108. 

  108. 	Begin(userName, password, authzID string) error
    109. 

  109. 	// Step steps client through the SCRAM exchange. It is
    110. 

  110. 	// called repeatedly until it errors or `Done` returns true.
    111. 

  111. 	Step(challenge string) (response string, err error)
    112. 

  112. 	// Done should return true when the SCRAM conversation
    113. 

  113. 	// is over.
    114. 

  114. 	Done() bool
    115. 

  115. }
    116. 

  116. 

  117. type responsePromise struct {
    118. 

  118. 	requestTime   time.Time
    119. 

  119. 	correlationID int32
    120. 

  120. 	packets       chan []byte
    121. 

  121. 	errors        chan error
    122. 

  122. }
    123. 

  123. 

  124. // NewBroker creates and returns a Broker targeting the given host:port address.
    125. 

  125. // This does not attempt to actually connect, you have to call Open() for that.
    126. 

  126. func NewBroker(addr string) *Broker {
    127. 

  127. 	return &Broker{id: -1, addr: addr}
    128. 

  128. }
    129. 

  129. 

  130. // Open tries to connect to the Broker if it is not already connected or connecting, but does not block
    131. 

  131. // waiting for the connection to complete. This means that any subsequent operations on the broker will
    132. 

  132. // block waiting for the connection to succeed or fail. To get the effect of a fully synchronous Open call,
    133. 

  133. // follow it by a call to Connected(). The only errors Open will return directly are ConfigurationError or
    134. 

  134. // AlreadyConnected. If conf is nil, the result of NewConfig() is used.
    135. 

  135. func (b *Broker) Open(conf *Config) error {
    136. 

  136. 	if !atomic.CompareAndSwapInt32(&b.opened, 0, 1) {
    137. 

  137. 		return ErrAlreadyConnected
    138. 

  138. 	}
    139. 

  139. 

  140. 	if conf == nil {
    141. 

  141. 		conf = NewConfig()
    142. 

  142. 	}
    143. 

  143. 

  144. 	err := conf.Validate()
    145. 

  145. 	if err != nil {
    146. 

  146. 		return err
    147. 

  147. 	}
    148. 

  148. 

  149. 	b.lock.Lock()
    150. 

  150. 

  151. 	go withRecover(func() {
    152. 

  152. 		defer b.lock.Unlock()
    153. 

  153. 

  154. 		dialer := net.Dialer{
    155. 

  155. 			Timeout:   conf.Net.DialTimeout,
    156. 

  156. 			KeepAlive: conf.Net.KeepAlive,
    157. 

  157. 			LocalAddr: conf.Net.LocalAddr,
    158. 

  158. 		}
    159. 

  159. 

  160. 		if conf.Net.TLS.Enable {
    161. 

  161. 			b.conn, b.connErr = tls.DialWithDialer(&dialer, "tcp", b.addr, conf.Net.TLS.Config)
    162. 

  162. 		} else if conf.Net.Proxy.Enable {
    163. 

  163. 			b.conn, b.connErr = conf.Net.Proxy.Dialer.Dial("tcp", b.addr)
    164. 

  164. 		} else {
    165. 

  165. 			b.conn, b.connErr = dialer.Dial("tcp", b.addr)
    166. 

  166. 		}
    167. 

  167. 		if b.connErr != nil {
    168. 

  168. 			Logger.Printf("Failed to connect to broker %s: %s\n", b.addr, b.connErr)
    169. 

  169. 			b.conn = nil
    170. 

  170. 			atomic.StoreInt32(&b.opened, 0)
    171. 

  171. 			return
    172. 

  172. 		}
    173. 

  173. 		b.conn = newBufConn(b.conn)
    174. 

  174. 

  175. 		b.conf = conf
    176. 

  176. 

  177. 		// Create or reuse the global metrics shared between brokers
    178. 

  178. 		b.incomingByteRate = metrics.GetOrRegisterMeter("incoming-byte-rate", conf.MetricRegistry)
    179. 

  179. 		b.requestRate = metrics.GetOrRegisterMeter("request-rate", conf.MetricRegistry)
    180. 

  180. 		b.requestSize = getOrRegisterHistogram("request-size", conf.MetricRegistry)
    181. 

  181. 		b.requestLatency = getOrRegisterHistogram("request-latency-in-ms", conf.MetricRegistry)
    182. 

  182. 		b.outgoingByteRate = metrics.GetOrRegisterMeter("outgoing-byte-rate", conf.MetricRegistry)
    183. 

  183. 		b.responseRate = metrics.GetOrRegisterMeter("response-rate", conf.MetricRegistry)
    184. 

  184. 		b.responseSize = getOrRegisterHistogram("response-size", conf.MetricRegistry)
    185. 

  185. 		// Do not gather metrics for seeded broker (only used during bootstrap) because they share
    186. 

  186. 		// the same id (-1) and are already exposed through the global metrics above
    187. 

  187. 		if b.id >= 0 {
    188. 

  188. 			b.registerMetrics()
    189. 

  189. 		}
    190. 

  190. 

  191. 		if conf.Net.SASL.Enable {
    192. 

  192. 

  193. 			b.connErr = b.authenticateViaSASL()
    194. 

  194. 

  195. 			if b.connErr != nil {
    196. 

  196. 				err = b.conn.Close()
    197. 

  197. 				if err == nil {
    198. 

  198. 					Logger.Printf("Closed connection to broker %s\n", b.addr)
    199. 

  199. 				} else {
    200. 

  200. 					Logger.Printf("Error while closing connection to broker %s: %s\n", b.addr, err)
    201. 

  201. 				}
    202. 

  202. 				b.conn = nil
    203. 

  203. 				atomic.StoreInt32(&b.opened, 0)
    204. 

  204. 				return
    205. 

  205. 			}
    206. 

  206. 		}
    207. 

  207. 

  208. 		b.done = make(chan bool)
    209. 

  209. 		b.responses = make(chan responsePromise, b.conf.Net.MaxOpenRequests-1)
    210. 

  210. 

  211. 		if b.id >= 0 {
    212. 

  212. 			Logger.Printf("Connected to broker at %s (registered as #%d)\n", b.addr, b.id)
    213. 

  213. 		} else {
    214. 

  214. 			Logger.Printf("Connected to broker at %s (unregistered)\n", b.addr)
    215. 

  215. 		}
    216. 

  216. 		go withRecover(b.responseReceiver)
    217. 

  217. 	})
    218. 

  218. 

  219. 	return nil
    220. 

  220. }
    221. 

  221. 

  222. // Connected returns true if the broker is connected and false otherwise. If the broker is not
    223. 

  223. // connected but it had tried to connect, the error from that connection attempt is also returned.
    224. 

  224. func (b *Broker) Connected() (bool, error) {
    225. 

  225. 	b.lock.Lock()
    226. 

  226. 	defer b.lock.Unlock()
    227. 

  227. 

  228. 	return b.conn != nil, b.connErr
    229. 

  229. }
    230. 

  230. 

  231. //Close closes the broker resources
    232. 

  232. func (b *Broker) Close() error {
    233. 

  233. 	b.lock.Lock()
    234. 

  234. 	defer b.lock.Unlock()
    235. 

  235. 

  236. 	if b.conn == nil {
    237. 

  237. 		return ErrNotConnected
    238. 

  238. 	}
    239. 

  239. 

  240. 	close(b.responses)
    241. 

  241. 	<-b.done
    242. 

  242. 

  243. 	err := b.conn.Close()
    244. 

  244. 

  245. 	b.conn = nil
    246. 

  246. 	b.connErr = nil
    247. 

  247. 	b.done = nil
    248. 

  248. 	b.responses = nil
    249. 

  249. 

  250. 	b.unregisterMetrics()
    251. 

  251. 

  252. 	if err == nil {
    253. 

  253. 		Logger.Printf("Closed connection to broker %s\n", b.addr)
    254. 

  254. 	} else {
    255. 

  255. 		Logger.Printf("Error while closing connection to broker %s: %s\n", b.addr, err)
    256. 

  256. 	}
    257. 

  257. 

