librdkafka icon indicating copy to clipboard operation
librdkafka copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Adds callback to obtain SASL PLAIN credentials

Open josvisser66 opened this issue 3 years ago • 0 comments

This PR adds a callback for obtaining the SASL PLAIN username and password. The use case here is to support changing the credentials to be used for a Kafka cluster without bouncing the Kafka client (e.g. in the case of credential rotating).

The user can set a credentials callback using the new API function rd_kafka_conf_set_plain_creds_cb. That callback will be called by the SASL implementation whenever it needs a SASL username, password, or both. The SASL provider does not cache the provided credentials as this would defeat the purpose.

Trivial and not terribly correct example:

int sasl_creds_cb(rd_kafka_t *rk,
                  char *username,
                  int username_size,
                  char *password,
                  int password_size) {
    if (username) {
        strcpy(username, kUsername);
    }
    if (password) {
        strcpy(password, kPassword);
    }
    return 0;
}

...
    conf = rd_kafka_conf_new();
    /* Do not set sasl.username and sasl.password */
    rd_kafka_conf_set_plain_creds_cb(conf, sasl_creds_cb);

josvisser66 avatar Aug 26 '22 20:08 josvisser66