Search in sources :

Example 1 with UnsupportedSaslMechanismException

use of org.apache.kafka.common.errors.UnsupportedSaslMechanismException in project kafka by apache.

the class KafkaAdminClient method alterUserScramCredentials.

@Override
public AlterUserScramCredentialsResult alterUserScramCredentials(List<UserScramCredentialAlteration> alterations, AlterUserScramCredentialsOptions options) {
    final long now = time.milliseconds();
    final Map<String, KafkaFutureImpl<Void>> futures = new HashMap<>();
    for (UserScramCredentialAlteration alteration : alterations) {
        futures.put(alteration.user(), new KafkaFutureImpl<>());
    }
    final Map<String, Exception> userIllegalAlterationExceptions = new HashMap<>();
    // We need to keep track of users with deletions of an unknown SCRAM mechanism
    final String usernameMustNotBeEmptyMsg = "Username must not be empty";
    String passwordMustNotBeEmptyMsg = "Password must not be empty";
    final String unknownScramMechanismMsg = "Unknown SCRAM mechanism";
    alterations.stream().filter(a -> a instanceof UserScramCredentialDeletion).forEach(alteration -> {
        final String user = alteration.user();
        if (user == null || user.isEmpty()) {
            userIllegalAlterationExceptions.put(alteration.user(), new UnacceptableCredentialException(usernameMustNotBeEmptyMsg));
        } else {
            UserScramCredentialDeletion deletion = (UserScramCredentialDeletion) alteration;
            ScramMechanism mechanism = deletion.mechanism();
            if (mechanism == null || mechanism == ScramMechanism.UNKNOWN) {
                userIllegalAlterationExceptions.put(user, new UnsupportedSaslMechanismException(unknownScramMechanismMsg));
            }
        }
    });
    // Creating an upsertion may throw InvalidKeyException or NoSuchAlgorithmException,
    // so keep track of which users are affected by such a failure so we can fail all their alterations later
    final Map<String, Map<ScramMechanism, AlterUserScramCredentialsRequestData.ScramCredentialUpsertion>> userInsertions = new HashMap<>();
    alterations.stream().filter(a -> a instanceof UserScramCredentialUpsertion).filter(alteration -> !userIllegalAlterationExceptions.containsKey(alteration.user())).forEach(alteration -> {
        final String user = alteration.user();
        if (user == null || user.isEmpty()) {
            userIllegalAlterationExceptions.put(alteration.user(), new UnacceptableCredentialException(usernameMustNotBeEmptyMsg));
        } else {
            UserScramCredentialUpsertion upsertion = (UserScramCredentialUpsertion) alteration;
            try {
                byte[] password = upsertion.password();
                if (password == null || password.length == 0) {
                    userIllegalAlterationExceptions.put(user, new UnacceptableCredentialException(passwordMustNotBeEmptyMsg));
                } else {
                    ScramMechanism mechanism = upsertion.credentialInfo().mechanism();
                    if (mechanism == null || mechanism == ScramMechanism.UNKNOWN) {
                        userIllegalAlterationExceptions.put(user, new UnsupportedSaslMechanismException(unknownScramMechanismMsg));
                    } else {
                        userInsertions.putIfAbsent(user, new HashMap<>());
                        userInsertions.get(user).put(mechanism, getScramCredentialUpsertion(upsertion));
                    }
                }
            } catch (NoSuchAlgorithmException e) {
                // we might overwrite an exception from a previous alteration, but we don't really care
                // since we just need to mark this user as having at least one illegal alteration
                // and make an exception instance available for completing the corresponding future exceptionally
                userIllegalAlterationExceptions.put(user, new UnsupportedSaslMechanismException(unknownScramMechanismMsg));
            } catch (InvalidKeyException e) {
                // generally shouldn't happen since we deal with the empty password case above,
                // but we still need to catch/handle it
                userIllegalAlterationExceptions.put(user, new UnacceptableCredentialException(e.getMessage(), e));
            }
        }
    });
    // submit alterations only for users that do not have an illegal alteration as identified above
    Call call = new Call("alterUserScramCredentials", calcDeadlineMs(now, options.timeoutMs()), new ControllerNodeProvider()) {

        @Override
        public AlterUserScramCredentialsRequest.Builder createRequest(int timeoutMs) {
            return new AlterUserScramCredentialsRequest.Builder(new AlterUserScramCredentialsRequestData().setUpsertions(alterations.stream().filter(a -> a instanceof UserScramCredentialUpsertion).filter(a -> !userIllegalAlterationExceptions.containsKey(a.user())).map(a -> userInsertions.get(a.user()).get(((UserScramCredentialUpsertion) a).credentialInfo().mechanism())).collect(Collectors.toList())).setDeletions(alterations.stream().filter(a -> a instanceof UserScramCredentialDeletion).filter(a -> !userIllegalAlterationExceptions.containsKey(a.user())).map(d -> getScramCredentialDeletion((UserScramCredentialDeletion) d)).collect(Collectors.toList())));
        }

        @Override
        public void handleResponse(AbstractResponse abstractResponse) {
            AlterUserScramCredentialsResponse response = (AlterUserScramCredentialsResponse) abstractResponse;
            // Check for controller change
            for (Errors error : response.errorCounts().keySet()) {
                if (error == Errors.NOT_CONTROLLER) {
                    handleNotControllerError(error);
                }
            }
            /* Now that we have the results for the ones we sent,
                 * fail any users that have an illegal alteration as identified above.
                 * Be sure to do this after the NOT_CONTROLLER error check above
                 * so that all errors are consistent in that case.
                 */
            userIllegalAlterationExceptions.entrySet().stream().forEach(entry -> {
                futures.get(entry.getKey()).completeExceptionally(entry.getValue());
            });
            response.data().results().forEach(result -> {
                KafkaFutureImpl<Void> future = futures.get(result.user());
                if (future == null) {
                    log.warn("Server response mentioned unknown user {}", result.user());
                } else {
                    Errors error = Errors.forCode(result.errorCode());
                    if (error != Errors.NONE) {
                        future.completeExceptionally(error.exception(result.errorMessage()));
                    } else {
                        future.complete(null);
                    }
                }
            });
            completeUnrealizedFutures(futures.entrySet().stream(), user -> "The broker response did not contain a result for user " + user);
        }