  258. 	atomic.StoreInt32(&b.opened, 0)
    259. 

  259. 

  260. 	return err
    261. 

  261. }
    262. 

  262. 

  263. // ID returns the broker ID retrieved from Kafka's metadata, or -1 if that is not known.
    264. 

  264. func (b *Broker) ID() int32 {
    265. 

  265. 	return b.id
    266. 

  266. }
    267. 

  267. 

  268. // Addr returns the broker address as either retrieved from Kafka's metadata or passed to NewBroker.
    269. 

  269. func (b *Broker) Addr() string {
    270. 

  270. 	return b.addr
    271. 

  271. }
    272. 

  272. 

  273. // Rack returns the broker's rack as retrieved from Kafka's metadata or the
    274. 

  274. // empty string if it is not known.  The returned value corresponds to the
    275. 

  275. // broker's broker.rack configuration setting.  Requires protocol version to be
    276. 

  276. // at least v0.10.0.0.
    277. 

  277. func (b *Broker) Rack() string {
    278. 

  278. 	if b.rack == nil {
    279. 

  279. 		return ""
    280. 

  280. 	}
    281. 

  281. 	return *b.rack
    282. 

  282. }
    283. 

  283. 

  284. //GetMetadata send a metadata request and returns a metadata response or error
    285. 

  285. func (b *Broker) GetMetadata(request *MetadataRequest) (*MetadataResponse, error) {
    286. 

  286. 	response := new(MetadataResponse)
    287. 

  287. 

  288. 	err := b.sendAndReceive(request, response)
    289. 

  289. 

  290. 	if err != nil {
    291. 

  291. 		return nil, err
    292. 

  292. 	}
    293. 

  293. 

  294. 	return response, nil
    295. 

  295. }
    296. 

  296. 

  297. //GetConsumerMetadata send a consumer metadata request and returns a consumer metadata response or error
    298. 

  298. func (b *Broker) GetConsumerMetadata(request *ConsumerMetadataRequest) (*ConsumerMetadataResponse, error) {
    299. 

  299. 	response := new(ConsumerMetadataResponse)
    300. 

  300. 

  301. 	err := b.sendAndReceive(request, response)
    302. 

  302. 

  303. 	if err != nil {
    304. 

  304. 		return nil, err
    305. 

  305. 	}
    306. 

  306. 

  307. 	return response, nil
    308. 

  308. }
    309. 

  309. 

  310. //FindCoordinator sends a find coordinate request and returns a response or error
    311. 

  311. func (b *Broker) FindCoordinator(request *FindCoordinatorRequest) (*FindCoordinatorResponse, error) {
    312. 

  312. 	response := new(FindCoordinatorResponse)
    313. 

  313. 

  314. 	err := b.sendAndReceive(request, response)
    315. 

  315. 

  316. 	if err != nil {
    317. 

  317. 		return nil, err
    318. 

  318. 	}
    319. 

  319. 

  320. 	return response, nil
    321. 

  321. }
    322. 

  322. 

  323. //GetAvailableOffsets return an offset response or error
    324. 

  324. func (b *Broker) GetAvailableOffsets(request *OffsetRequest) (*OffsetResponse, error) {
    325. 

  325. 	response := new(OffsetResponse)
    326. 

  326. 

  327. 	err := b.sendAndReceive(request, response)
    328. 

  328. 

  329. 	if err != nil {
    330. 

  330. 		return nil, err
    331. 

  331. 	}
    332. 

  332. 

  333. 	return response, nil
    334. 

  334. }
    335. 

  335. 

  336. //Produce returns a produce response or error
    337. 

  337. func (b *Broker) Produce(request *ProduceRequest) (*ProduceResponse, error) {
    338. 

  338. 	var (
    339. 

  339. 		response *ProduceResponse
    340. 

  340. 		err      error
    341. 

  341. 	)
    342. 

  342. 

  343. 	if request.RequiredAcks == NoResponse {
    344. 

  344. 		err = b.sendAndReceive(request, nil)
    345. 

  345. 	} else {
    346. 

  346. 		response = new(ProduceResponse)
    347. 

  347. 		err = b.sendAndReceive(request, response)
    348. 

  348. 	}
    349. 

  349. 

  350. 	if err != nil {
    351. 

  351. 		return nil, err
    352. 

  352. 	}
    353. 

  353. 

  354. 	return response, nil
    355. 

  355. }
    356. 

  356. 

  357. //Fetch returns a FetchResponse or error
    358. 

  358. func (b *Broker) Fetch(request *FetchRequest) (*FetchResponse, error) {
    359. 

  359. 	response := new(FetchResponse)
    360. 

  360. 

  361. 	err := b.sendAndReceive(request, response)
    362. 

  362. 	if err != nil {
    363. 

  363. 		return nil, err
    364. 

  364. 	}
    365. 

  365. 

  366. 	return response, nil
    367. 

  367. }
    368. 

  368. 

  369. //CommitOffset return an Offset commit reponse or error
    370. 

  370. func (b *Broker) CommitOffset(request *OffsetCommitRequest) (*OffsetCommitResponse, error) {
    371. 

  371. 	response := new(OffsetCommitResponse)
    372. 

  372. 

  373. 	err := b.sendAndReceive(request, response)
    374. 

  374. 	if err != nil {
    375. 

  375. 		return nil, err
    376. 

  376. 	}
    377. 

  377. 

  378. 	return response, nil
    379. 

  379. }
    380. 

  380. 

  381. //FetchOffset returns an offset fetch response or error
    382. 

  382. func (b *Broker) FetchOffset(request *OffsetFetchRequest) (*OffsetFetchResponse, error) {
    383. 

  383. 	response := new(OffsetFetchResponse)
    384. 

  384. 

  385. 	err := b.sendAndReceive(request, response)
    386. 

  386. 	if err != nil {
    387. 

  387. 		return nil, err
    388. 

  388. 	}
    389. 

  389. 

  390. 	return response, nil
    391. 

  391. }
    392. 

  392. 

  393. //JoinGroup returns a join group response or error
    394. 

  394. func (b *Broker) JoinGroup(request *JoinGroupRequest) (*JoinGroupResponse, error) {
    395. 

  395. 	response := new(JoinGroupResponse)
    396. 

  396. 

  397. 	err := b.sendAndReceive(request, response)
    398. 

  398. 	if err != nil {
    399. 

  399. 		return nil, err
    400. 

  400. 	}
    401. 

  401. 

  402. 	return response, nil
    403. 

  403. }
    404. 

  404. 

  405. //SyncGroup returns a sync group response or error
    406. 

  406. func (b *Broker) SyncGroup(request *SyncGroupRequest) (*SyncGroupResponse, error) {
    407. 

  407. 	response := new(SyncGroupResponse)
    408. 

  408. 

  409. 	err := b.sendAndReceive(request, response)
    410. 

  410. 	if err != nil {
    411. 

  411. 		return nil, err
    412. 

  412. 	}
    413. 

  413. 

  414. 	return response, nil
    415. 

  415. }
    416. 

  416. 

  417. //LeaveGroup return a leave group response or error
    418. 

  418. func (b *Broker) LeaveGroup(request *LeaveGroupRequest) (*LeaveGroupResponse, error) {
    419. 

  419. 	response := new(LeaveGroupResponse)
    420. 

  420. 

  421. 	err := b.sendAndReceive(request, response)
    422. 

  422. 	if err != nil {
    423. 

  423. 		return nil, err
    424. 

  424. 	}
    425. 

  425. 

  426. 	return response, nil
    427. 

  427. }
    428. 

  428. 

  429. //Heartbeat returns a heartbeat response or error
    430. 

  430. func (b *Broker) Heartbeat(request *HeartbeatRequest) (*HeartbeatResponse, error) {
    431. 

  431. 	response := new(HeartbeatResponse)
    432. 

  432. 

  433. 	err := b.sendAndReceive(request, response)
    434. 

  434. 	if err != nil {
    435. 

  435. 		return nil, err
    436. 

  436. 	}
    437. 

  437. 

  438. 	return response, nil
    439. 

  439. }
    440. 

  440. 

