Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add AWS plugin for AWS MSK's IAM access control #1

Merged
merged 6 commits into from
Aug 7, 2024
Merged

add AWS plugin for AWS MSK's IAM access control #1

merged 6 commits into from
Aug 7, 2024

Conversation

KeisukeYamashita
Copy link
Contributor

@KeisukeYamashita KeisukeYamashita commented Jul 30, 2024
edited
Loading

Description

Implemented a token provider plugin using IAM access control to enable access to MSK without static credentials such as passwords. With this implementation, users can execute kafkactl with IAM access control, eliminating the need to manage IDs and passwords.

Previously, as described in the issue below, operators and administrators had to enable SASL/SCRAM authentication or perform cumbersome operations due to kafkactl not supporting IAM access control for AWS MSK. This implementation simplifies the process and enhances security.

Fixes deviceinsight/kafkactl#152

I would like to update the deviceinsight/kafkactl documentation after this plugin gets approved and released.

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Documentation

  • the change is mentioned in the ## [Unreleased] section of <plugin>/CHANGELOG.md
  • the configuration options in <plugin>/README.adoc were updated

KeisukeYamashita
KeisukeYamashita commented Jul 30, 2024
View reviewed changes
aws/main.go
}
signedAt, err := time.Parse("20060102T150405Z", d)
if err != nil {
return false, fmt.Errorf("failed to parse the 'X-Amz-Date' param from signed url: %w", err)
Copy link
Contributor Author

@KeisukeYamashita KeisukeYamashita Jul 30, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note

Unlike ExpiresQueryKey, this string is not exposed.
Ref: aws/aws-msk-iam-sasl-signer-go#19

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👌

@KeisukeYamashita KeisukeYamashita mentioned this pull request Jul 30, 2024
Closed
@KeisukeYamashita
feat: impl aws plugin
a249228 
Signed-off-by: KeisukeYamashita <[email protected]>
@d-rk d-rk merged commit cfd2754 into deviceinsight:main Aug 7, 2024
4 checks passed
@d-rk
Copy link
Collaborator

d-rk commented Aug 7, 2024

@KeisukeYamashita thank you again for the PR. I added some smaller adjustments, but in general everything looked fine 💯

I will build a release for this, by the end of today hopefully.

@KeisukeYamashita KeisukeYamashita deleted the add-aws-plugin branch August 11, 2024 21:55
@KeisukeYamashita
Copy link
Contributor Author

@d-rk Sorry for the late reply 🙏 Thank you very much for your review and the release 🚀

@KeisukeYamashita KeisukeYamashita mentioned this pull request Aug 11, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@d-rk d-rk d-rk left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

KafkaCtl with AWS MSK and IAM auth
2 participants
@KeisukeYamashita @d-rk