goflow2 icon indicating copy to clipboard operation
goflow2 copied to clipboard
verified publisher icon netsampler

SASL/SCRAM authentication for Kafka

Open Packetslave opened this issue 3 years ago • 1 comments

Amazon Managed Service for Kafka (MSK) does not support SASL/PLAIN authentication, even over TSL. However, it does support SASL/SCRAM.

[2022-09-12 03:44:30,722] INFO [SocketServer brokerId=2] Failed authentication with ip-10-10-101-111.us-west-2.compute.internal/INTERNAL_IP (Unsupported SASL mechanism PLAIN) (org.apache.kafka.common.network.Selector)

For our use case (distributed goflow2 agents sending flows to regional MSK deployments), we need goflow2 to be able to support SCRAM. Fortunately, it looks like Sarama already supports it, so this should (hopefully) be straightforward. See example code from the Sarama repository.

I'm happy to take a crack at adding this to goflow2, if it's something you think it valuable.

Packetslave avatar Sep 12 '22 03:09 Packetslave

Working implementation in https://github.com/netsampler/goflow2/pull/121

Packetslave avatar Sep 12 '22 05:09 Packetslave

Merged #121

lspgn avatar Oct 08 '22 22:10 lspgn