  441. //ListGroups return a list group response or error
    442. 

  442. func (b *Broker) ListGroups(request *ListGroupsRequest) (*ListGroupsResponse, error) {
    443. 

  443. 	response := new(ListGroupsResponse)
    444. 

  444. 

  445. 	err := b.sendAndReceive(request, response)
    446. 

  446. 	if err != nil {
    447. 

  447. 		return nil, err
    448. 

  448. 	}
    449. 

  449. 

  450. 	return response, nil
    451. 

  451. }
    452. 

  452. 

  453. //DescribeGroups return describe group response or error
    454. 

  454. func (b *Broker) DescribeGroups(request *DescribeGroupsRequest) (*DescribeGroupsResponse, error) {
    455. 

  455. 	response := new(DescribeGroupsResponse)
    456. 

  456. 

  457. 	err := b.sendAndReceive(request, response)
    458. 

  458. 	if err != nil {
    459. 

  459. 		return nil, err
    460. 

  460. 	}
    461. 

  461. 

  462. 	return response, nil
    463. 

  463. }
    464. 

  464. 

  465. //ApiVersions return api version response or error
    466. 

  466. func (b *Broker) ApiVersions(request *ApiVersionsRequest) (*ApiVersionsResponse, error) {
    467. 

  467. 	response := new(ApiVersionsResponse)
    468. 

  468. 

  469. 	err := b.sendAndReceive(request, response)
    470. 

  470. 	if err != nil {
    471. 

  471. 		return nil, err
    472. 

  472. 	}
    473. 

  473. 

  474. 	return response, nil
    475. 

  475. }
    476. 

  476. 

  477. //CreateTopics send a create topic request and returns create topic response
    478. 

  478. func (b *Broker) CreateTopics(request *CreateTopicsRequest) (*CreateTopicsResponse, error) {
    479. 

  479. 	response := new(CreateTopicsResponse)
    480. 

  480. 

  481. 	err := b.sendAndReceive(request, response)
    482. 

  482. 	if err != nil {
    483. 

  483. 		return nil, err
    484. 

  484. 	}
    485. 

  485. 

  486. 	return response, nil
    487. 

  487. }
    488. 

  488. 

  489. //DeleteTopics sends a delete topic request and returns delete topic response
    490. 

  490. func (b *Broker) DeleteTopics(request *DeleteTopicsRequest) (*DeleteTopicsResponse, error) {
    491. 

  491. 	response := new(DeleteTopicsResponse)
    492. 

  492. 

  493. 	err := b.sendAndReceive(request, response)
    494. 

  494. 	if err != nil {
    495. 

  495. 		return nil, err
    496. 

  496. 	}
    497. 

  497. 

  498. 	return response, nil
    499. 

  499. }
    500. 

  500. 

  501. //CreatePartitions sends a create partition request and returns create
    502. 

  502. //partitions response or error
    503. 

  503. func (b *Broker) CreatePartitions(request *CreatePartitionsRequest) (*CreatePartitionsResponse, error) {
    504. 

  504. 	response := new(CreatePartitionsResponse)
    505. 

  505. 

  506. 	err := b.sendAndReceive(request, response)
    507. 

  507. 	if err != nil {
    508. 

  508. 		return nil, err
    509. 

  509. 	}
    510. 

  510. 

  511. 	return response, nil
    512. 

  512. }
    513. 

  513. 

  514. //DeleteRecords send a request to delete records and return delete record
    515. 

  515. //response or error
    516. 

  516. func (b *Broker) DeleteRecords(request *DeleteRecordsRequest) (*DeleteRecordsResponse, error) {
    517. 

  517. 	response := new(DeleteRecordsResponse)
    518. 

  518. 

  519. 	err := b.sendAndReceive(request, response)
    520. 

  520. 	if err != nil {
    521. 

  521. 		return nil, err
    522. 

  522. 	}
    523. 

  523. 

  524. 	return response, nil
    525. 

  525. }
    526. 

  526. 

  527. //DescribeAcls sends a describe acl request and returns a response or error
    528. 

  528. func (b *Broker) DescribeAcls(request *DescribeAclsRequest) (*DescribeAclsResponse, error) {
    529. 

  529. 	response := new(DescribeAclsResponse)
    530. 

  530. 

  531. 	err := b.sendAndReceive(request, response)
    532. 

  532. 	if err != nil {
    533. 

  533. 		return nil, err
    534. 

  534. 	}
    535. 

  535. 

  536. 	return response, nil
    537. 

  537. }
    538. 

  538. 

  539. //CreateAcls sends a create acl request and returns a response or error
    540. 

  540. func (b *Broker) CreateAcls(request *CreateAclsRequest) (*CreateAclsResponse, error) {
    541. 

  541. 	response := new(CreateAclsResponse)
    542. 

  542. 

  543. 	err := b.sendAndReceive(request, response)
    544. 

  544. 	if err != nil {
    545. 

  545. 		return nil, err
    546. 

  546. 	}
    547. 

  547. 

  548. 	return response, nil
    549. 

  549. }
    550. 

  550. 

  551. //DeleteAcls sends a delete acl request and returns a response or error
    552. 

  552. func (b *Broker) DeleteAcls(request *DeleteAclsRequest) (*DeleteAclsResponse, error) {
    553. 

  553. 	response := new(DeleteAclsResponse)
    554. 

  554. 

  555. 	err := b.sendAndReceive(request, response)
    556. 

  556. 	if err != nil {
    557. 

  557. 		return nil, err
    558. 

  558. 	}
    559. 

  559. 

  560. 	return response, nil
    561. 

  561. }
    562. 

  562. 

  563. //InitProducerID sends an init producer request and returns a response or error
    564. 

  564. func (b *Broker) InitProducerID(request *InitProducerIDRequest) (*InitProducerIDResponse, error) {
    565. 

  565. 	response := new(InitProducerIDResponse)
    566. 

  566. 

  567. 	err := b.sendAndReceive(request, response)
    568. 

  568. 	if err != nil {
    569. 

  569. 		return nil, err
    570. 

  570. 	}
    571. 

  571. 

  572. 	return response, nil
    573. 

  573. }
    574. 

  574. 

  575. //AddPartitionsToTxn send a request to add partition to txn and returns
    576. 

  576. //a response or error
    577. 

  577. func (b *Broker) AddPartitionsToTxn(request *AddPartitionsToTxnRequest) (*AddPartitionsToTxnResponse, error) {
    578. 

  578. 	response := new(AddPartitionsToTxnResponse)
    579. 

  579. 

  580. 	err := b.sendAndReceive(request, response)
    581. 

  581. 	if err != nil {
    582. 

  582. 		return nil, err
    583. 

  583. 	}
    584. 

  584. 

  585. 	return response, nil
    586. 

  586. }
    587. 

  587. 

  588. //AddOffsetsToTxn sends a request to add offsets to txn and returns a response
    589. 

  589. //or error
    590. 

  590. func (b *Broker) AddOffsetsToTxn(request *AddOffsetsToTxnRequest) (*AddOffsetsToTxnResponse, error) {
    591. 

  591. 	response := new(AddOffsetsToTxnResponse)
    592. 

  592. 

  593. 	err := b.sendAndReceive(request, response)
    594. 

  594. 	if err != nil {
    595. 

  595. 		return nil, err
    596. 

  596. 	}
    597. 

  597. 

  598. 	return response, nil
    599. 

  599. }
    600. 

  600. 

  601. //EndTxn sends a request to end txn and returns a response or error
    602. 

  602. func (b *Broker) EndTxn(request *EndTxnRequest) (*EndTxnResponse, error) {
    603. 

  603. 	response := new(EndTxnResponse)
    604. 

  604. 

  605. 	err := b.sendAndReceive(request, response)
    606. 

  606. 	if err != nil {
    607. 

  607. 		return nil, err
    608. 

  608. 	}
    609. 

  609. 

  610. 	return response, nil
    611. 

  611. }
    612. 

  612. 

  613. //TxnOffsetCommit sends a request to commit transaction offsets and returns
    614. 

  614. //a response or error
    615. 

