github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/clients/pkg/promtail/targets/kafka/authentication.go (about) 1 package kafka 2 3 import ( 4 "crypto/sha256" 5 "crypto/sha512" 6 "crypto/tls" 7 "crypto/x509" 8 "os" 9 10 promconfig "github.com/prometheus/common/config" 11 "github.com/xdg-go/scram" 12 ) 13 14 func createTLSConfig(cfg promconfig.TLSConfig) (*tls.Config, error) { 15 tc := &tls.Config{ 16 InsecureSkipVerify: cfg.InsecureSkipVerify, 17 ServerName: cfg.ServerName, 18 } 19 // load ca cert 20 if len(cfg.CAFile) > 0 { 21 caCert, err := os.ReadFile(cfg.CAFile) 22 if err != nil { 23 return nil, err 24 } 25 caCertPool := x509.NewCertPool() 26 caCertPool.AppendCertsFromPEM(caCert) 27 tc.RootCAs = caCertPool 28 } 29 // load client cert 30 if len(cfg.CertFile) > 0 && len(cfg.KeyFile) > 0 { 31 cert, err := tls.LoadX509KeyPair(cfg.CertFile, cfg.KeyFile) 32 if err != nil { 33 return nil, err 34 } 35 tc.Certificates = []tls.Certificate{cert} 36 } 37 return tc, nil 38 } 39 40 // copied from https://github.com/Shopify/sarama/blob/44627b731c60bb90efe25573e7ef2b3f8df3fa23/examples/sasl_scram_client/scram_client.go 41 var ( 42 SHA256 scram.HashGeneratorFcn = sha256.New 43 SHA512 scram.HashGeneratorFcn = sha512.New 44 ) 45 46 // XDGSCRAMClient implements sarama.SCRAMClient 47 type XDGSCRAMClient struct { 48 *scram.Client 49 *scram.ClientConversation 50 scram.HashGeneratorFcn 51 } 52 53 func (x *XDGSCRAMClient) Begin(userName, password, authzID string) (err error) { 54 x.Client, err = x.HashGeneratorFcn.NewClient(userName, password, authzID) 55 if err != nil { 56 return err 57 } 58 x.ClientConversation = x.Client.NewConversation() 59 return nil 60 } 61 62 func (x *XDGSCRAMClient) Step(challenge string) (response string, err error) { 63 response, err = x.ClientConversation.Step(challenge) 64 return 65 } 66 67 func (x *XDGSCRAMClient) Done() bool { 68 return x.ClientConversation.Done() 69 }