Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store delegation token hmac as base64 #1628

Merged
merged 4 commits into from
May 21, 2024
Merged

Store delegation token hmac as base64 #1628

merged 4 commits into from
May 21, 2024

Conversation

rukai
Copy link
Member

@rukai rukai commented May 16, 2024
edited

This PR completes a TODO left in the code from #1626

Delegation tokens are created by a super user and allows a connection to kafka to authenticate as a specific user.
Shotover creates them to allow proxying scram connections which would otherwise be unable to be proxied.

The token task in scram_over_mtls.rs creates delegation tokens when the transforms request them.
It will cache the token and fetch new tokens if they are not in the cache yet.

The tokens are stored in a type called DelegationToken.
This contains the token_id which acts as the tokens username and the hmac which acts as the tokens password.

shotover-proxy/shotover/src/transforms/kafka/sink_cluster/scram_over_mtls.rs

Lines 328 to 333 in c1331f8

#[derive(Clone)]
pub struct DelegationToken {
pub token_id: String,
// TODO: store as base64 string
pub hmac: Vec<u8>,
}

Currently the hmac field stores the raw bytes of the hmac, in a Vec<u8>.
This PR changes the hmac field to instead store the base64 encoding of the hmac, in a StrBytes.

This is more efficient as we dont need to convert to base64 every time we use the hmac to login with token.

@rukai rukai marked this pull request as draft May 16, 2024 22:45
@rukai rukai marked this pull request as ready for review May 16, 2024 22:48
@codspeed-hq CodSpeed HQ
Copy link

codspeed-hq bot commented May 16, 2024
edited

CodSpeed Performance Report

Merging #1628 will not alter performance

Comparing rukai:store_hmac_as_base64 (d7ec227) with main (50b6301)

Summary

✅ 37 untouched benchmarks

@rukai rukai enabled auto-merge (squash) May 21, 2024 00:59
@rukai rukai merged commit 618638a into shotover:main May 21, 2024
41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ronycsdu ronycsdu ronycsdu approved these changes

@justinweng-instaclustr justinweng-instaclustr justinweng-instaclustr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rukai @ronycsdu @justinweng-instaclustr