  615. func (b *Broker) TxnOffsetCommit(request *TxnOffsetCommitRequest) (*TxnOffsetCommitResponse, error) {
    616. 

  616. 	response := new(TxnOffsetCommitResponse)
    617. 

  617. 

  618. 	err := b.sendAndReceive(request, response)
    619. 

  619. 	if err != nil {
    620. 

  620. 		return nil, err
    621. 

  621. 	}
    622. 

  622. 

  623. 	return response, nil
    624. 

  624. }
    625. 

  625. 

  626. //DescribeConfigs sends a request to describe config and returns a response or
    627. 

  627. //error
    628. 

  628. func (b *Broker) DescribeConfigs(request *DescribeConfigsRequest) (*DescribeConfigsResponse, error) {
    629. 

  629. 	response := new(DescribeConfigsResponse)
    630. 

  630. 

  631. 	err := b.sendAndReceive(request, response)
    632. 

  632. 	if err != nil {
    633. 

  633. 		return nil, err
    634. 

  634. 	}
    635. 

  635. 

  636. 	return response, nil
    637. 

  637. }
    638. 

  638. 

  639. //AlterConfigs sends a request to alter config and return a response or error
    640. 

  640. func (b *Broker) AlterConfigs(request *AlterConfigsRequest) (*AlterConfigsResponse, error) {
    641. 

  641. 	response := new(AlterConfigsResponse)
    642. 

  642. 

  643. 	err := b.sendAndReceive(request, response)
    644. 

  644. 	if err != nil {
    645. 

  645. 		return nil, err
    646. 

  646. 	}
    647. 

  647. 

  648. 	return response, nil
    649. 

  649. }
    650. 

  650. 

  651. //DeleteGroups sends a request to delete groups and returns a response or error
    652. 

  652. func (b *Broker) DeleteGroups(request *DeleteGroupsRequest) (*DeleteGroupsResponse, error) {
    653. 

  653. 	response := new(DeleteGroupsResponse)
    654. 

  654. 

  655. 	if err := b.sendAndReceive(request, response); err != nil {
    656. 

  656. 		return nil, err
    657. 

  657. 	}
    658. 

  658. 

  659. 	return response, nil
    660. 

  660. }
    661. 

  661. 

  662. //DescribeLogDirs sends a request to get the broker's log dir paths and sizes
    663. 

  663. func (b *Broker) DescribeLogDirs(request *DescribeLogDirsRequest) (*DescribeLogDirsResponse, error) {
    664. 

  664. 	response := new(DescribeLogDirsResponse)
    665. 

  665. 

  666. 	err := b.sendAndReceive(request, response)
    667. 

  667. 	if err != nil {
    668. 

  668. 		return nil, err
    669. 

  669. 	}
    670. 

  670. 

  671. 	return response, nil
    672. 

  672. }
    673. 

  673. 

  674. func (b *Broker) send(rb protocolBody, promiseResponse bool) (*responsePromise, error) {
    675. 

  675. 	b.lock.Lock()
    676. 

  676. 	defer b.lock.Unlock()
    677. 

  677. 

  678. 	if b.conn == nil {
    679. 

  679. 		if b.connErr != nil {
    680. 

  680. 			return nil, b.connErr
    681. 

  681. 		}
    682. 

  682. 		return nil, ErrNotConnected
    683. 

  683. 	}
    684. 

  684. 

  685. 	if !b.conf.Version.IsAtLeast(rb.requiredVersion()) {
    686. 

  686. 		return nil, ErrUnsupportedVersion
    687. 

  687. 	}
    688. 

  688. 

  689. 	req := &request{correlationID: b.correlationID, clientID: b.conf.ClientID, body: rb}
    690. 

  690. 	buf, err := encode(req, b.conf.MetricRegistry)
    691. 

  691. 	if err != nil {
    692. 

  692. 		return nil, err
    693. 

  693. 	}
    694. 

  694. 

  695. 	err = b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout))
    696. 

  696. 	if err != nil {
    697. 

  697. 		return nil, err
    698. 

  698. 	}
    699. 

  699. 

  700. 	requestTime := time.Now()
    701. 

  701. 	bytes, err := b.conn.Write(buf)
    702. 

  702. 	b.updateOutgoingCommunicationMetrics(bytes) //TODO: should it be after error check
    703. 

  703. 	if err != nil {
    704. 

  704. 		return nil, err
    705. 

  705. 	}
    706. 

  706. 	b.correlationID++
    707. 

  707. 

  708. 	if !promiseResponse {
    709. 

  709. 		// Record request latency without the response
    710. 

  710. 		b.updateRequestLatencyMetrics(time.Since(requestTime))
    711. 

  711. 		return nil, nil
    712. 

  712. 	}
    713. 

  713. 

  714. 	promise := responsePromise{requestTime, req.correlationID, make(chan []byte), make(chan error)}
    715. 

  715. 	b.responses <- promise
    716. 

  716. 

  717. 	return &promise, nil
    718. 

  718. }
    719. 

  719. 

  720. func (b *Broker) sendAndReceive(req protocolBody, res versionedDecoder) error {
    721. 

  721. 	promise, err := b.send(req, res != nil)
    722. 

  722. 	if err != nil {
    723. 

  723. 		return err
    724. 

  724. 	}
    725. 

  725. 

  726. 	if promise == nil {
    727. 

  727. 		return nil
    728. 

  728. 	}
    729. 

  729. 

  730. 	select {
    731. 

  731. 	case buf := <-promise.packets:
    732. 

  732. 		return versionedDecode(buf, res, req.version())
    733. 

  733. 	case err = <-promise.errors:
    734. 

  734. 		return err
    735. 

  735. 	}
    736. 

  736. }
    737. 

  737. 

  738. func (b *Broker) decode(pd packetDecoder, version int16) (err error) {
    739. 

  739. 	b.id, err = pd.getInt32()
    740. 

  740. 	if err != nil {
    741. 

  741. 		return err
    742. 

  742. 	}
    743. 

  743. 

  744. 	host, err := pd.getString()
    745. 

  745. 	if err != nil {
    746. 

  746. 		return err
    747. 

  747. 	}
    748. 

  748. 

  749. 	port, err := pd.getInt32()
    750. 

  750. 	if err != nil {
    751. 

  751. 		return err
    752. 

  752. 	}
    753. 

  753. 

  754. 	if version >= 1 {
    755. 

  755. 		b.rack, err = pd.getNullableString()
    756. 

  756. 		if err != nil {
    757. 

  757. 			return err
    758. 

  758. 		}
    759. 

  759. 	}
    760. 

  760. 

  761. 	b.addr = net.JoinHostPort(host, fmt.Sprint(port))
    762. 

  762. 	if _, _, err := net.SplitHostPort(b.addr); err != nil {
    763. 

  763. 		return err
    764. 

  764. 	}
    765. 

  765. 

  766. 	return nil
    767. 

  767. }
    768. 

  768. 

  769. func (b *Broker) encode(pe packetEncoder, version int16) (err error) {
    770. 

  770. 	host, portstr, err := net.SplitHostPort(b.addr)
    771. 

  771. 	if err != nil {
    772. 

  772. 		return err
    773. 

  773. 	}
    774. 

  774. 

  775. 	port, err := strconv.Atoi(portstr)
    776. 

  776. 	if err != nil {
    777. 

  777. 		return err
    778. 

  778. 	}
    779. 

  779. 

  780. 	pe.putInt32(b.id)
    781. 

  781. 

  782. 	err = pe.putString(host)
    783. 

  783. 	if err != nil {
    784. 

  784. 		return err
    785. 

  785. 	}
    786. 

  786. 

  787. 	pe.putInt32(int32(port))
    788. 

  788. 

  789. 	if version >= 1 {
    790. 

  790. 		err = pe.putNullableString(b.rack)
    791. 

  791. 		if err != nil {
    792. 

  792. 			return err
    793. 

  793. 		}
    794. 

  794. 	}
    795. 

  795. 

  796. 	return nil
    797. 

  797. }
    798. 

  798. 

  799. func (b *Broker) responseReceiver() {
    800. 

  800. 	var dead error
    801. 

  801. 	header := make([]byte, 8)
    802. 

  802. 

  803. 	for response := range b.responses {
    804. 

  804. 		if dead != nil {
    805. 

  805. 			response.errors <- dead
    806. 

  806. 			continue
    807. 

  807. 		}
    808. 

  808. 

  809. 		err := b.conn.SetReadDeadline(time.Now().Add(b.conf.Net.ReadTimeout))
    810. 

  810. 		if err != nil {
    811. 

  811. 			dead = err
    812. 

  812. 			response.errors <- err
    813. 

  813. 			continue
    814. 

  814. 		}
    815. 

  815. 

  816. 		bytesReadHeader, err := io.ReadFull(b.conn, header)
    817. 

  817. 		requestLatency := time.Since(response.requestTime)
    818. 

  818. 		if err != nil {
    819. 

  819. 			b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)
    820. 

  820. 			dead = err
    821. 

  821. 			response.errors <- err
    822. 

  822. 			continue
    823. 

  823. 		}
    824. 

  824. 

  825. 		decodedHeader := responseHeader{}
    826. 

  826. 		err = decode(header, &decodedHeader)
    827. 

  827. 		if err != nil {
    828. 

  828. 			b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)
    829. 

  829. 			dead = err
    830. 

  830. 			response.errors <- err
    831. 

  831. 			continue
    832. 

  832. 		}
    833. 

  833. 		if decodedHeader.correlationID != response.correlationID {
    834. 

  834. 			b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)
    835. 

  835. 			// TODO if decoded ID < cur ID, discard until we catch up
    836. 

  836. 			// TODO if decoded ID > cur ID, save it so when cur ID catches up we have a response
    837. 

  837. 			dead = PacketDecodingError{fmt.Sprintf("correlation ID didn't match, wanted %d, got %d", response.correlationID, decodedHeader.correlationID)}
    838. 

  838. 			response.errors <- dead
    839. 

  839. 			continue
    840. 

  840. 		}
    841. 

  841. 

  842. 		buf := make([]byte, decodedHeader.length-4)
    843. 

  843. 		bytesReadBody, err := io.ReadFull(b.conn, buf)
    844. 

  844. 		b.updateIncomingCommunicationMetrics(bytesReadHeader+bytesReadBody, requestLatency)
    845. 

  845. 		if err != nil {
    846. 

  846. 			dead = err
    847. 

  847. 			response.errors <- err
    848. 

  848. 			continue
    849. 

  849. 		}
    850. 

  850. 

  851. 		response.packets <- buf
    852. 

  852. 	}
    853. 

  853. 	close(b.done)
    854. 

  854. }
    855. 

  855. 

  856. func (b *Broker) authenticateViaSASL() error {
    857. 

  857. 	switch b.conf.Net.SASL.Mechanism {
    858. 

  858. 	case SASLTypeOAuth:
    859. 

  859. 		return b.sendAndReceiveSASLOAuth(b.conf.Net.SASL.TokenProvider)
    860. 

  860. 	case SASLTypeSCRAMSHA256, SASLTypeSCRAMSHA512:
    861. 

  861. 		return b.sendAndReceiveSASLSCRAMv1()
    862. 

  862. 	case SASLTypeGSSAPI:
    863. 

  863. 		return b.sendAndReceiveKerberos()
    864. 

  864. 	default:
    865. 

  865. 		return b.sendAndReceiveSASLPlainAuth()
    866. 

  866. 	}
    867. 

  867. }
    868. 

  868. 

  869. func (b *Broker) sendAndReceiveKerberos() error {
    870. 

  870. 	b.kerberosAuthenticator.Config = &b.conf.Net.SASL.GSSAPI
    871. 

  871. 	if b.kerberosAuthenticator.NewKerberosClientFunc == nil {
    872. 

  872. 		b.kerberosAuthenticator.NewKerberosClientFunc = NewKerberosClient
    873. 

  873. 	}
    874. 

  874. 	return b.kerberosAuthenticator.Authorize(b)
    875. 

  875. }
    876. 

  876. 

  877. func (b *Broker) sendAndReceiveSASLHandshake(saslType SASLMechanism, version int16) error {
    878. 

  878. 	rb := &SaslHandshakeRequest{Mechanism: string(saslType), Version: version}
    879. 

  879. 

  880. 	req := &request{correlationID: b.correlationID, clientID: b.conf.ClientID, body: rb}
    881. 

  881. 	buf, err := encode(req, b.conf.MetricRegistry)
    882. 

  882. 	if err != nil {
    883. 

  883. 		return err
    884. 

  884. 	}
    885. 

  885. 

  886. 	err = b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout))
    887. 

  887. 	if err != nil {
    888. 

  888. 		return err
    889. 

  889. 	}
    890. 

  890. 

  891. 	requestTime := time.Now()
    892. 

  892. 	bytes, err := b.conn.Write(buf)
    893. 

  893. 	b.updateOutgoingCommunicationMetrics(bytes)
    894. 

  894. 	if err != nil {
    895. 

  895. 		Logger.Printf("Failed to send SASL handshake %s: %s\n", b.addr, err.Error())
    896. 

  896. 		return err
    897. 

  897. 	}
    898. 

  898. 	b.correlationID++
    899. 

  899. 	//wait for the response
    900. 

  900. 	header := make([]byte, 8) // response header
    901. 

  901. 	_, err = io.ReadFull(b.conn, header)
    902. 

  902. 	if err != nil {
    903. 

  903. 		Logger.Printf("Failed to read SASL handshake header : %s\n", err.Error())
    904. 

  904. 		return err
    905. 

  905. 	}
    906. 

  906. 

  907. 	length := binary.BigEndian.Uint32(header[:4])
    908. 

  908. 	payload := make([]byte, length-4)
    909. 

  909. 	n, err := io.ReadFull(b.conn, payload)
    910. 

  910. 	if err != nil {
    911. 

  911. 		Logger.Printf("Failed to read SASL handshake payload : %s\n", err.Error())
    912. 

  912. 		return err
    913. 

  913. 	}
    914. 

  914. 

  915. 	b.updateIncomingCommunicationMetrics(n+8, time.Since(requestTime))
    916. 

  916. 	res := &SaslHandshakeResponse{}
    917. 

  917. 

  918. 	err = versionedDecode(payload, res, 0)
    919. 

  919. 	if err != nil {
    920. 

  920. 		Logger.Printf("Failed to parse SASL handshake : %s\n", err.Error())
    921. 

  921. 		return err
    922. 

  922. 	}
    923. 

  923. 

  924. 	if res.Err != ErrNoError {
    925. 

  925. 		Logger.Printf("Invalid SASL Mechanism : %s\n", res.Err.Error())
    926. 

  926. 		return res.Err
    927. 

  927. 	}
    928. 

  928. 

  929. 	Logger.Print("Successful SASL handshake. Available mechanisms: ", res.EnabledMechanisms)
    930. 

  930. 	return nil
    931. 

  931. }
    932. 

  932. 

  933. // Kafka 0.10.x supported SASL PLAIN/Kerberos via KAFKA-3149 (KIP-43).
    934. 

  934. // Kafka 1.x.x onward added a SaslAuthenticate request/response message which
    935. 

  935. // wraps the SASL flow in the Kafka protocol, which allows for returning
    936. 

  936. // meaningful errors on authentication failure.
    937. 

  937. //
    938. 

  938. // In SASL Plain, Kafka expects the auth header to be in the following format
    939. 

  939. // Message format (from https://tools.ietf.org/html/rfc4616):
    940. 

  940. //
    941. 

  941. //   message   = [authzid] UTF8NUL authcid UTF8NUL passwd
    942. 

  942. //   authcid   = 1*SAFE ; MUST accept up to 255 octets
    943. 

  943. //   authzid   = 1*SAFE ; MUST accept up to 255 octets
    944. 

  944. //   passwd    = 1*SAFE ; MUST accept up to 255 octets
    945. 

  945. //   UTF8NUL   = %x00 ; UTF-8 encoded NUL character
    946. 

  946. //
    947. 

  947. //   SAFE      = UTF1 / UTF2 / UTF3 / UTF4
    948. 

