如何解决在 librdkafka 中设置 OAUTHBEARER 令牌
我正在尝试编译一个简单的客户端以使用 SSL 和 SASL/OAUTHBEARER 连接到 kafka 服务器。
到目前为止,我尝试过的代码基于 consumer.c
中的 librdkafka
示例。整个修改后的代码如下:
/*
* librdkafka - Apache Kafka C library
*
* copyright (c) 2019,Magnus Edenhill
* All rights reserved.
*
* Redistribution and use in source and binary forms,with or without
* modification,are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE copYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES,INCLUDING,BUT NOT LIMITED TO,THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND fitness FOR A PARTIculaR PURPOSE
* ARE disCLaimED. IN NO EVENT SHALL THE copYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT,INDIRECT,INCIDENTAL,SPECIAL,EXEMPLARY,OR
* CONSEQUENTIAL damAGES (INCLUDING,PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,DATA,OR PROFITS; OR BUSInesS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,WHETHER IN
* CONTRACT,STRICT LIABILITY,OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH damAGE.
*/
/**
* Simple high-level balanced Apache Kafka consumer
* using the Kafka driver from librdkafka
* (https://github.com/edenhill/librdkafka)
*/
#include <stdio.h>
#include <signal.h>
#include <string.h>
#include <ctype.h>
/* Typical include path would be <librdkafka/rdkafka.h>,but this program
* is builtin from within the librdkafka source tree and thus differs. */
#include <librdkafka/rdkafka.h>
/*#include "rdkafka.h"*/
static volatile sig_atomic_t run = 1;
/**
* @brief Signal termination of program
*/
static void stop (int sig) {
run = 0;
}
/**
* @returns 1 if all bytes are printable,else 0.
*/
static int is_printable (const char *buf,size_t size) {
size_t i;
for (i = 0 ; i < size ; i++)
if (!isprint((int)buf[i]))
return 0;
return 1;
}
int main (int argc,char **argv) {
rd_kafka_t *rk; /* Consumer instance handle */
rd_kafka_conf_t *conf; /* Temporary configuration object */
rd_kafka_resp_err_t err; /* librdkafka API error code */
char errstr[512]; /* librdkafka API error reporting buffer */
const char *brokers; /* Argument: broker list */
const char *groupid; /* Argument: Consumer group id */
char **topics; /* Argument: list of topics to subscribe to */
int topic_cnt; /* Number of topics to subscribe to */
rd_kafka_topic_partition_list_t *subscription; /* Subscribed topics */
int i;
/*
* Argument validation
*/
if (argc < 4) {
fprintf(stderr,"%% Usage: "
"%s <broker> <group.id> <topic1> <topic2>..\n",argv[0]);
return 1;
}
brokers = argv[1];
groupid = argv[2];
topics = &argv[3];
topic_cnt = argc - 3;
/*
* Create Kafka client configuration place-holder
*/
conf = rd_kafka_conf_new();
/* Set bootstrap broker(s) as a comma-separated list of
* host or host:port (default port 9092).
* librdkafka will use the bootstrap brokers to acquire the full
* set of brokers from the cluster. */
if (rd_kafka_conf_set(conf,"bootstrap.servers",brokers,errstr,sizeof(errstr)) != RD_KAFKA_CONF_OK) {
fprintf(stderr,"%s\n",errstr);
rd_kafka_conf_destroy(conf);
return 1;
}
/* Set the consumer group id.
* All consumers sharing the same group id will join the same
* group,and the subscribed topic' partitions will be assigned
* according to the partition.assignment.strategy
* (consumer config property) to the consumers in the group. */
if (rd_kafka_conf_set(conf,"group.id",groupid,errstr);
rd_kafka_conf_destroy(conf);
return 1;
}
/* If there is no prevIoUsly committed offset for a partition
* the auto.offset.reset strategy will be used to decide where
* in the partition to start fetching messages.
* By setting this to earliest the consumer will read all messages
* in the partition if there was no prevIoUsly committed offset. */
if (rd_kafka_conf_set(conf,"auto.offset.reset","earliest",errstr);
rd_kafka_conf_destroy(conf);
return 1;
}
/* Configure SASL OAUTH2 AND SSL */
if (rd_kafka_conf_set(conf,"security.protocol","SASL_SSL",errstr);
rd_kafka_conf_destroy(conf);
return 1;
}
if (rd_kafka_conf_set(conf,"ssl.client.auth","none","sasl.mechanism","OAUTHBEARER",errstr);
rd_kafka_conf_destroy(conf);
return 1;
}
/* Enable DEBUG */
if (rd_kafka_conf_set(conf,"debug","ALL",errstr);
rd_kafka_conf_destroy(conf);
return 1;
}
/* SET TOKEN */
PSEUDOCODE -> oauthbearer_set_token(token,timeout???);
/*
* Create consumer instance.
