Add kafka SASL version control to kafka_consumer (#6350)

2020-01-02 16:27:26 -08:00
parent 1edb73916f
commit 2486006495
7 changed files with 137 additions and 7 deletions
--- a/plugins/outputs/kafka/README.md
+++ b/plugins/outputs/kafka/README.md
@@ -96,6 +96,9 @@ This plugin writes to a [Kafka Broker](http://kafka.apache.org/07/quickstart.htm
  # sasl_username = "kafka"
  # sasl_password = "secret"

+  ## SASL protocol version.  When connecting to Azure EventHub set to 0.
+  # sasl_version = 1
+
  ## Data format to output.
  ## Each data format has its own unique set of configuration options, read
  ## more about them here:
--- a/plugins/outputs/kafka/kafka.go
+++ b/plugins/outputs/kafka/kafka.go
@@ -10,6 +10,7 @@ import (
 	"github.com/gofrs/uuid"
 	"github.com/influxdata/telegraf"
 	tlsint "github.com/influxdata/telegraf/internal/tls"
+	"github.com/influxdata/telegraf/plugins/common/kafka"
 	"github.com/influxdata/telegraf/plugins/outputs"
 	"github.com/influxdata/telegraf/plugins/serializers"
 )
@@ -43,12 +44,12 @@ type (
 		// TLS certificate authority
 		CA string

+		EnableTLS *bool `toml:"enable_tls"`
 		tlsint.ClientConfig

-		// SASL Username
 		SASLUsername string `toml:"sasl_username"`
-		// SASL Password
 		SASLPassword string `toml:"sasl_password"`
+		SASLVersion  *int   `toml:"sasl_version"`

 		Log telegraf.Logger `toml:"-"`

@@ -170,6 +171,7 @@ var sampleConfig = `
  # max_message_bytes = 1000000

  ## Optional TLS Config
+  # enable_tls = true
  # tls_ca = "/etc/telegraf/ca.pem"
  # tls_cert = "/etc/telegraf/cert.pem"
  # tls_key = "/etc/telegraf/key.pem"
@@ -180,6 +182,9 @@ var sampleConfig = `
  # sasl_username = "kafka"
  # sasl_password = "secret"

+  ## SASL protocol version.  When connecting to Azure EventHub set to 0.
+  # sasl_version = 1
+
  ## Data format to output.
  ## Each data format has its own unique set of configuration options, read
  ## more about them here:
@@ -258,6 +263,10 @@ func (k *Kafka) Connect() error {
 		k.TLSKey = k.Key
 	}

+	if k.EnableTLS != nil && *k.EnableTLS {
+		config.Net.TLS.Enable = true
+	}
+
 	tlsConfig, err := k.ClientConfig.TLSConfig()
 	if err != nil {
 		return err
@@ -265,13 +274,25 @@ func (k *Kafka) Connect() error {

 	if tlsConfig != nil {
 		config.Net.TLS.Config = tlsConfig
-		config.Net.TLS.Enable = true
+
+		// To maintain backwards compatibility, if the enable_tls option is not
+		// set TLS is enabled if a non-default TLS config is used.
+		if k.EnableTLS == nil {
+			k.Log.Warnf("Use of deprecated configuration: enable_tls should be set when using TLS")
+			config.Net.TLS.Enable = true
+		}
 	}

 	if k.SASLUsername != "" && k.SASLPassword != "" {
 		config.Net.SASL.User = k.SASLUsername
 		config.Net.SASL.Password = k.SASLPassword
 		config.Net.SASL.Enable = true
+
+		version, err := kafka.SASLVersion(config.Version, k.SASLVersion)
+		if err != nil {
+			return err
+		}
+		config.Net.SASL.Version = version
 	}

 	producer, err := sarama.NewSyncProducer(k.Brokers, config)