  948. //                  ;; any UTF-8 encoded Unicode character except NUL
    949. 

  949. //
    950. 

  950. // With SASL v0 handshake and auth then:
    951. 

  951. // When credentials are valid, Kafka returns a 4 byte array of null characters.
    952. 

  952. // When credentials are invalid, Kafka closes the connection.
    953. 

  953. //
    954. 

  954. // With SASL v1 handshake and auth then:
    955. 

  955. // When credentials are invalid, Kafka replies with a SaslAuthenticate response
    956. 

  956. // containing an error code and message detailing the authentication failure.
    957. 

  957. func (b *Broker) sendAndReceiveSASLPlainAuth() error {
    958. 

  958. 	// default to V0 to allow for backward compatability when SASL is enabled
    959. 

  959. 	// but not the handshake
    960. 

  960. 	if b.conf.Net.SASL.Handshake {
    961. 

  961. 

  962. 		handshakeErr := b.sendAndReceiveSASLHandshake(SASLTypePlaintext, b.conf.Net.SASL.Version)
    963. 

  963. 		if handshakeErr != nil {
    964. 

  964. 			Logger.Printf("Error while performing SASL handshake %s\n", b.addr)
    965. 

  965. 			return handshakeErr
    966. 

  966. 		}
    967. 

  967. 	}
    968. 

  968. 

  969. 	if b.conf.Net.SASL.Version == SASLHandshakeV1 {
    970. 

  970. 		return b.sendAndReceiveV1SASLPlainAuth()
    971. 

  971. 	}
    972. 

  972. 	return b.sendAndReceiveV0SASLPlainAuth()
    973. 

  973. }
    974. 

  974. 

  975. // sendAndReceiveV0SASLPlainAuth flows the v0 sasl auth NOT wrapped in the kafka protocol
    976. 

  976. func (b *Broker) sendAndReceiveV0SASLPlainAuth() error {
    977. 

  977. 

  978. 	length := 1 + len(b.conf.Net.SASL.User) + 1 + len(b.conf.Net.SASL.Password)
    979. 

  979. 	authBytes := make([]byte, length+4) //4 byte length header + auth data
    980. 

  980. 	binary.BigEndian.PutUint32(authBytes, uint32(length))
    981. 

  981. 	copy(authBytes[4:], []byte("\x00"+b.conf.Net.SASL.User+"\x00"+b.conf.Net.SASL.Password))
    982. 

  982. 

  983. 	err := b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout))
    984. 

  984. 	if err != nil {
    985. 

  985. 		Logger.Printf("Failed to set write deadline when doing SASL auth with broker %s: %s\n", b.addr, err.Error())
    986. 

  986. 		return err
    987. 

  987. 	}
    988. 

  988. 

  989. 	requestTime := time.Now()
    990. 

  990. 	bytesWritten, err := b.conn.Write(authBytes)
    991. 

  991. 	b.updateOutgoingCommunicationMetrics(bytesWritten)
    992. 

  992. 	if err != nil {
    993. 

  993. 		Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())
    994. 

  994. 		return err
    995. 

  995. 	}
    996. 

  996. 

  997. 	header := make([]byte, 4)
    998. 

  998. 	n, err := io.ReadFull(b.conn, header)
    999. 

  999. 	b.updateIncomingCommunicationMetrics(n, time.Since(requestTime))
    1000. 

  1000. 	// If the credentials are valid, we would get a 4 byte response filled with null characters.
    1001. 

  1001. 	// Otherwise, the broker closes the connection and we get an EOF
    1002. 

  1002. 	if err != nil {
    1003. 

  1003. 		Logger.Printf("Failed to read response while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())
    1004. 

  1004. 		return err
    1005. 

  1005. 	}
    1006. 

  1006. 

  1007. 	Logger.Printf("SASL authentication successful with broker %s:%v - %v\n", b.addr, n, header)
    1008. 

  1008. 	return nil
    1009. 

  1009. }
    1010. 

  1010. 

  1011. // sendAndReceiveV1SASLPlainAuth flows the v1 sasl authentication using the kafka protocol
    1012. 

  1012. func (b *Broker) sendAndReceiveV1SASLPlainAuth() error {
    1013. 

  1013. 	correlationID := b.correlationID
    1014. 

  1014. 

  1015. 	requestTime := time.Now()
    1016. 

  1016. 

  1017. 	bytesWritten, err := b.sendSASLPlainAuthClientResponse(correlationID)
    1018. 

  1018. 

  1019. 	b.updateOutgoingCommunicationMetrics(bytesWritten)
    1020. 

  1020. 

  1021. 	if err != nil {
    1022. 

  1022. 		Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())
    1023. 

  1023. 		return err
    1024. 

  1024. 	}
    1025. 

  1025. 

  1026. 	b.correlationID++
    1027. 

  1027. 

  1028. 	bytesRead, err := b.receiveSASLServerResponse(&SaslAuthenticateResponse{}, correlationID)
    1029. 

  1029. 	b.updateIncomingCommunicationMetrics(bytesRead, time.Since(requestTime))
    1030. 

  1030. 

  1031. 	// With v1 sasl we get an error message set in the response we can return
    1032. 

  1032. 	if err != nil {
    1033. 

  1033. 		Logger.Printf("Error returned from broker during SASL flow %s: %s\n", b.addr, err.Error())
    1034. 

  1034. 		return err
    1035. 

  1035. 	}
    1036. 

  1036. 

  1037. 	return nil
    1038. 

  1038. }
    1039. 

  1039. 

  1040. // sendAndReceiveSASLOAuth performs the authentication flow as described by KIP-255
    1041. 

  1041. // https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75968876
    1042. 

  1042. func (b *Broker) sendAndReceiveSASLOAuth(provider AccessTokenProvider) error {
    1043. 

  1043. 	if err := b.sendAndReceiveSASLHandshake(SASLTypeOAuth, SASLHandshakeV1); err != nil {
    1044. 

  1044. 		return err
    1045. 

  1045. 	}
    1046. 

  1046. 

  1047. 	token, err := provider.Token()
    1048. 

  1048. 	if err != nil {
    1049. 

  1049. 		return err
    1050. 

  1050. 	}
    1051. 

  1051. 

  1052. 	message, err := buildClientFirstMessage(token)
    1053. 

  1053. 	if err != nil {
    1054. 

  1054. 		return err
    1055. 

  1055. 	}
    1056. 

  1056. 

  1057. 	challenged, err := b.sendClientMessage(message)
    1058. 

  1058. 	if err != nil {
    1059. 

  1059. 		return err
    1060. 

  1060. 	}
    1061. 

  1061. 

  1062. 	if challenged {
    1063. 

  1063. 		// Abort the token exchange. The broker returns the failure code.
    1064. 

  1064. 		_, err = b.sendClientMessage([]byte(`\x01`))
    1065. 

  1065. 	}
    1066. 

  1066. 

  1067. 	return err
    1068. 

  1068. }
    1069. 

  1069. 

  1070. // sendClientMessage sends a SASL/OAUTHBEARER client message and returns true
    1071. 

  1071. // if the broker responds with a challenge, in which case the token is
    1072. 

  1072. // rejected.
    1073. 

  1073. func (b *Broker) sendClientMessage(message []byte) (bool, error) {
    1074. 

  1074. 

  1075. 	requestTime := time.Now()
    1076. 

  1076. 	correlationID := b.correlationID
    1077. 

  1077. 

  1078. 	bytesWritten, err := b.sendSASLOAuthBearerClientMessage(message, correlationID)
    1079. 

  1079. 	if err != nil {
    1080. 

  1080. 		return false, err
    1081. 

  1081. 	}
    1082. 

  1082. 

  1083. 	b.updateOutgoingCommunicationMetrics(bytesWritten)
    1084. 

  1084. 	b.correlationID++
    1085. 

  1085. 

  1086. 	res := &SaslAuthenticateResponse{}
    1087. 

  1087. 	bytesRead, err := b.receiveSASLServerResponse(res, correlationID)
    1088. 

  1088. 

  1089. 	requestLatency := time.Since(requestTime)
    1090. 

  1090. 	b.updateIncomingCommunicationMetrics(bytesRead, requestLatency)
    1091. 

  1091. 

  1092. 	isChallenge := len(res.SaslAuthBytes) > 0
    1093. 

  1093. 

  1094. 	if isChallenge && err != nil {
    1095. 

  1095. 		Logger.Printf("Broker rejected authentication token: %s", res.SaslAuthBytes)
    1096. 

  1096. 	}
    1097. 

  1097. 

  1098. 	return isChallenge, err
    1099. 

  1099. }
    1100. 

  1100. 

  1101. func (b *Broker) sendAndReceiveSASLSCRAMv1() error {
    1102. 

  1102. 	if err := b.sendAndReceiveSASLHandshake(b.conf.Net.SASL.Mechanism, SASLHandshakeV1); err != nil {
    1103. 

  1103. 		return err
    1104. 

  1104. 	}
    1105. 

  1105. 

  1106. 	scramClient := b.conf.Net.SASL.SCRAMClientGeneratorFunc()
    1107. 

  1107. 	if err := scramClient.Begin(b.conf.Net.SASL.User, b.conf.Net.SASL.Password, b.conf.Net.SASL.SCRAMAuthzID); err != nil {
    1108. 

  1108. 		return fmt.Errorf("failed to start SCRAM exchange with the server: %s", err.Error())
    1109. 

  1109. 	}
    1110. 

  1110. 

  1111. 	msg, err := scramClient.Step("")
    1112. 

  1112. 	if err != nil {
    1113. 

  1113. 		return fmt.Errorf("failed to advance the SCRAM exchange: %s", err.Error())
    1114. 

  1114. 

  1115. 	}
    1116. 

  1116. 

  1117. 	for !scramClient.Done() {
    1118. 

  1118. 		requestTime := time.Now()
    1119. 

  1119. 		correlationID := b.correlationID
    1120. 

  1120. 		bytesWritten, err := b.sendSaslAuthenticateRequest(correlationID, []byte(msg))
    1121. 

  1121. 		if err != nil {
    1122. 

  1122. 			Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())
    1123. 

  1123. 			return err
    1124. 

  1124. 		}
    1125. 

  1125. 

  1126. 		b.updateOutgoingCommunicationMetrics(bytesWritten)
    1127. 

  1127. 		b.correlationID++
    1128. 

  1128. 		challenge, err := b.receiveSaslAuthenticateResponse(correlationID)
    1129. 

  1129. 		if err != nil {
    1130. 

  1130. 			Logger.Printf("Failed to read response while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())
    1131. 

  1131. 			return err
    1132. 

  1132. 		}
    1133. 

  1133. 

  1134. 		b.updateIncomingCommunicationMetrics(len(challenge), time.Since(requestTime))
    1135. 

  1135. 		msg, err = scramClient.Step(string(challenge))
    1136. 

  1136. 		if err != nil {
    1137. 

  1137. 			Logger.Println("SASL authentication failed", err)
    1138. 

  1138. 			return err
    1139. 

  1139. 		}
    1140. 

  1140. 	}
    1141. 

  1141. 

  1142. 	Logger.Println("SASL authentication succeeded")
    1143. 

  1143. 	return nil
    1144. 

  1144. }
    1145. 

  1145. 

  1146. func (b *Broker) sendSaslAuthenticateRequest(correlationID int32, msg []byte) (int, error) {
    1147. 

  1147. 	rb := &SaslAuthenticateRequest{msg}
    1148. 

  1148. 	req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}
    1149. 

  1149. 	buf, err := encode(req, b.conf.MetricRegistry)
    1150. 

  1150. 	if err != nil {
    1151. 

  1151. 		return 0, err
    1152. 

  1152. 	}
    1153. 

  1153. 

  1154. 	if err := b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout)); err != nil {
    1155. 

  1155. 		return 0, err
    1156. 

  1156. 	}
    1157. 

  1157. 

  1158. 	return b.conn.Write(buf)
    1159. 

  1159. }
    1160. 

  1160. 

  1161. func (b *Broker) receiveSaslAuthenticateResponse(correlationID int32) ([]byte, error) {
    1162. 

  1162. 	buf := make([]byte, responseLengthSize+correlationIDSize)
    1163. 

  1163. 	_, err := io.ReadFull(b.conn, buf)
    1164. 

  1164. 	if err != nil {
    1165. 

  1165. 		return nil, err
    1166. 

  1166. 	}
    1167. 

  1167. 

  1168. 	header := responseHeader{}
    1169. 

  1169. 	err = decode(buf, &header)
    1170. 

  1170. 	if err != nil {
    1171. 

  1171. 		return nil, err
    1172. 

  1172. 	}
    1173. 

  1173. 

  1174. 	if header.correlationID != correlationID {
    1175. 

  1175. 		return nil, fmt.Errorf("correlation ID didn't match, wanted %d, got %d", b.correlationID, header.correlationID)
    1176. 

  1176. 	}
    1177. 

  1177. 

  1178. 	buf = make([]byte, header.length-correlationIDSize)
    1179. 

  1179. 	_, err = io.ReadFull(b.conn, buf)
    1180. 

  1180. 	if err != nil {
    1181. 

  1181. 		return nil, err
    1182. 

  1182. 	}
    1183. 

  1183. 

  1184. 	res := &SaslAuthenticateResponse{}
    1185. 

  1185. 	if err := versionedDecode(buf, res, 0); err != nil {
    1186. 

  1186. 		return nil, err
    1187. 

  1187. 	}
    1188. 

  1188. 	if res.Err != ErrNoError {
    1189. 

  1189. 		return nil, res.Err
    1190. 

  1190. 	}
    1191. 

  1191. 	return res.SaslAuthBytes, nil
    1192. 

  1192. }
    1193. 

  1193. 

  1194. // Build SASL/OAUTHBEARER initial client response as described by RFC-7628
    1195. 

  1195. // https://tools.ietf.org/html/rfc7628
    1196. 

  1196. func buildClientFirstMessage(token *AccessToken) ([]byte, error) {
    1197. 

  1197. 	var ext string
    1198. 

  1198. 

  1199. 	if token.Extensions != nil && len(token.Extensions) > 0 {
    1200. 

  1200. 		if _, ok := token.Extensions[SASLExtKeyAuth]; ok {
    1201. 

  1201. 			return []byte{}, fmt.Errorf("the extension `%s` is invalid", SASLExtKeyAuth)
    1202. 

  1202. 		}
    1203. 

  1203. 		ext = "\x01" + mapToString(token.Extensions, "=", "\x01")
    1204. 

  1204. 	}
    1205. 

  1205. 

  1206. 	resp := []byte(fmt.Sprintf("n,,\x01auth=Bearer %s%s\x01\x01", token.Token, ext))
    1207. 

  1207. 

  1208. 	return resp, nil
    1209. 

  1209. }
    1210. 

  1210. 

  1211. // mapToString returns a list of key-value pairs ordered by key.
    1212. 

  1212. // keyValSep separates the key from the value. elemSep separates each pair.
    1213. 

  1213. func mapToString(extensions map[string]string, keyValSep string, elemSep string) string {
    1214. 

  1214. 	buf := make([]string, 0, len(extensions))
    1215. 

  1215. 

  1216. 	for k, v := range extensions {
    1217. 

  1217. 		buf = append(buf, k+keyValSep+v)
    1218. 

  1218. 	}
    1219. 

  1219. 

  1220. 	sort.Strings(buf)
    1221. 

  1221. 

  1222. 	return strings.Join(buf, elemSep)
    1223. 

  1223. }
    1224. 

  1224. 

  1225. func (b *Broker) sendSASLPlainAuthClientResponse(correlationID int32) (int, error) {
    1226. 

  1226. 	authBytes := []byte("\x00" + b.conf.Net.SASL.User + "\x00" + b.conf.Net.SASL.Password)
    1227. 

  1227. 	rb := &SaslAuthenticateRequest{authBytes}
    1228. 

  1228. 	req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}
    1229. 

  1229. 	buf, err := encode(req, b.conf.MetricRegistry)
    1230. 