        @Override
        void handleFailure(Throwable throwable) {
            completeAllExceptionally(futures.values(), throwable);
        }
    };
    runnable.call(call, now);
    return new AlterUserScramCredentialsResult(new HashMap<>(futures));
}
Also used : ListGroupsResponse(org.apache.kafka.common.requests.ListGroupsResponse) ThrottlingQuotaExceededException(org.apache.kafka.common.errors.ThrottlingQuotaExceededException) ListOffsetsRequest(org.apache.kafka.common.requests.ListOffsetsRequest) UserName(org.apache.kafka.common.message.DescribeUserScramCredentialsRequestData.UserName) ListPartitionReassignmentsTopics(org.apache.kafka.common.message.ListPartitionReassignmentsRequestData.ListPartitionReassignmentsTopics) ClientQuotaFilter(org.apache.kafka.common.quota.ClientQuotaFilter) KafkaException(org.apache.kafka.common.KafkaException) AppInfoParser(org.apache.kafka.common.utils.AppInfoParser) ClientUtils(org.apache.kafka.clients.ClientUtils) DescribeClientQuotasRequest(org.apache.kafka.common.requests.DescribeClientQuotasRequest) ListGroupsRequestData(org.apache.kafka.common.message.ListGroupsRequestData) AclCreationResult(org.apache.kafka.common.message.CreateAclsResponseData.AclCreationResult) Duration(java.time.Duration) Map(java.util.Map) TopicNameCollection(org.apache.kafka.common.TopicCollection.TopicNameCollection) UpdateFeaturesRequestData(org.apache.kafka.common.message.UpdateFeaturesRequestData) Utils.closeQuietly(org.apache.kafka.common.utils.Utils.closeQuietly) DeleteAclsFilter(org.apache.kafka.common.message.DeleteAclsRequestData.DeleteAclsFilter) CreateAclsRequest(org.apache.kafka.common.requests.CreateAclsRequest) DescribeConfigsRequestData(org.apache.kafka.common.message.DescribeConfigsRequestData) DescribableLogDirTopic(org.apache.kafka.common.message.DescribeLogDirsRequestData.DescribableLogDirTopic) CommonClientConfigs(org.apache.kafka.clients.CommonClientConfigs) Sensor(org.apache.kafka.common.metrics.Sensor) DescribeLogDirsResponseData(org.apache.kafka.common.message.DescribeLogDirsResponseData) ClientQuotaAlteration(org.apache.kafka.common.quota.ClientQuotaAlteration) AlterReplicaLogDirTopicResult(org.apache.kafka.common.message.AlterReplicaLogDirsResponseData.AlterReplicaLogDirTopicResult) DeleteTopicsRequestData(org.apache.kafka.common.message.DeleteTopicsRequestData) AlterReplicaLogDirsRequest(org.apache.kafka.common.requests.AlterReplicaLogDirsRequest) ListGroupsRequest(org.apache.kafka.common.requests.ListGroupsRequest) Metrics(org.apache.kafka.common.metrics.Metrics) Stream(java.util.stream.Stream) ListOffsetsTopicResponse(org.apache.kafka.common.message.ListOffsetsResponseData.ListOffsetsTopicResponse) Errors(org.apache.kafka.common.protocol.Errors) Node(org.apache.kafka.common.Node) UnknownTopicOrPartitionException(org.apache.kafka.common.errors.UnknownTopicOrPartitionException) UnacceptableCredentialException(org.apache.kafka.common.errors.UnacceptableCredentialException) AuthenticationException(org.apache.kafka.common.errors.AuthenticationException) DeleteTopicState(org.apache.kafka.common.message.DeleteTopicsRequestData.DeleteTopicState) SupportedFeatureKey(org.apache.kafka.common.message.ApiVersionsResponseData.SupportedFeatureKey) DeleteRecordsTopic(org.apache.kafka.common.message.DeleteRecordsRequestData.DeleteRecordsTopic) AbstractResponse(org.apache.kafka.common.requests.AbstractResponse) AlterUserScramCredentialsResponse(org.apache.kafka.common.requests.AlterUserScramCredentialsResponse) DescribeClusterResponse(org.apache.kafka.common.requests.DescribeClusterResponse) DelegationToken(org.apache.kafka.common.security.token.delegation.DelegationToken) ListOffsetsPartitionResponse(org.apache.kafka.common.message.ListOffsetsResponseData.ListOffsetsPartitionResponse) Supplier(java.util.function.Supplier) DescribeAclsResponse(org.apache.kafka.common.requests.DescribeAclsResponse) AlterReplicaLogDirsResponse(org.apache.kafka.common.requests.AlterReplicaLogDirsResponse) AlterConsumerGroupOffsetsHandler(org.apache.kafka.clients.admin.internals.AlterConsumerGroupOffsetsHandler) UpdateFeaturesRequest(org.apache.kafka.common.requests.UpdateFeaturesRequest) KafkaStorageException(org.apache.kafka.common.errors.KafkaStorageException) AlterPartitionReassignmentsRequest(org.apache.kafka.common.requests.AlterPartitionReassignmentsRequest) DeleteAclsMatchingAcl(org.apache.kafka.common.message.DeleteAclsResponseData.DeleteAclsMatchingAcl) DescribeLogDirsRequestData(org.apache.kafka.common.message.DescribeLogDirsRequestData) ApiVersions(org.apache.kafka.clients.ApiVersions) TopicMetadataAndConfig(org.apache.kafka.clients.admin.CreateTopicsResult.TopicMetadataAndConfig) IncrementalAlterConfigsRequest(org.apache.kafka.common.requests.IncrementalAlterConfigsRequest) AtomicLong(java.util.concurrent.atomic.AtomicLong) CreatableTopicCollection(org.apache.kafka.common.message.CreateTopicsRequestData.CreatableTopicCollection) ReassignableTopic(org.apache.kafka.common.message.AlterPartitionReassignmentsRequestData.ReassignableTopic) TreeMap(java.util.TreeMap) IncrementalAlterConfigsResponse(org.apache.kafka.common.requests.IncrementalAlterConfigsResponse) UpdatableFeatureResult(org.apache.kafka.common.message.UpdateFeaturesResponseData.UpdatableFeatureResult) CreatePartitionsAssignment(org.apache.kafka.common.message.CreatePartitionsRequestData.CreatePartitionsAssignment) ElectLeadersRequest(org.apache.kafka.common.requests.ElectLeadersRequest) FilterResults(org.apache.kafka.clients.admin.DeleteAclsResult.FilterResults) DescribeUserScramCredentialsResponse(org.apache.kafka.common.requests.DescribeUserScramCredentialsResponse) AdminApiFuture(org.apache.kafka.clients.admin.internals.AdminApiFuture) AbstractRequest(org.apache.kafka.common.requests.AbstractRequest) ChannelBuilder(org.apache.kafka.common.network.ChannelBuilder) MemberIdentity(org.apache.kafka.common.message.LeaveGroupRequestData.MemberIdentity) TokenInformation(org.apache.kafka.common.security.token.delegation.TokenInformation) CreateDelegationTokenRequestData(org.apache.kafka.common.message.CreateDelegationTokenRequestData) CreateAclsRequestData(org.apache.kafka.common.message.CreateAclsRequestData) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) KafkaClient(org.apache.kafka.clients.KafkaClient) DescribeLogDirsRequest(org.apache.kafka.common.requests.DescribeLogDirsRequest) DescribeConfigsResponseData(org.apache.kafka.common.message.DescribeConfigsResponseData) TopicIdCollection(org.apache.kafka.common.TopicCollection.TopicIdCollection) ListOffsetsTopic(org.apache.kafka.common.message.ListOffsetsRequestData.ListOffsetsTopic) TopicPartition(org.apache.kafka.common.TopicPartition) Time(org.apache.kafka.common.utils.Time) Collection(java.util.Collection) AlterReplicaLogDir(org.apache.kafka.common.message.AlterReplicaLogDirsRequestData.AlterReplicaLogDir) CreateAclsResponse(org.apache.kafka.common.requests.CreateAclsResponse) DescribeClusterRequest(org.apache.kafka.common.requests.DescribeClusterRequest) DescribeUserScramCredentialsResponseData(org.apache.kafka.common.message.DescribeUserScramCredentialsResponseData) Collectors(java.util.stream.Collectors) DescribeConfigsRequest(org.apache.kafka.common.requests.DescribeConfigsRequest) Objects(java.util.Objects) CreatePartitionsResponse(org.apache.kafka.common.requests.CreatePartitionsResponse) OffsetAndMetadata(org.apache.kafka.clients.consumer.OffsetAndMetadata) UnregisterBrokerRequestData(org.apache.kafka.common.message.UnregisterBrokerRequestData) AlterUserScramCredentialsRequest(org.apache.kafka.common.requests.AlterUserScramCredentialsRequest) RenewDelegationTokenRequestData(org.apache.kafka.common.message.RenewDelegationTokenRequestData) ExpireDelegationTokenRequest(org.apache.kafka.common.requests.ExpireDelegationTokenRequest) Uuid(org.apache.kafka.common.Uuid) DeleteTopicsRequest(org.apache.kafka.common.requests.DeleteTopicsRequest) ReassignablePartitionResponse(org.apache.kafka.common.message.AlterPartitionReassignmentsResponseData.ReassignablePartitionResponse) DeleteRecordsRequestData(org.apache.kafka.common.message.DeleteRecordsRequestData) FinalizedFeatureKey(org.apache.kafka.common.message.ApiVersionsResponseData.FinalizedFeatureKey) DeleteAclsResponse(org.apache.kafka.common.requests.DeleteAclsResponse) DeleteAclsFilterResult(org.apache.kafka.common.message.DeleteAclsResponseData.DeleteAclsFilterResult) AlterPartitionReassignmentsResponse(org.apache.kafka.common.requests.AlterPartitionReassignmentsResponse) DescribeConfigsResponse(org.apache.kafka.common.requests.DescribeConfigsResponse) Function(java.util.function.Function) UnknownServerException(org.apache.kafka.common.errors.UnknownServerException) DeleteRecordsResponseData(org.apache.kafka.common.message.DeleteRecordsResponseData) DescribeUserScramCredentialsRequest(org.apache.kafka.common.requests.DescribeUserScramCredentialsRequest) HashSet(java.util.HashSet) CreatableTopicConfigs(org.apache.kafka.common.message.CreateTopicsResponseData.CreatableTopicConfigs) TopicCollection(org.apache.kafka.common.TopicCollection) OngoingPartitionReassignment(org.apache.kafka.common.message.ListPartitionReassignmentsResponseData.OngoingPartitionReassignment) LinkedList(java.util.LinkedList) TimeoutException(org.apache.kafka.common.errors.TimeoutException) Logger(org.slf4j.Logger) AllBrokersStrategy(org.apache.kafka.clients.admin.internals.AllBrokersStrategy) AlterConfigsResponse(org.apache.kafka.common.requests.AlterConfigsResponse) CreateTopicsResponse(org.apache.kafka.common.requests.CreateTopicsResponse) ConfigException(org.apache.kafka.common.config.ConfigException) DeleteRecordsPartition(org.apache.kafka.common.message.DeleteRecordsRequestData.DeleteRecordsPartition) KafkaThread(org.apache.kafka.common.utils.KafkaThread) AlterConfigsRequest(org.apache.kafka.common.requests.AlterConfigsRequest) RenewDelegationTokenRequest(org.apache.kafka.common.requests.RenewDelegationTokenRequest) DefaultHostResolver(org.apache.kafka.clients.DefaultHostResolver) DisconnectException(org.apache.kafka.common.errors.DisconnectException) InvalidRequestException(org.apache.kafka.common.errors.InvalidRequestException) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) Comparator(java.util.Comparator) ExpireDelegationTokenResponse(org.apache.kafka.common.requests.ExpireDelegationTokenResponse) ReplicaLogDirInfo(org.apache.kafka.clients.admin.DescribeReplicaLogDirsResult.ReplicaLogDirInfo) Arrays(java.util.Arrays) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest) DescribeClusterRequestData(org.apache.kafka.common.message.DescribeClusterRequestData) CreatePartitionsTopicCollection(org.apache.kafka.common.message.CreatePartitionsRequestData.CreatePartitionsTopicCollection) DeleteRecordsTopicResult(org.apache.kafka.common.message.DeleteRecordsResponseData.DeleteRecordsTopicResult) Cluster(org.apache.kafka.common.Cluster) AbortTransactionHandler(org.apache.kafka.clients.admin.internals.AbortTransactionHandler) AdminApiHandler(org.apache.kafka.clients.admin.internals.AdminApiHandler) UnregisterBrokerRequest(org.apache.kafka.common.requests.UnregisterBrokerRequest) CreatePartitionsTopic(org.apache.kafka.common.message.CreatePartitionsRequestData.CreatePartitionsTopic) RemoveMembersFromConsumerGroupHandler(org.apache.kafka.clients.admin.internals.RemoveMembersFromConsumerGroupHandler) ApiVersionsResponse(org.apache.kafka.common.requests.ApiVersionsResponse) ListOffsetsResponse(org.apache.kafka.common.requests.ListOffsetsResponse) LogContext(org.apache.kafka.common.utils.LogContext) ListPartitionReassignmentsRequestData(org.apache.kafka.common.message.ListPartitionReassignmentsRequestData) CreatePartitionsRequestData(org.apache.kafka.common.message.CreatePartitionsRequestData) TimestampSpec(org.apache.kafka.clients.admin.OffsetSpec.TimestampSpec) ListTransactionsHandler(org.apache.kafka.clients.admin.internals.ListTransactionsHandler) DeleteAclsRequest(org.apache.kafka.common.requests.DeleteAclsRequest) InvalidTopicException(org.apache.kafka.common.errors.InvalidTopicException) Set(java.util.Set) PartitionInfo(org.apache.kafka.common.PartitionInfo) DeleteRecordsRequest(org.apache.kafka.common.requests.DeleteRecordsRequest) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CoordinatorKey(org.apache.kafka.clients.admin.internals.CoordinatorKey) MetricsReporter(org.apache.kafka.common.metrics.MetricsReporter) ConsumerGroupState(org.apache.kafka.common.ConsumerGroupState) InvalidKeyException(java.security.InvalidKeyException) CreatableTopicResult(org.apache.kafka.common.message.CreateTopicsResponseData.CreatableTopicResult) MetadataResponse(org.apache.kafka.common.requests.MetadataResponse) AlterUserScramCredentialsRequestData(org.apache.kafka.common.message.AlterUserScramCredentialsRequestData) CreatableRenewers(org.apache.kafka.common.message.CreateDelegationTokenRequestData.CreatableRenewers) Selector(org.apache.kafka.common.network.Selector) KafkaMetricsContext(org.apache.kafka.common.metrics.KafkaMetricsContext) RenewDelegationTokenResponse(org.apache.kafka.common.requests.RenewDelegationTokenResponse) RetriableException(org.apache.kafka.common.errors.RetriableException) ExpireDelegationTokenRequestData(org.apache.kafka.common.message.ExpireDelegationTokenRequestData) ArrayList(java.util.ArrayList) MetricsContext(org.apache.kafka.common.metrics.MetricsContext) ElectionType(org.apache.kafka.common.ElectionType) NetworkClient(org.apache.kafka.clients.NetworkClient) InterfaceStability(org.apache.kafka.common.annotation.InterfaceStability) AlterPartitionReassignmentsRequestData(org.apache.kafka.common.message.AlterPartitionReassignmentsRequestData) KafkaFutureImpl(org.apache.kafka.common.internals.KafkaFutureImpl) MetadataOperationContext(org.apache.kafka.clients.admin.internals.MetadataOperationContext) ListGroupsResponseData(org.apache.kafka.common.message.ListGroupsResponseData) TopicPartitionInfo(org.apache.kafka.common.TopicPartitionInfo) ScramFormatter(org.apache.kafka.common.security.scram.internals.ScramFormatter) AlterClientQuotasResponse(org.apache.kafka.common.requests.AlterClientQuotasResponse) AclCreation(org.apache.kafka.common.message.CreateAclsRequestData.AclCreation) TopicPartitionReplica(org.apache.kafka.common.TopicPartitionReplica) DeleteRecordsResponse(org.apache.kafka.common.requests.DeleteRecordsResponse) ReassignablePartition(org.apache.kafka.common.message.AlterPartitionReassignmentsRequestData.ReassignablePartition) AclOperation(org.apache.kafka.common.acl.AclOperation) AlterReplicaLogDirsRequestData(org.apache.kafka.common.message.AlterReplicaLogDirsRequestData) UnsupportedSaslMechanismException(org.apache.kafka.common.errors.UnsupportedSaslMechanismException) CreateTopicsRequestData(org.apache.kafka.common.message.CreateTopicsRequestData) DescribeUserScramCredentialsRequestData(org.apache.kafka.common.message.DescribeUserScramCredentialsRequestData) UnsupportedVersionException(org.apache.kafka.common.errors.UnsupportedVersionException) MetadataRequestData(org.apache.kafka.common.message.MetadataRequestData) DescribeDelegationTokenResponse(org.apache.kafka.common.requests.DescribeDelegationTokenResponse) AdminApiDriver(org.apache.kafka.clients.admin.internals.AdminApiDriver) AlterClientQuotasRequest(org.apache.kafka.common.requests.AlterClientQuotasRequest) CreatePartitionsTopicResult(org.apache.kafka.common.message.CreatePartitionsResponseData.CreatePartitionsTopicResult) SimpleAdminApiFuture(org.apache.kafka.clients.admin.internals.AdminApiFuture.SimpleAdminApiFuture) AlterReplicaLogDirPartitionResult(org.apache.kafka.common.message.AlterReplicaLogDirsResponseData.AlterReplicaLogDirPartitionResult) ListPartitionReassignmentsResponse(org.apache.kafka.common.requests.ListPartitionReassignmentsResponse) ClientRequest(org.apache.kafka.clients.ClientRequest) DescribeClientQuotasResponse(org.apache.kafka.common.requests.DescribeClientQuotasResponse) UpdateFeaturesResponse(org.apache.kafka.common.requests.UpdateFeaturesResponse) ReassignableTopicResponse(org.apache.kafka.common.message.AlterPartitionReassignmentsResponseData.ReassignableTopicResponse) DeleteAclsRequestData(org.apache.kafka.common.message.DeleteAclsRequestData) UnregisterBrokerResponse(org.apache.kafka.common.requests.UnregisterBrokerResponse) CreatePartitionsRequest(org.apache.kafka.common.requests.CreatePartitionsRequest) MetadataRequest.convertToMetadataRequestTopic(org.apache.kafka.common.requests.MetadataRequest.convertToMetadataRequestTopic) Metric(org.apache.kafka.common.Metric) MetricName(org.apache.kafka.common.MetricName) AdminMetadataManager(org.apache.kafka.clients.admin.internals.AdminMetadataManager) DescribeAclsRequest(org.apache.kafka.common.requests.DescribeAclsRequest) Predicate(java.util.function.Predicate) MetricConfig(org.apache.kafka.common.metrics.MetricConfig) KafkaFuture(org.apache.kafka.common.KafkaFuture) InetSocketAddress(java.net.InetSocketAddress) ListOffsetsResultInfo(org.apache.kafka.clients.admin.ListOffsetsResult.ListOffsetsResultInfo) List(java.util.List) DeletableTopicResult(org.apache.kafka.common.message.DeleteTopicsResponseData.DeletableTopicResult) Optional(java.util.Optional) ClientResponse(org.apache.kafka.clients.ClientResponse) ConsumerProtocol(org.apache.kafka.clients.consumer.internals.ConsumerProtocol) ListConsumerGroupOffsetsHandler(org.apache.kafka.clients.admin.internals.ListConsumerGroupOffsetsHandler) MetadataRequest.convertTopicIdsToMetadataRequestTopic(org.apache.kafka.common.requests.MetadataRequest.convertTopicIdsToMetadataRequestTopic) CreateTopicsRequest(org.apache.kafka.common.requests.CreateTopicsRequest) ElectLeadersResponse(org.apache.kafka.common.requests.ElectLeadersResponse) StaleMetadataException(org.apache.kafka.clients.StaleMetadataException) AclBindingFilter(org.apache.kafka.common.acl.AclBindingFilter) HashMap(java.util.HashMap) DescribeConsumerGroupsHandler(org.apache.kafka.clients.admin.internals.DescribeConsumerGroupsHandler) ApiError(org.apache.kafka.common.requests.ApiError) ConfigResource(org.apache.kafka.common.config.ConfigResource) CreateDelegationTokenResponse(org.apache.kafka.common.requests.CreateDelegationTokenResponse) CreateDelegationTokenResponseData(org.apache.kafka.common.message.CreateDelegationTokenResponseData) DeleteConsumerGroupsHandler(org.apache.kafka.clients.admin.internals.DeleteConsumerGroupsHandler) MetadataRequest(org.apache.kafka.common.requests.MetadataRequest) AclBinding(org.apache.kafka.common.acl.AclBinding) ClientQuotaEntity(org.apache.kafka.common.quota.ClientQuotaEntity) DescribeProducersHandler(org.apache.kafka.clients.admin.internals.DescribeProducersHandler) OngoingTopicReassignment(org.apache.kafka.common.message.ListPartitionReassignmentsResponseData.OngoingTopicReassignment) ListPartitionReassignmentsRequest(org.apache.kafka.common.requests.ListPartitionReassignmentsRequest) DeleteConsumerGroupOffsetsHandler(org.apache.kafka.clients.admin.internals.DeleteConsumerGroupOffsetsHandler) AlterReplicaLogDirTopic(org.apache.kafka.common.message.AlterReplicaLogDirsRequestData.AlterReplicaLogDirTopic) JmxReporter(org.apache.kafka.common.metrics.JmxReporter) Utils(org.apache.kafka.common.utils.Utils) DescribeTransactionsHandler(org.apache.kafka.clients.admin.internals.DescribeTransactionsHandler) ListOffsetsPartition(org.apache.kafka.common.message.ListOffsetsRequestData.ListOffsetsPartition) Iterator(java.util.Iterator) FilterResult(org.apache.kafka.clients.admin.DeleteAclsResult.FilterResult) DeleteAclsResponseData(org.apache.kafka.common.message.DeleteAclsResponseData) TimeUnit(java.util.concurrent.TimeUnit) DescribeDelegationTokenRequest(org.apache.kafka.common.requests.DescribeDelegationTokenRequest) HostResolver(org.apache.kafka.clients.HostResolver) DeleteTopicsResponse(org.apache.kafka.common.requests.DeleteTopicsResponse) DescribeLogDirsResponse(org.apache.kafka.common.requests.DescribeLogDirsResponse) Collections(java.util.Collections) ApiException(org.apache.kafka.common.errors.ApiException) CreateDelegationTokenRequest(org.apache.kafka.common.requests.CreateDelegationTokenRequest) HashMap(java.util.HashMap) ChannelBuilder(org.apache.kafka.common.network.ChannelBuilder) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) AbstractResponse(org.apache.kafka.common.requests.AbstractResponse) AlterUserScramCredentialsResponse(org.apache.kafka.common.requests.AlterUserScramCredentialsResponse) UnsupportedSaslMechanismException(org.apache.kafka.common.errors.UnsupportedSaslMechanismException) KafkaFutureImpl(org.apache.kafka.common.internals.KafkaFutureImpl) InvalidKeyException(java.security.InvalidKeyException) ThrottlingQuotaExceededException(org.apache.kafka.common.errors.ThrottlingQuotaExceededException) KafkaException(org.apache.kafka.common.KafkaException) UnknownTopicOrPartitionException(org.apache.kafka.common.errors.UnknownTopicOrPartitionException) UnacceptableCredentialException(org.apache.kafka.common.errors.UnacceptableCredentialException) AuthenticationException(org.apache.kafka.common.errors.AuthenticationException) KafkaStorageException(org.apache.kafka.common.errors.KafkaStorageException) UnknownServerException(org.apache.kafka.common.errors.UnknownServerException) TimeoutException(org.apache.kafka.common.errors.TimeoutException) ConfigException(org.apache.kafka.common.config.ConfigException) DisconnectException(org.apache.kafka.common.errors.DisconnectException) InvalidRequestException(org.apache.kafka.common.errors.InvalidRequestException) InvalidTopicException(org.apache.kafka.common.errors.InvalidTopicException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) RetriableException(org.apache.kafka.common.errors.RetriableException) UnsupportedSaslMechanismException(org.apache.kafka.common.errors.UnsupportedSaslMechanismException) UnsupportedVersionException(org.apache.kafka.common.errors.UnsupportedVersionException) StaleMetadataException(org.apache.kafka.clients.StaleMetadataException) ApiException(org.apache.kafka.common.errors.ApiException) AlterUserScramCredentialsRequest(org.apache.kafka.common.requests.AlterUserScramCredentialsRequest) Errors(org.apache.kafka.common.protocol.Errors) UnacceptableCredentialException(org.apache.kafka.common.errors.UnacceptableCredentialException) AlterUserScramCredentialsRequestData(org.apache.kafka.common.message.AlterUserScramCredentialsRequestData) Map(java.util.Map) TreeMap(java.util.TreeMap) HashMap(java.util.HashMap)

Example 2 with UnsupportedSaslMechanismException

use of org.apache.kafka.common.errors.UnsupportedSaslMechanismException in project kafka by apache.

the class SaslServerAuthenticator method handleKafkaRequest.

private boolean handleKafkaRequest(byte[] requestBytes) throws IOException, AuthenticationException {
    boolean isKafkaRequest = false;
    String clientMechanism = null;
    try {
        ByteBuffer requestBuffer = ByteBuffer.wrap(requestBytes);
        RequestHeader header = RequestHeader.parse(requestBuffer);
        ApiKeys apiKey = header.apiKey();
        // following a SaslHandshakeRequest since this is not a GSSAPI client token from a Kafka 0.9.0.x client.
        if (saslState == SaslState.INITIAL_REQUEST)
            setSaslState(SaslState.HANDSHAKE_OR_VERSIONS_REQUEST);
        isKafkaRequest = true;
        // unnecessary exposure to some of the more complex schema types.
        if (apiKey != ApiKeys.API_VERSIONS && apiKey != ApiKeys.SASL_HANDSHAKE)
            throw new IllegalSaslStateException("Unexpected Kafka request of type " + apiKey + " during SASL handshake.");
        LOG.debug("Handling Kafka request {} during {}", apiKey, reauthInfo.authenticationOrReauthenticationText());
        RequestContext requestContext = new RequestContext(header, connectionId, clientAddress(), KafkaPrincipal.ANONYMOUS, listenerName, securityProtocol, ClientInformation.EMPTY, false);
        RequestAndSize requestAndSize = requestContext.parseRequest(requestBuffer);
        if (apiKey == ApiKeys.API_VERSIONS)
            handleApiVersionsRequest(requestContext, (ApiVersionsRequest) requestAndSize.request);
        else
            clientMechanism = handleHandshakeRequest(requestContext, (SaslHandshakeRequest) requestAndSize.request);
    } catch (InvalidRequestException e) {
        if (saslState == SaslState.INITIAL_REQUEST) {
            // starting with 0x60, revert to GSSAPI for both these exceptions.
            if (LOG.isDebugEnabled()) {
                StringBuilder tokenBuilder = new StringBuilder();
                for (byte b : requestBytes) {
                    tokenBuilder.append(String.format("%02x", b));
                    if (tokenBuilder.length() >= 20)
                        break;
                }
                LOG.debug("Received client packet of length {} starting with bytes 0x{}, process as GSSAPI packet", requestBytes.length, tokenBuilder);
            }
            if (enabledMechanisms.contains(SaslConfigs.GSSAPI_MECHANISM)) {
                LOG.debug("First client packet is not a SASL mechanism request, using default mechanism GSSAPI");
                clientMechanism = SaslConfigs.GSSAPI_MECHANISM;
            } else
                throw new UnsupportedSaslMechanismException("Exception handling first SASL packet from client, GSSAPI is not supported by server", e);
        } else
            throw e;
    }
    if (clientMechanism != null && (!reauthInfo.reauthenticating() || reauthInfo.saslMechanismUnchanged(clientMechanism))) {
        createSaslServer(clientMechanism);
        setSaslState(SaslState.AUTHENTICATE);
    }
    return isKafkaRequest;
}
Also used : ApiKeys(org.apache.kafka.common.protocol.ApiKeys) RequestAndSize(org.apache.kafka.common.requests.RequestAndSize) UnsupportedSaslMechanismException(org.apache.kafka.common.errors.UnsupportedSaslMechanismException) RequestHeader(org.apache.kafka.common.requests.RequestHeader) InvalidRequestException(org.apache.kafka.common.errors.InvalidRequestException) IllegalSaslStateException(org.apache.kafka.common.errors.IllegalSaslStateException) RequestContext(org.apache.kafka.common.requests.RequestContext) ByteBuffer(java.nio.ByteBuffer) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)

Example 3 with UnsupportedSaslMechanismException

use of org.apache.kafka.common.errors.UnsupportedSaslMechanismException in project kafka by apache.

the class SaslServerAuthenticator method handleHandshakeRequest.

private String handleHandshakeRequest(RequestHeader requestHeader, SaslHandshakeRequest handshakeRequest) throws IOException, UnsupportedSaslMechanismException {
    String clientMechanism = handshakeRequest.mechanism();
    if (enabledMechanisms.contains(clientMechanism)) {
        LOG.debug("Using SASL mechanism '{}' provided by client", clientMechanism);
        sendKafkaResponse(requestHeader, new SaslHandshakeResponse(Errors.NONE, enabledMechanisms));
        return clientMechanism;
    } else {
        LOG.debug("SASL mechanism '{}' requested by client is not supported", clientMechanism);
        sendKafkaResponse(requestHeader, new SaslHandshakeResponse(Errors.UNSUPPORTED_SASL_MECHANISM, enabledMechanisms));
        throw new UnsupportedSaslMechanismException("Unsupported SASL mechanism " + clientMechanism);
    }
}
Also used : SaslHandshakeResponse(org.apache.kafka.common.requests.SaslHandshakeResponse) UnsupportedSaslMechanismException(org.apache.kafka.common.errors.UnsupportedSaslMechanismException)

Example 4 with UnsupportedSaslMechanismException

use of org.apache.kafka.common.errors.UnsupportedSaslMechanismException in project apache-kafka-on-k8s by banzaicloud.

the class SaslServerAuthenticator method handleHandshakeRequest.

private String handleHandshakeRequest(RequestContext context, SaslHandshakeRequest handshakeRequest) throws IOException, UnsupportedSaslMechanismException {
    String clientMechanism = handshakeRequest.mechanism();
    short version = context.header.apiVersion();
    if (version >= 1)
        this.enableKafkaSaslAuthenticateHeaders(true);
    if (enabledMechanisms.contains(clientMechanism)) {
        LOG.debug("Using SASL mechanism '{}' provided by client", clientMechanism);
        sendKafkaResponse(context, new SaslHandshakeResponse(Errors.NONE, enabledMechanisms));
        return clientMechanism;
    } else {
        LOG.debug("SASL mechanism '{}' requested by client is not supported", clientMechanism);
        sendKafkaResponse(context, new SaslHandshakeResponse(Errors.UNSUPPORTED_SASL_MECHANISM, enabledMechanisms));
        throw new UnsupportedSaslMechanismException("Unsupported SASL mechanism " + clientMechanism);
    }
}
Also used : SaslHandshakeResponse(org.apache.kafka.common.requests.SaslHandshakeResponse) UnsupportedSaslMechanismException(org.apache.kafka.common.errors.UnsupportedSaslMechanismException)

Example 5 with UnsupportedSaslMechanismException

use of org.apache.kafka.common.errors.UnsupportedSaslMechanismException in project apache-kafka-on-k8s by banzaicloud.

the class SaslServerAuthenticator method handleKafkaRequest.

private boolean handleKafkaRequest(byte[] requestBytes) throws IOException, AuthenticationException {
    boolean isKafkaRequest = false;
    String clientMechanism = null;
    try {
        ByteBuffer requestBuffer = ByteBuffer.wrap(requestBytes);
        RequestHeader header = RequestHeader.parse(requestBuffer);
        ApiKeys apiKey = header.apiKey();
        // following a SaslHandshakeRequest since this is not a GSSAPI client token from a Kafka 0.9.0.x client.
        if (saslState == SaslState.INITIAL_REQUEST)
            setSaslState(SaslState.HANDSHAKE_OR_VERSIONS_REQUEST);
        isKafkaRequest = true;
        // unnecessary exposure to some of the more complex schema types.
        if (apiKey != ApiKeys.API_VERSIONS && apiKey != ApiKeys.SASL_HANDSHAKE)
            throw new IllegalSaslStateException("Unexpected Kafka request of type " + apiKey + " during SASL handshake.");
        LOG.debug("Handling Kafka request {}", apiKey);
        RequestContext requestContext = new RequestContext(header, connectionId, clientAddress(), KafkaPrincipal.ANONYMOUS, listenerName, securityProtocol);
        RequestAndSize requestAndSize = requestContext.parseRequest(requestBuffer);
        if (apiKey == ApiKeys.API_VERSIONS)
            handleApiVersionsRequest(requestContext, (ApiVersionsRequest) requestAndSize.request);
        else
            clientMechanism = handleHandshakeRequest(requestContext, (SaslHandshakeRequest) requestAndSize.request);
    } catch (InvalidRequestException e) {
        if (saslState == SaslState.INITIAL_REQUEST) {
            // starting with 0x60, revert to GSSAPI for both these exceptions.
            if (LOG.isDebugEnabled()) {
                StringBuilder tokenBuilder = new StringBuilder();
                for (byte b : requestBytes) {
                    tokenBuilder.append(String.format("%02x", b));
                    if (tokenBuilder.length() >= 20)
                        break;
                }
                LOG.debug("Received client packet of length {} starting with bytes 0x{}, process as GSSAPI packet", requestBytes.length, tokenBuilder);
            }
            if (enabledMechanisms.contains(SaslConfigs.GSSAPI_MECHANISM)) {
                LOG.debug("First client packet is not a SASL mechanism request, using default mechanism GSSAPI");
                clientMechanism = SaslConfigs.GSSAPI_MECHANISM;
            } else
                throw new UnsupportedSaslMechanismException("Exception handling first SASL packet from client, GSSAPI is not supported by server", e);
        } else
            throw e;
    }
    if (clientMechanism != null) {
        createSaslServer(clientMechanism);
        setSaslState(SaslState.AUTHENTICATE);
    }
    return isKafkaRequest;
}
Also used : ApiKeys(org.apache.kafka.common.protocol.ApiKeys) RequestAndSize(org.apache.kafka.common.requests.RequestAndSize) UnsupportedSaslMechanismException(org.apache.kafka.common.errors.UnsupportedSaslMechanismException) RequestHeader(org.apache.kafka.common.requests.RequestHeader) InvalidRequestException(org.apache.kafka.common.errors.InvalidRequestException) IllegalSaslStateException(org.apache.kafka.common.errors.IllegalSaslStateException) RequestContext(org.apache.kafka.common.requests.RequestContext) ByteBuffer(java.nio.ByteBuffer) ApiVersionsRequest(org.apache.kafka.common.requests.ApiVersionsRequest)

Aggregations

UnsupportedSaslMechanismException (org.apache.kafka.common.errors.UnsupportedSaslMechanismException)6 InvalidRequestException (org.apache.kafka.common.errors.InvalidRequestException)3 ApiVersionsRequest (org.apache.kafka.common.requests.ApiVersionsRequest)3 SaslHandshakeResponse (org.apache.kafka.common.requests.SaslHandshakeResponse)3 ByteBuffer (java.nio.ByteBuffer)2 InetSocketAddress (java.net.InetSocketAddress)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Duration (java.time.Duration)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 Comparator (java.util.Comparator)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Iterator (java.util.Iterator)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Map (java.util.Map)1