*
* NOTE: rd_kafka_new() takes ownership of the conf object
* and the application must not reference it again after
* this call.
*/
rk = rd_kafka_new(RD_KAFKA_CONSUMER,conf,sizeof(errstr));
if (!rk) {
fprintf(stderr,"%% Failed to create new consumer: %s\n",errstr);
return 1;
}
conf = NULL; /* Configuration object is Now owned,and freed,* by the rd_kafka_t instance. */
/* Redirect all messages from per-partition queues to
* the main queue so that messages can be consumed with one
* call from all assigned partitions.
*
* The alternative is to poll the main queue (for events)
* and each partition queue separately,which requires setting
* up a rebalance callback and keeping track of the assignment:
* but that is more complex and typically not recommended. */
rd_kafka_poll_set_consumer(rk);
/* Convert the list of topics to a format suitable for librdkafka */
subscription = rd_kafka_topic_partition_list_new(topic_cnt);
for (i = 0 ; i < topic_cnt ; i++)
rd_kafka_topic_partition_list_add(subscription,topics[i],/* the partition is ignored
* by subscribe() */
RD_KAFKA_PARTITION_UA);
/* Subscribe to the list of topics */
err = rd_kafka_subscribe(rk,subscription);
if (err) {
fprintf(stderr,"%% Failed to subscribe to %d topics: %s\n",subscription->cnt,rd_kafka_err2str(err));
rd_kafka_topic_partition_list_destroy(subscription);
rd_kafka_destroy(rk);
return 1;
}
fprintf(stderr,"%% Subscribed to %d topic(s),"
"waiting for rebalance and messages...\n",subscription->cnt);
rd_kafka_topic_partition_list_destroy(subscription);
/* Signal handler for clean shutdown */
signal(SIGINT,stop);
/* Subscribing to topics will trigger a group rebalance
* which may take some time to finish,but there is no need
* for the application to handle this idle period in a special way
* since a rebalance may happen at any time.
* Start polling for messages. */
while (run) {
rd_kafka_message_t *rkm;
rkm = rd_kafka_consumer_poll(rk,100);
if (!rkm)
continue; /* Timeout: no message within 100ms,* try again. This short timeout allows
* checking for `run` at frequent intervals.
*/
/* consumer_poll() will return either a proper message
* or a consumer error (rkm->err is set). */
if (rkm->err) {
/* Consumer errors are generally to be considered
* informational as the consumer will automatically
* try to recover from all types of errors. */
fprintf(stderr,"%% Consumer error: %s\n",rd_kafka_message_errstr(rkm));
rd_kafka_message_destroy(rkm);
continue;
}
/* Proper message. */
printf("Message on %s [%"PRId32"] at offset %"PRId64":\n",rd_kafka_topic_name(rkm->rkt),rkm->partition,rkm->offset);
/* Print the message key. */
if (rkm->key && is_printable(rkm->key,rkm->key_len))
printf(" Key: %.*s\n",(int)rkm->key_len,(const char *)rkm->key);
else if (rkm->key)
printf(" Key: (%d bytes)\n",(int)rkm->key_len);
/* Print the message value/payload. */
if (rkm->payload && is_printable(rkm->payload,rkm->len))
printf(" Value: %.*s\n",(int)rkm->len,(const char *)rkm->payload);
else if (rkm->payload)
printf(" Value: (%d bytes)\n",(int)rkm->len);
rd_kafka_message_destroy(rkm);
}
/* Close the consumer: commit final offsets and leave the group. */
fprintf(stderr,"%% Closing consumer\n");
rd_kafka_consumer_close(rk);
/* Destroy the consumer */
rd_kafka_destroy(rk);
return 0;
}
特别是,这是我添加到 consumer.c
中的 librdkafka
示例的代码:
/* Configure SASL OAUTH2 AND SSL */
if (rd_kafka_conf_set(conf,timeout???);
我设法在这里看到:https://github.com/edenhill/librdkafka/issues/3017 必须设置 oauthbearer_set_token
(甚至在设置任何回调之前,因为令牌至少在第一次连接时会持续一段时间,我的理解是不需要回调 - 我正在寻找一个基本的“hello world”客户端 -)。
现在,如果我的令牌是这样的:
{'access_token': 'ZzdfZmUybHdBc...fje77fx8A','expires_in': 604800,'refresh_expires_in': 32140800,'refresh_token': 'Ni05MDNhLTRhMmQtYWI.....8PB5HnQ4Udy','token_type': 'bearer','not-before-policy': 0,'session_state': '26...72','scope': ['email','profile'],'expires_at': 1611941321.8914535}
我的理解是,我将使用“ZzdfZmUybHdBc...fje77fx8A”作为令牌,它在从 OAUTH2 基础设施收到令牌后大约 604800 秒后到期。
我应该如何将这些值具体转换为 oauthbearer_set_token
?
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。