  1230. 	if err != nil {
    1231. 

  1231. 		return 0, err
    1232. 

  1232. 	}
    1233. 

  1233. 

  1234. 	err = b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout))
    1235. 

  1235. 	if err != nil {
    1236. 

  1236. 		Logger.Printf("Failed to set write deadline when doing SASL auth with broker %s: %s\n", b.addr, err.Error())
    1237. 

  1237. 		return 0, err
    1238. 

  1238. 	}
    1239. 

  1239. 	return b.conn.Write(buf)
    1240. 

  1240. }
    1241. 

  1241. 

  1242. func (b *Broker) sendSASLOAuthBearerClientMessage(initialResp []byte, correlationID int32) (int, error) {
    1243. 

  1243. 

  1244. 	rb := &SaslAuthenticateRequest{initialResp}
    1245. 

  1245. 

  1246. 	req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}
    1247. 

  1247. 

  1248. 	buf, err := encode(req, b.conf.MetricRegistry)
    1249. 

  1249. 	if err != nil {
    1250. 

  1250. 		return 0, err
    1251. 

  1251. 	}
    1252. 

  1252. 

  1253. 	if err := b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout)); err != nil {
    1254. 

  1254. 		return 0, err
    1255. 

  1255. 	}
    1256. 

  1256. 

  1257. 	return b.conn.Write(buf)
    1258. 

  1258. }
    1259. 

  1259. 

  1260. func (b *Broker) receiveSASLServerResponse(res *SaslAuthenticateResponse, correlationID int32) (int, error) {
    1261. 

  1261. 

  1262. 	buf := make([]byte, responseLengthSize+correlationIDSize)
    1263. 

  1263. 

  1264. 	bytesRead, err := io.ReadFull(b.conn, buf)
    1265. 

  1265. 	if err != nil {
    1266. 

  1266. 		return bytesRead, err
    1267. 

  1267. 	}
    1268. 

  1268. 

  1269. 	header := responseHeader{}
    1270. 

  1270. 

  1271. 	err = decode(buf, &header)
    1272. 

  1272. 	if err != nil {
    1273. 

  1273. 		return bytesRead, err
    1274. 

  1274. 	}
    1275. 

  1275. 

  1276. 	if header.correlationID != correlationID {
    1277. 

  1277. 		return bytesRead, fmt.Errorf("correlation ID didn't match, wanted %d, got %d", b.correlationID, header.correlationID)
    1278. 

  1278. 	}
    1279. 

  1279. 

  1280. 	buf = make([]byte, header.length-correlationIDSize)
    1281. 

  1281. 

  1282. 	c, err := io.ReadFull(b.conn, buf)
    1283. 

  1283. 	bytesRead += c
    1284. 

  1284. 	if err != nil {
    1285. 

  1285. 		return bytesRead, err
    1286. 

  1286. 	}
    1287. 

  1287. 

  1288. 	if err := versionedDecode(buf, res, 0); err != nil {
    1289. 

  1289. 		return bytesRead, err
    1290. 

  1290. 	}
    1291. 

  1291. 

  1292. 	if res.Err != ErrNoError {
    1293. 

  1293. 		return bytesRead, res.Err
    1294. 

  1294. 	}
    1295. 

  1295. 

  1296. 	return bytesRead, nil
    1297. 

  1297. }
    1298. 

  1298. 

  1299. func (b *Broker) updateIncomingCommunicationMetrics(bytes int, requestLatency time.Duration) {
    1300. 

  1300. 	b.updateRequestLatencyMetrics(requestLatency)
    1301. 

  1301. 	b.responseRate.Mark(1)
    1302. 

  1302. 

  1303. 	if b.brokerResponseRate != nil {
    1304. 

  1304. 		b.brokerResponseRate.Mark(1)
    1305. 

  1305. 	}
    1306. 

  1306. 

  1307. 	responseSize := int64(bytes)
    1308. 

  1308. 	b.incomingByteRate.Mark(responseSize)
    1309. 

  1309. 	if b.brokerIncomingByteRate != nil {
    1310. 

  1310. 		b.brokerIncomingByteRate.Mark(responseSize)
    1311. 

  1311. 	}
    1312. 

  1312. 

  1313. 	b.responseSize.Update(responseSize)
    1314. 

  1314. 	if b.brokerResponseSize != nil {
    1315. 

  1315. 		b.brokerResponseSize.Update(responseSize)
    1316. 

  1316. 	}
    1317. 

  1317. }
    1318. 

  1318. 

  1319. func (b *Broker) updateRequestLatencyMetrics(requestLatency time.Duration) {
    1320. 

  1320. 	requestLatencyInMs := int64(requestLatency / time.Millisecond)
    1321. 

  1321. 	b.requestLatency.Update(requestLatencyInMs)
    1322. 

  1322. 

  1323. 	if b.brokerRequestLatency != nil {
    1324. 

  1324. 		b.brokerRequestLatency.Update(requestLatencyInMs)
    1325. 

  1325. 	}
    1326. 

  1326. 

  1327. }
    1328. 

  1328. 

  1329. func (b *Broker) updateOutgoingCommunicationMetrics(bytes int) {
    1330. 

  1330. 	b.requestRate.Mark(1)
    1331. 

  1331. 	if b.brokerRequestRate != nil {
    1332. 

  1332. 		b.brokerRequestRate.Mark(1)
    1333. 

  1333. 	}
    1334. 

  1334. 

  1335. 	requestSize := int64(bytes)
    1336. 

  1336. 	b.outgoingByteRate.Mark(requestSize)
    1337. 

  1337. 	if b.brokerOutgoingByteRate != nil {
    1338. 

  1338. 		b.brokerOutgoingByteRate.Mark(requestSize)
    1339. 

  1339. 	}
    1340. 

  1340. 

  1341. 	b.requestSize.Update(requestSize)
    1342. 

  1342. 	if b.brokerRequestSize != nil {
    1343. 

  1343. 		b.brokerRequestSize.Update(requestSize)
    1344. 

  1344. 	}
    1345. 

  1345. 

  1346. }
    1347. 

  1347. 

  1348. func (b *Broker) registerMetrics() {
    1349. 

  1349. 	b.brokerIncomingByteRate = b.registerMeter("incoming-byte-rate")
    1350. 

  1350. 	b.brokerRequestRate = b.registerMeter("request-rate")
    1351. 

  1351. 	b.brokerRequestSize = b.registerHistogram("request-size")
    1352. 

  1352. 	b.brokerRequestLatency = b.registerHistogram("request-latency-in-ms")
    1353. 

  1353. 	b.brokerOutgoingByteRate = b.registerMeter("outgoing-byte-rate")
    1354. 

  1354. 	b.brokerResponseRate = b.registerMeter("response-rate")
    1355. 

  1355. 	b.brokerResponseSize = b.registerHistogram("response-size")
    1356. 

  1356. }
    1357. 

  1357. 

  1358. func (b *Broker) unregisterMetrics() {
    1359. 

  1359. 	for _, name := range b.registeredMetrics {
    1360. 

  1360. 		b.conf.MetricRegistry.Unregister(name)
    1361. 

  1361. 	}
    1362. 

  1362. }
    1363. 

  1363. 

  1364. func (b *Broker) registerMeter(name string) metrics.Meter {
    1365. 

  1365. 	nameForBroker := getMetricNameForBroker(name, b)
    1366. 

  1366. 	b.registeredMetrics = append(b.registeredMetrics, nameForBroker)
    1367. 

  1367. 	return metrics.GetOrRegisterMeter(nameForBroker, b.conf.MetricRegistry)
    1368. 

  1368. }
    1369. 

  1369. 

  1370. func (b *Broker) registerHistogram(name string) metrics.Histogram {
    1371. 

  1371. 	nameForBroker := getMetricNameForBroker(name, b)
    1372. 

  1372. 	b.registeredMetrics = append(b.registeredMetrics, nameForBroker)
    1373. 

  1373. 	return getOrRegisterHistogram(nameForBroker, b.conf.MetricRegistry)
    1374. 

  1374. }
    1375.