-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
collector-kafka: authenticate with Event Hubs using OAuth2 via MSI (c…
…lose #401)
- Loading branch information
Showing
6 changed files
with
138 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
...wanalytics.snowplow.collectors.scalastream/sinks/AzureAuthenticationCallbackHandler.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
/** | ||
* Copyright (c) 2013-present Snowplow Analytics Ltd. | ||
* All rights reserved. | ||
* | ||
* This software is made available by Snowplow Analytics, Ltd., | ||
* under the terms of the Snowplow Limited Use License Agreement, Version 1.0 | ||
* located at https://docs.snowplow.io/limited-use-license-1.0 | ||
* BY INSTALLING, DOWNLOADING, ACCESSING, USING OR DISTRIBUTING ANY PORTION | ||
* OF THE SOFTWARE, YOU AGREE TO THE TERMS OF SUCH LICENSE AGREEMENT. | ||
*/ | ||
package com.snowplowanalytics.snowplow.collectors.scalastream | ||
package sinks | ||
|
||
import java.net.URI | ||
import java.{lang, util} | ||
|
||
import javax.security.auth.callback.Callback | ||
import javax.security.auth.callback.UnsupportedCallbackException | ||
import javax.security.auth.login.AppConfigurationEntry | ||
|
||
import org.apache.kafka.clients.producer.ProducerConfig | ||
import org.apache.kafka.common.security.auth.AuthenticateCallbackHandler | ||
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken | ||
import org.apache.kafka.common.security.oauthbearer.OAuthBearerTokenCallback | ||
|
||
import com.microsoft.azure.credentials.MSICredentials | ||
|
||
import com.nimbusds.jwt.JWTParser | ||
|
||
class AzureAuthenticationCallbackHandler extends AuthenticateCallbackHandler { | ||
|
||
val credentials: MSICredentials = { | ||
val clientId = sys.env.get("AZURE_CLIENT_ID_FOR_EVENT_HUB").orElse(sys.env.get("AZURE_CLIENT_ID")) | ||
val creds = new MSICredentials() | ||
clientId.map(creds.withClientId).getOrElse(creds) | ||
} | ||
|
||
var sbUri: String = "" | ||
|
||
override def configure( | ||
configs: util.Map[String, _], | ||
saslMechanism: String, | ||
jaasConfigEntries: util.List[AppConfigurationEntry] | ||
): Unit = { | ||
val bootstrapServer = | ||
configs | ||
.get(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG) | ||
.toString | ||
.replaceAll("\\[|\\]", "") | ||
.split(",") | ||
.toList | ||
.headOption match { | ||
case Some(s) => s | ||
case None => throw new Exception("Empty bootstrap servers list") | ||
} | ||
val uri = URI.create("https://" + bootstrapServer) | ||
this.sbUri = uri.getScheme + "://" + uri.getHost | ||
} | ||
|
||
override def handle(callbacks: Array[Callback]): Unit = | ||
callbacks.foreach { | ||
case callback: OAuthBearerTokenCallback => | ||
val token = getOAuthBearerToken() | ||
callback.token(token) | ||
case callback => throw new UnsupportedCallbackException(callback) | ||
} | ||
|
||
def getOAuthBearerToken(): OAuthBearerToken = { | ||
val accessToken = credentials.getToken(sbUri) | ||
val jwt = JWTParser.parse(accessToken) | ||
val claims = jwt.getJWTClaimsSet | ||
|
||
new OAuthBearerToken { | ||
override def value(): String = accessToken | ||
|
||
override def lifetimeMs(): Long = claims.getExpirationTime.getTime | ||
|
||
override def scope(): util.Set[String] = null | ||
|
||
override def principalName(): String = null | ||
|
||
override def startTimeMs(): lang.Long = null | ||
} | ||
} | ||
|
||
override def close(): Unit = () | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters