Add OAuthBearer authentication support for rdkafka #21058
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adds support for OAuthBearer authentication flow for rdkafka client when Kafka server expects/supports it. The 'tokenProvider' is supposed to be set via nconf programatically.
Breaking Changes
server/routerlicious/packages/services-ordering-rdkafka/src/rdkafkaBase.ts introduces connect() method breaking change by changing its return value from 'void' to 'Promise'. This is needed for tokenProvider's call convenience and overall maintainability/readability of the code.
Reviewer Guidance
This change has been verified with FRS and three types of Kafka server:
Another change that is not directly related to the main topic is fix for incorrect node-rdkafka's feature filtering
The
rdKafkaHasSSLEnabled
will have an empty array ifssl
is not included. Which later would be checked with the following line:The problem with this line is that it will always be false whether
rdKafkaHasSSLEnabled
containsssl
entry or it's completely empty. Empty array is still not null/undefined, so the condition will be false.I've changed it to an array of lower case values from the original one of rdkafka (redundant step, since it always contains lower case features, but to make sure it's always lower case and it doesn't change the previous logic).
And new way of checking it traverses this new array and checks it with the
includes()
method: