cubefs
1776 строк · 51.0 Кб
1package sarama2import (4"crypto/tls"5"encoding/binary"6"errors"7"fmt"8"io"9"math/rand"10"net"11"sort"12"strconv"13"strings"14"sync"15"sync/atomic"16"time"17"github.com/rcrowley/go-metrics"19)20// Broker represents a single Kafka broker connection. All operations on this object are entirely concurrency-safe.22type Broker struct {23conf *Config24rack *string25id int3227addr string28correlationID int3229conn net.Conn30connErr error31lock sync.Mutex32opened int3233responses chan *responsePromise34done chan bool35registeredMetrics map[string]struct{}37incomingByteRate metrics.Meter39requestRate metrics.Meter40requestSize metrics.Histogram41requestLatency metrics.Histogram42outgoingByteRate metrics.Meter43responseRate metrics.Meter44responseSize metrics.Histogram45requestsInFlight metrics.Counter46brokerIncomingByteRate metrics.Meter47brokerRequestRate metrics.Meter48brokerRequestSize metrics.Histogram49brokerRequestLatency metrics.Histogram50brokerOutgoingByteRate metrics.Meter51brokerResponseRate metrics.Meter52brokerResponseSize metrics.Histogram53brokerRequestsInFlight metrics.Counter54brokerThrottleTime metrics.Histogram55kerberosAuthenticator GSSAPIKerberosAuth57clientSessionReauthenticationTimeMs int6458}59// SASLMechanism specifies the SASL mechanism the client uses to authenticate with the broker61type SASLMechanism string62const (64// SASLTypeOAuth represents the SASL/OAUTHBEARER mechanism (Kafka 2.0.0+)65SASLTypeOAuth = "OAUTHBEARER"66// SASLTypePlaintext represents the SASL/PLAIN mechanism67SASLTypePlaintext = "PLAIN"68// SASLTypeSCRAMSHA256 represents the SCRAM-SHA-256 mechanism.69SASLTypeSCRAMSHA256 = "SCRAM-SHA-256"70// SASLTypeSCRAMSHA512 represents the SCRAM-SHA-512 mechanism.71SASLTypeSCRAMSHA512 = "SCRAM-SHA-512"72SASLTypeGSSAPI = "GSSAPI"73// SASLHandshakeV0 is v0 of the Kafka SASL handshake protocol. Client and74// server negotiate SASL auth using opaque packets.75SASLHandshakeV0 = int16(0)76// SASLHandshakeV1 is v1 of the Kafka SASL handshake protocol. Client and77// server negotiate SASL by wrapping tokens with Kafka protocol headers.78SASLHandshakeV1 = int16(1)79// SASLExtKeyAuth is the reserved extension key name sent as part of the80// SASL/OAUTHBEARER initial client response81SASLExtKeyAuth = "auth"82)83// AccessToken contains an access token used to authenticate a85// SASL/OAUTHBEARER client along with associated metadata.86type AccessToken struct {87// Token is the access token payload.88Token string89// Extensions is a optional map of arbitrary key-value pairs that can be90// sent with the SASL/OAUTHBEARER initial client response. These values are91// ignored by the SASL server if they are unexpected. This feature is only92// supported by Kafka >= 2.1.0.93Extensions map[string]string94}95// AccessTokenProvider is the interface that encapsulates how implementors97// can generate access tokens for Kafka broker authentication.98type AccessTokenProvider interface {99// Token returns an access token. The implementation should ensure token100// reuse so that multiple calls at connect time do not create multiple101// tokens. The implementation should also periodically refresh the token in102// order to guarantee that each call returns an unexpired token. This103// method should not block indefinitely--a timeout error should be returned104// after a short period of inactivity so that the broker connection logic105// can log debugging information and retry.106Token() (*AccessToken, error)107}108// SCRAMClient is a an interface to a SCRAM110// client implementation.111type SCRAMClient interface {112// Begin prepares the client for the SCRAM exchange113// with the server with a user name and a password114Begin(userName, password, authzID string) error115// Step steps client through the SCRAM exchange. It is116// called repeatedly until it errors or `Done` returns true.117Step(challenge string) (response string, err error)118// Done should return true when the SCRAM conversation119// is over.120Done() bool121}122type responsePromise struct {124requestTime time.Time125correlationID int32126headerVersion int16127handler func([]byte, error)128packets chan []byte129errors chan error130}131func (p *responsePromise) handle(packets []byte, err error) {133// Use callback when provided134if p.handler != nil {135p.handler(packets, err)136return137}138// Otherwise fallback to using channels139if err != nil {140p.errors <- err141return142}143p.packets <- packets144}145// NewBroker creates and returns a Broker targeting the given host:port address.147// This does not attempt to actually connect, you have to call Open() for that.148func NewBroker(addr string) *Broker {149return &Broker{id: -1, addr: addr}150}151// Open tries to connect to the Broker if it is not already connected or connecting, but does not block153// waiting for the connection to complete. This means that any subsequent operations on the broker will154// block waiting for the connection to succeed or fail. To get the effect of a fully synchronous Open call,155// follow it by a call to Connected(). The only errors Open will return directly are ConfigurationError or156// AlreadyConnected. If conf is nil, the result of NewConfig() is used.157func (b *Broker) Open(conf *Config) error {158if !atomic.CompareAndSwapInt32(&b.opened, 0, 1) {159return ErrAlreadyConnected160}161if conf == nil {163conf = NewConfig()164}165err := conf.Validate()167if err != nil {168return err169}170usingApiVersionsRequests := conf.Version.IsAtLeast(V2_4_0_0) && conf.ApiVersionsRequest172b.lock.Lock()174go withRecover(func() {176defer func() {177b.lock.Unlock()178// Send an ApiVersionsRequest to identify the client (KIP-511).180// Ideally Sarama would use the response to control protocol versions,181// but for now just fire-and-forget just to send182if usingApiVersionsRequests {183_, err = b.ApiVersions(&ApiVersionsRequest{184Version: 3,185ClientSoftwareName: defaultClientSoftwareName,186ClientSoftwareVersion: version(),187})188if err != nil {189Logger.Printf("Error while sending ApiVersionsRequest to broker %s: %s\n", b.addr, err)190}191}192}()193dialer := conf.getDialer()194b.conn, b.connErr = dialer.Dial("tcp", b.addr)195if b.connErr != nil {196Logger.Printf("Failed to connect to broker %s: %s\n", b.addr, b.connErr)197b.conn = nil198atomic.StoreInt32(&b.opened, 0)199return200}201if conf.Net.TLS.Enable {202b.conn = tls.Client(b.conn, validServerNameTLS(b.addr, conf.Net.TLS.Config))203}204b.conn = newBufConn(b.conn)206b.conf = conf207// Create or reuse the global metrics shared between brokers209b.incomingByteRate = metrics.GetOrRegisterMeter("incoming-byte-rate", conf.MetricRegistry)210b.requestRate = metrics.GetOrRegisterMeter("request-rate", conf.MetricRegistry)211b.requestSize = getOrRegisterHistogram("request-size", conf.MetricRegistry)212b.requestLatency = getOrRegisterHistogram("request-latency-in-ms", conf.MetricRegistry)213b.outgoingByteRate = metrics.GetOrRegisterMeter("outgoing-byte-rate", conf.MetricRegistry)214b.responseRate = metrics.GetOrRegisterMeter("response-rate", conf.MetricRegistry)215b.responseSize = getOrRegisterHistogram("response-size", conf.MetricRegistry)216b.requestsInFlight = metrics.GetOrRegisterCounter("requests-in-flight", conf.MetricRegistry)217// Do not gather metrics for seeded broker (only used during bootstrap) because they share218// the same id (-1) and are already exposed through the global metrics above219if b.id >= 0 && !metrics.UseNilMetrics {220b.registerMetrics()221}222if conf.Net.SASL.Enable {224b.connErr = b.authenticateViaSASL()225if b.connErr != nil {227err = b.conn.Close()228if err == nil {229DebugLogger.Printf("Closed connection to broker %s\n", b.addr)230} else {231Logger.Printf("Error while closing connection to broker %s: %s\n", b.addr, err)232}233b.conn = nil234atomic.StoreInt32(&b.opened, 0)235return236}237}238b.done = make(chan bool)240b.responses = make(chan *responsePromise, b.conf.Net.MaxOpenRequests-1)241if b.id >= 0 {243DebugLogger.Printf("Connected to broker at %s (registered as #%d)\n", b.addr, b.id)244} else {245DebugLogger.Printf("Connected to broker at %s (unregistered)\n", b.addr)246}247go withRecover(b.responseReceiver)248})249return nil251}252// Connected returns true if the broker is connected and false otherwise. If the broker is not254// connected but it had tried to connect, the error from that connection attempt is also returned.255func (b *Broker) Connected() (bool, error) {256b.lock.Lock()257defer b.lock.Unlock()258return b.conn != nil, b.connErr260}261// TLSConnectionState returns the client's TLS connection state. The second return value is false if this is not a tls connection or the connection has not yet been established.263func (b *Broker) TLSConnectionState() (state tls.ConnectionState, ok bool) {264b.lock.Lock()265defer b.lock.Unlock()266if b.conn == nil {268return state, false269}270conn := b.conn271if bconn, ok := b.conn.(*bufConn); ok {272conn = bconn.Conn273}274if tc, ok := conn.(*tls.Conn); ok {275return tc.ConnectionState(), true276}277return state, false278}279// Close closes the broker resources281func (b *Broker) Close() error {282b.lock.Lock()283defer b.lock.Unlock()284if b.conn == nil {286return ErrNotConnected287}288close(b.responses)290<-b.done291err := b.conn.Close()293b.conn = nil295b.connErr = nil296b.done = nil297b.responses = nil298b.unregisterMetrics()300if err == nil {302DebugLogger.Printf("Closed connection to broker %s\n", b.addr)303} else {304Logger.Printf("Error while closing connection to broker %s: %s\n", b.addr, err)305}306atomic.StoreInt32(&b.opened, 0)308return err310}311// ID returns the broker ID retrieved from Kafka's metadata, or -1 if that is not known.313func (b *Broker) ID() int32 {314return b.id315}316// Addr returns the broker address as either retrieved from Kafka's metadata or passed to NewBroker.318func (b *Broker) Addr() string {319return b.addr320}321// Rack returns the broker's rack as retrieved from Kafka's metadata or the323// empty string if it is not known. The returned value corresponds to the324// broker's broker.rack configuration setting. Requires protocol version to be325// at least v0.10.0.0.326func (b *Broker) Rack() string {327if b.rack == nil {328return ""329}330return *b.rack331}332// GetMetadata send a metadata request and returns a metadata response or error334func (b *Broker) GetMetadata(request *MetadataRequest) (*MetadataResponse, error) {335response := new(MetadataResponse)336err := b.sendAndReceive(request, response)338if err != nil {339return nil, err340}341return response, nil343}344// GetConsumerMetadata send a consumer metadata request and returns a consumer metadata response or error346func (b *Broker) GetConsumerMetadata(request *ConsumerMetadataRequest) (*ConsumerMetadataResponse, error) {347response := new(ConsumerMetadataResponse)348err := b.sendAndReceive(request, response)350if err != nil {351return nil, err352}353return response, nil355}356// FindCoordinator sends a find coordinate request and returns a response or error358func (b *Broker) FindCoordinator(request *FindCoordinatorRequest) (*FindCoordinatorResponse, error) {359response := new(FindCoordinatorResponse)360err := b.sendAndReceive(request, response)362if err != nil {363return nil, err364}365return response, nil367}368// GetAvailableOffsets return an offset response or error370func (b *Broker) GetAvailableOffsets(request *OffsetRequest) (*OffsetResponse, error) {371response := new(OffsetResponse)372err := b.sendAndReceive(request, response)374if err != nil {375return nil, err376}377return response, nil379}380// ProduceCallback function is called once the produce response has been parsed382// or could not be read.383type ProduceCallback func(*ProduceResponse, error)384// AsyncProduce sends a produce request and eventually call the provided callback386// with a produce response or an error.387//388// Waiting for the response is generally not blocking on the contrary to using Produce.389// If the maximum number of in flight request configured is reached then390// the request will be blocked till a previous response is received.391//392// When configured with RequiredAcks == NoResponse, the callback will not be invoked.393// If an error is returned because the request could not be sent then the callback394// will not be invoked either.395//396// Make sure not to Close the broker in the callback as it will lead to a deadlock.397func (b *Broker) AsyncProduce(request *ProduceRequest, cb ProduceCallback) error {398needAcks := request.RequiredAcks != NoResponse399// Use a nil promise when no acks is required400var promise *responsePromise401if needAcks {403// Create ProduceResponse early to provide the header version404res := new(ProduceResponse)405promise = &responsePromise{406headerVersion: res.headerVersion(),407// Packets will be converted to a ProduceResponse in the responseReceiver goroutine408handler: func(packets []byte, err error) {409if err != nil {410// Failed request411cb(nil, err)412return413}414if err := versionedDecode(packets, res, request.version()); err != nil {416// Malformed response417cb(nil, err)418return419}420// Wellformed response422b.updateThrottleMetric(res.ThrottleTime)423cb(res, nil)424},425}426}427return b.sendWithPromise(request, promise)429}430//Produce returns a produce response or error432func (b *Broker) Produce(request *ProduceRequest) (*ProduceResponse, error) {433var (434response *ProduceResponse435err error436)437if request.RequiredAcks == NoResponse {439err = b.sendAndReceive(request, nil)440} else {441response = new(ProduceResponse)442err = b.sendAndReceive(request, response)443b.updateThrottleMetric(response.ThrottleTime)444}445if err != nil {447return nil, err448}449return response, nil451}452// Fetch returns a FetchResponse or error454func (b *Broker) Fetch(request *FetchRequest) (*FetchResponse, error) {455response := new(FetchResponse)456err := b.sendAndReceive(request, response)458if err != nil {459return nil, err460}461return response, nil463}464// CommitOffset return an Offset commit response or error466func (b *Broker) CommitOffset(request *OffsetCommitRequest) (*OffsetCommitResponse, error) {467response := new(OffsetCommitResponse)468err := b.sendAndReceive(request, response)470if err != nil {471return nil, err472}473return response, nil475}476// FetchOffset returns an offset fetch response or error478func (b *Broker) FetchOffset(request *OffsetFetchRequest) (*OffsetFetchResponse, error) {479response := new(OffsetFetchResponse)480response.Version = request.Version // needed to handle the two header versions481err := b.sendAndReceive(request, response)483if err != nil {484return nil, err485}486return response, nil488}489// JoinGroup returns a join group response or error491func (b *Broker) JoinGroup(request *JoinGroupRequest) (*JoinGroupResponse, error) {492response := new(JoinGroupResponse)493err := b.sendAndReceive(request, response)495if err != nil {496return nil, err497}498return response, nil500}501// SyncGroup returns a sync group response or error503func (b *Broker) SyncGroup(request *SyncGroupRequest) (*SyncGroupResponse, error) {504response := new(SyncGroupResponse)505err := b.sendAndReceive(request, response)507if err != nil {508return nil, err509}510return response, nil512}513// LeaveGroup return a leave group response or error515func (b *Broker) LeaveGroup(request *LeaveGroupRequest) (*LeaveGroupResponse, error) {516response := new(LeaveGroupResponse)517err := b.sendAndReceive(request, response)519if err != nil {520return nil, err521}522return response, nil524}525// Heartbeat returns a heartbeat response or error527func (b *Broker) Heartbeat(request *HeartbeatRequest) (*HeartbeatResponse, error) {528response := new(HeartbeatResponse)529err := b.sendAndReceive(request, response)531if err != nil {532return nil, err533}534return response, nil536}537// ListGroups return a list group response or error539func (b *Broker) ListGroups(request *ListGroupsRequest) (*ListGroupsResponse, error) {540response := new(ListGroupsResponse)541err := b.sendAndReceive(request, response)543if err != nil {544return nil, err545}546return response, nil548}549// DescribeGroups return describe group response or error551func (b *Broker) DescribeGroups(request *DescribeGroupsRequest) (*DescribeGroupsResponse, error) {552response := new(DescribeGroupsResponse)553err := b.sendAndReceive(request, response)555if err != nil {556return nil, err557}558return response, nil560}561// ApiVersions return api version response or error563func (b *Broker) ApiVersions(request *ApiVersionsRequest) (*ApiVersionsResponse, error) {564response := new(ApiVersionsResponse)565err := b.sendAndReceive(request, response)567if err != nil {568return nil, err569}570return response, nil572}573// CreateTopics send a create topic request and returns create topic response575func (b *Broker) CreateTopics(request *CreateTopicsRequest) (*CreateTopicsResponse, error) {576response := new(CreateTopicsResponse)577err := b.sendAndReceive(request, response)579if err != nil {580return nil, err581}582return response, nil584}585// DeleteTopics sends a delete topic request and returns delete topic response587func (b *Broker) DeleteTopics(request *DeleteTopicsRequest) (*DeleteTopicsResponse, error) {588response := new(DeleteTopicsResponse)589err := b.sendAndReceive(request, response)591if err != nil {592return nil, err593}594return response, nil596}597// CreatePartitions sends a create partition request and returns create599// partitions response or error600func (b *Broker) CreatePartitions(request *CreatePartitionsRequest) (*CreatePartitionsResponse, error) {601response := new(CreatePartitionsResponse)602err := b.sendAndReceive(request, response)604if err != nil {605return nil, err606}607return response, nil609}610// AlterPartitionReassignments sends a alter partition reassignments request and612// returns alter partition reassignments response613func (b *Broker) AlterPartitionReassignments(request *AlterPartitionReassignmentsRequest) (*AlterPartitionReassignmentsResponse, error) {614response := new(AlterPartitionReassignmentsResponse)615err := b.sendAndReceive(request, response)617if err != nil {618return nil, err619}620return response, nil622}623// ListPartitionReassignments sends a list partition reassignments request and625// returns list partition reassignments response626func (b *Broker) ListPartitionReassignments(request *ListPartitionReassignmentsRequest) (*ListPartitionReassignmentsResponse, error) {627response := new(ListPartitionReassignmentsResponse)628err := b.sendAndReceive(request, response)630if err != nil {631return nil, err632}633return response, nil635}636// DeleteRecords send a request to delete records and return delete record638// response or error639func (b *Broker) DeleteRecords(request *DeleteRecordsRequest) (*DeleteRecordsResponse, error) {640response := new(DeleteRecordsResponse)641err := b.sendAndReceive(request, response)643if err != nil {644return nil, err645}646return response, nil648}649// DescribeAcls sends a describe acl request and returns a response or error651func (b *Broker) DescribeAcls(request *DescribeAclsRequest) (*DescribeAclsResponse, error) {652response := new(DescribeAclsResponse)653err := b.sendAndReceive(request, response)655if err != nil {656return nil, err657}658return response, nil660}661// CreateAcls sends a create acl request and returns a response or error663func (b *Broker) CreateAcls(request *CreateAclsRequest) (*CreateAclsResponse, error) {664response := new(CreateAclsResponse)665err := b.sendAndReceive(request, response)667if err != nil {668return nil, err669}670errs := make([]error, 0)672for _, res := range response.AclCreationResponses {673if !errors.Is(res.Err, ErrNoError) {674errs = append(errs, res.Err)675}676}677if len(errs) > 0 {679return response, Wrap(ErrCreateACLs, errs...)680}681return response, nil683}684// DeleteAcls sends a delete acl request and returns a response or error686func (b *Broker) DeleteAcls(request *DeleteAclsRequest) (*DeleteAclsResponse, error) {687response := new(DeleteAclsResponse)688err := b.sendAndReceive(request, response)690if err != nil {691return nil, err692}693return response, nil695}696// InitProducerID sends an init producer request and returns a response or error698func (b *Broker) InitProducerID(request *InitProducerIDRequest) (*InitProducerIDResponse, error) {699response := new(InitProducerIDResponse)700err := b.sendAndReceive(request, response)702if err != nil {703return nil, err704}705return response, nil707}708// AddPartitionsToTxn send a request to add partition to txn and returns710// a response or error711func (b *Broker) AddPartitionsToTxn(request *AddPartitionsToTxnRequest) (*AddPartitionsToTxnResponse, error) {712response := new(AddPartitionsToTxnResponse)713err := b.sendAndReceive(request, response)715if err != nil {716return nil, err717}718return response, nil720}721// AddOffsetsToTxn sends a request to add offsets to txn and returns a response723// or error724func (b *Broker) AddOffsetsToTxn(request *AddOffsetsToTxnRequest) (*AddOffsetsToTxnResponse, error) {725response := new(AddOffsetsToTxnResponse)726err := b.sendAndReceive(request, response)728if err != nil {729return nil, err730}731return response, nil733}734// EndTxn sends a request to end txn and returns a response or error736func (b *Broker) EndTxn(request *EndTxnRequest) (*EndTxnResponse, error) {737response := new(EndTxnResponse)738err := b.sendAndReceive(request, response)740if err != nil {741return nil, err742}743return response, nil745}746// TxnOffsetCommit sends a request to commit transaction offsets and returns748// a response or error749func (b *Broker) TxnOffsetCommit(request *TxnOffsetCommitRequest) (*TxnOffsetCommitResponse, error) {750response := new(TxnOffsetCommitResponse)751err := b.sendAndReceive(request, response)753if err != nil {754return nil, err755}756return response, nil758}759// DescribeConfigs sends a request to describe config and returns a response or761// error762func (b *Broker) DescribeConfigs(request *DescribeConfigsRequest) (*DescribeConfigsResponse, error) {763response := new(DescribeConfigsResponse)764err := b.sendAndReceive(request, response)766if err != nil {767return nil, err768}769return response, nil771}772// AlterConfigs sends a request to alter config and return a response or error774func (b *Broker) AlterConfigs(request *AlterConfigsRequest) (*AlterConfigsResponse, error) {775response := new(AlterConfigsResponse)776err := b.sendAndReceive(request, response)778if err != nil {779return nil, err780}781return response, nil783}784// IncrementalAlterConfigs sends a request to incremental alter config and return a response or error786func (b *Broker) IncrementalAlterConfigs(request *IncrementalAlterConfigsRequest) (*IncrementalAlterConfigsResponse, error) {787response := new(IncrementalAlterConfigsResponse)788err := b.sendAndReceive(request, response)790if err != nil {791return nil, err792}793return response, nil795}796// DeleteGroups sends a request to delete groups and returns a response or error798func (b *Broker) DeleteGroups(request *DeleteGroupsRequest) (*DeleteGroupsResponse, error) {799response := new(DeleteGroupsResponse)800if err := b.sendAndReceive(request, response); err != nil {802return nil, err803}804return response, nil806}807// DeleteOffsets sends a request to delete group offsets and returns a response or error809func (b *Broker) DeleteOffsets(request *DeleteOffsetsRequest) (*DeleteOffsetsResponse, error) {810response := new(DeleteOffsetsResponse)811if err := b.sendAndReceive(request, response); err != nil {813return nil, err814}815return response, nil817}818// DescribeLogDirs sends a request to get the broker's log dir paths and sizes820func (b *Broker) DescribeLogDirs(request *DescribeLogDirsRequest) (*DescribeLogDirsResponse, error) {821response := new(DescribeLogDirsResponse)822err := b.sendAndReceive(request, response)824if err != nil {825return nil, err826}827return response, nil829}830// DescribeUserScramCredentials sends a request to get SCRAM users832func (b *Broker) DescribeUserScramCredentials(req *DescribeUserScramCredentialsRequest) (*DescribeUserScramCredentialsResponse, error) {833res := new(DescribeUserScramCredentialsResponse)834err := b.sendAndReceive(req, res)836if err != nil {837return nil, err838}839return res, err841}842func (b *Broker) AlterUserScramCredentials(req *AlterUserScramCredentialsRequest) (*AlterUserScramCredentialsResponse, error) {844res := new(AlterUserScramCredentialsResponse)845err := b.sendAndReceive(req, res)847if err != nil {848return nil, err849}850return res, nil852}853// DescribeClientQuotas sends a request to get the broker's quotas855func (b *Broker) DescribeClientQuotas(request *DescribeClientQuotasRequest) (*DescribeClientQuotasResponse, error) {856response := new(DescribeClientQuotasResponse)857err := b.sendAndReceive(request, response)859if err != nil {860return nil, err861}862return response, nil864}865// AlterClientQuotas sends a request to alter the broker's quotas867func (b *Broker) AlterClientQuotas(request *AlterClientQuotasRequest) (*AlterClientQuotasResponse, error) {868response := new(AlterClientQuotasResponse)869err := b.sendAndReceive(request, response)871if err != nil {872return nil, err873}874return response, nil876}877// readFull ensures the conn ReadDeadline has been setup before making a879// call to io.ReadFull880func (b *Broker) readFull(buf []byte) (n int, err error) {881if err := b.conn.SetReadDeadline(time.Now().Add(b.conf.Net.ReadTimeout)); err != nil {882return 0, err883}884return io.ReadFull(b.conn, buf)886}887// write ensures the conn WriteDeadline has been setup before making a889// call to conn.Write890func (b *Broker) write(buf []byte) (n int, err error) {891if err := b.conn.SetWriteDeadline(time.Now().Add(b.conf.Net.WriteTimeout)); err != nil {892return 0, err893}894return b.conn.Write(buf)896}897func (b *Broker) send(rb protocolBody, promiseResponse bool, responseHeaderVersion int16) (*responsePromise, error) {899var promise *responsePromise900if promiseResponse {901// Packets or error will be sent to the following channels902// once the response is received903promise = &responsePromise{904headerVersion: responseHeaderVersion,905packets: make(chan []byte),906errors: make(chan error),907}908}909if err := b.sendWithPromise(rb, promise); err != nil {911return nil, err912}913return promise, nil915}916func (b *Broker) sendWithPromise(rb protocolBody, promise *responsePromise) error {918b.lock.Lock()919defer b.lock.Unlock()920if b.conn == nil {922if b.connErr != nil {923return b.connErr924}925return ErrNotConnected926}927if b.clientSessionReauthenticationTimeMs > 0 && currentUnixMilli() > b.clientSessionReauthenticationTimeMs {929err := b.authenticateViaSASL()930if err != nil {931return err932}933}934if !b.conf.Version.IsAtLeast(rb.requiredVersion()) {936return ErrUnsupportedVersion937}938req := &request{correlationID: b.correlationID, clientID: b.conf.ClientID, body: rb}940buf, err := encode(req, b.conf.MetricRegistry)941if err != nil {942return err943}944requestTime := time.Now()946// Will be decremented in responseReceiver (except error or request with NoResponse)947b.addRequestInFlightMetrics(1)948bytes, err := b.write(buf)949b.updateOutgoingCommunicationMetrics(bytes)950if err != nil {951b.addRequestInFlightMetrics(-1)952return err953}954b.correlationID++955if promise == nil {957// Record request latency without the response958b.updateRequestLatencyAndInFlightMetrics(time.Since(requestTime))959return nil960}961promise.requestTime = requestTime963promise.correlationID = req.correlationID964b.responses <- promise965return nil967}968func (b *Broker) sendAndReceive(req protocolBody, res protocolBody) error {970responseHeaderVersion := int16(-1)971if res != nil {972responseHeaderVersion = res.headerVersion()973}974promise, err := b.send(req, res != nil, responseHeaderVersion)976if err != nil {977return err978}979if promise == nil {981return nil982}983select {985case buf := <-promise.packets:986return versionedDecode(buf, res, req.version())987case err = <-promise.errors:988return err989}990}991func (b *Broker) decode(pd packetDecoder, version int16) (err error) {993b.id, err = pd.getInt32()994if err != nil {995return err996}997host, err := pd.getString()999if err != nil {1000return err1001}1002port, err := pd.getInt32()1004if err != nil {1005return err1006}1007if version >= 1 {1009b.rack, err = pd.getNullableString()1010if err != nil {1011return err1012}1013}1014b.addr = net.JoinHostPort(host, fmt.Sprint(port))1016if _, _, err := net.SplitHostPort(b.addr); err != nil {1017return err1018}1019return nil1021}1022func (b *Broker) encode(pe packetEncoder, version int16) (err error) {1024host, portstr, err := net.SplitHostPort(b.addr)1025if err != nil {1026return err1027}1028port, err := strconv.ParseInt(portstr, 10, 32)1030if err != nil {1031return err1032}1033pe.putInt32(b.id)1035err = pe.putString(host)1037if err != nil {1038return err1039}1040pe.putInt32(int32(port))1042if version >= 1 {1044err = pe.putNullableString(b.rack)1045if err != nil {1046return err1047}1048}1049return nil1051}1052func (b *Broker) responseReceiver() {1054var dead error1055for response := range b.responses {1057if dead != nil {1058// This was previously incremented in send() and1059// we are not calling updateIncomingCommunicationMetrics()1060b.addRequestInFlightMetrics(-1)1061response.handle(nil, dead)1062continue1063}1064headerLength := getHeaderLength(response.headerVersion)1066header := make([]byte, headerLength)1067bytesReadHeader, err := b.readFull(header)1069requestLatency := time.Since(response.requestTime)1070if err != nil {1071b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)1072dead = err1073response.handle(nil, err)1074continue1075}1076decodedHeader := responseHeader{}1078err = versionedDecode(header, &decodedHeader, response.headerVersion)1079if err != nil {1080b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)1081dead = err1082response.handle(nil, err)1083continue1084}1085if decodedHeader.correlationID != response.correlationID {1086b.updateIncomingCommunicationMetrics(bytesReadHeader, requestLatency)1087// TODO if decoded ID < cur ID, discard until we catch up1088// TODO if decoded ID > cur ID, save it so when cur ID catches up we have a response1089dead = PacketDecodingError{fmt.Sprintf("correlation ID didn't match, wanted %d, got %d", response.correlationID, decodedHeader.correlationID)}1090response.handle(nil, dead)1091continue1092}1093buf := make([]byte, decodedHeader.length-int32(headerLength)+4)1095bytesReadBody, err := b.readFull(buf)1096b.updateIncomingCommunicationMetrics(bytesReadHeader+bytesReadBody, requestLatency)1097if err != nil {1098dead = err1099response.handle(nil, err)1100continue1101}1102response.handle(buf, nil)1104}1105close(b.done)1106}1107func getHeaderLength(headerVersion int16) int8 {1109if headerVersion < 1 {1110return 81111} else {1112// header contains additional tagged field length (0), we don't support actual tags yet.1113return 91114}1115}1116func (b *Broker) authenticateViaSASL() error {1118switch b.conf.Net.SASL.Mechanism {1119case SASLTypeOAuth:1120return b.sendAndReceiveSASLOAuth(b.conf.Net.SASL.TokenProvider)1121case SASLTypeSCRAMSHA256, SASLTypeSCRAMSHA512:1122return b.sendAndReceiveSASLSCRAM()1123case SASLTypeGSSAPI:1124return b.sendAndReceiveKerberos()1125default:1126return b.sendAndReceiveSASLPlainAuth()1127}1128}1129func (b *Broker) sendAndReceiveKerberos() error {1131b.kerberosAuthenticator.Config = &b.conf.Net.SASL.GSSAPI1132if b.kerberosAuthenticator.NewKerberosClientFunc == nil {1133b.kerberosAuthenticator.NewKerberosClientFunc = NewKerberosClient1134}1135return b.kerberosAuthenticator.Authorize(b)1136}1137func (b *Broker) sendAndReceiveSASLHandshake(saslType SASLMechanism, version int16) error {1139rb := &SaslHandshakeRequest{Mechanism: string(saslType), Version: version}1140req := &request{correlationID: b.correlationID, clientID: b.conf.ClientID, body: rb}1142buf, err := encode(req, b.conf.MetricRegistry)1143if err != nil {1144return err1145}1146requestTime := time.Now()1148// Will be decremented in updateIncomingCommunicationMetrics (except error)1149b.addRequestInFlightMetrics(1)1150bytes, err := b.write(buf)1151b.updateOutgoingCommunicationMetrics(bytes)1152if err != nil {1153b.addRequestInFlightMetrics(-1)1154Logger.Printf("Failed to send SASL handshake %s: %s\n", b.addr, err.Error())1155return err1156}1157b.correlationID++1158header := make([]byte, 8) // response header1160_, err = b.readFull(header)1161if err != nil {1162b.addRequestInFlightMetrics(-1)1163Logger.Printf("Failed to read SASL handshake header : %s\n", err.Error())1164return err1165}1166length := binary.BigEndian.Uint32(header[:4])1168payload := make([]byte, length-4)1169n, err := b.readFull(payload)1170if err != nil {1171b.addRequestInFlightMetrics(-1)1172Logger.Printf("Failed to read SASL handshake payload : %s\n", err.Error())1173return err1174}1175b.updateIncomingCommunicationMetrics(n+8, time.Since(requestTime))1177res := &SaslHandshakeResponse{}1178err = versionedDecode(payload, res, 0)1180if err != nil {1181Logger.Printf("Failed to parse SASL handshake : %s\n", err.Error())1182return err1183}1184if !errors.Is(res.Err, ErrNoError) {1186Logger.Printf("Invalid SASL Mechanism : %s\n", res.Err.Error())1187return res.Err1188}1189DebugLogger.Print("Completed pre-auth SASL handshake. Available mechanisms: ", res.EnabledMechanisms)1191return nil1192}1193// Kafka 0.10.x supported SASL PLAIN/Kerberos via KAFKA-3149 (KIP-43).1195// Kafka 1.x.x onward added a SaslAuthenticate request/response message which1196// wraps the SASL flow in the Kafka protocol, which allows for returning1197// meaningful errors on authentication failure.1198//1199// In SASL Plain, Kafka expects the auth header to be in the following format1200// Message format (from https://tools.ietf.org/html/rfc4616):1201//1202// message = [authzid] UTF8NUL authcid UTF8NUL passwd1203// authcid = 1*SAFE ; MUST accept up to 255 octets1204// authzid = 1*SAFE ; MUST accept up to 255 octets1205// passwd = 1*SAFE ; MUST accept up to 255 octets1206// UTF8NUL = %x00 ; UTF-8 encoded NUL character1207//1208// SAFE = UTF1 / UTF2 / UTF3 / UTF41209// ;; any UTF-8 encoded Unicode character except NUL1210//1211// With SASL v0 handshake and auth then:1212// When credentials are valid, Kafka returns a 4 byte array of null characters.1213// When credentials are invalid, Kafka closes the connection.1214//1215// With SASL v1 handshake and auth then:1216// When credentials are invalid, Kafka replies with a SaslAuthenticate response1217// containing an error code and message detailing the authentication failure.1218func (b *Broker) sendAndReceiveSASLPlainAuth() error {1219// default to V0 to allow for backward compatibility when SASL is enabled1220// but not the handshake1221if b.conf.Net.SASL.Handshake {1222handshakeErr := b.sendAndReceiveSASLHandshake(SASLTypePlaintext, b.conf.Net.SASL.Version)1223if handshakeErr != nil {1224Logger.Printf("Error while performing SASL handshake %s\n", b.addr)1225return handshakeErr1226}1227}1228if b.conf.Net.SASL.Version == SASLHandshakeV1 {1230return b.sendAndReceiveV1SASLPlainAuth()1231}1232return b.sendAndReceiveV0SASLPlainAuth()1233}1234// sendAndReceiveV0SASLPlainAuth flows the v0 sasl auth NOT wrapped in the kafka protocol1236func (b *Broker) sendAndReceiveV0SASLPlainAuth() error {1237length := len(b.conf.Net.SASL.AuthIdentity) + 1 + len(b.conf.Net.SASL.User) + 1 + len(b.conf.Net.SASL.Password)1238authBytes := make([]byte, length+4) // 4 byte length header + auth data1239binary.BigEndian.PutUint32(authBytes, uint32(length))1240copy(authBytes[4:], b.conf.Net.SASL.AuthIdentity+"\x00"+b.conf.Net.SASL.User+"\x00"+b.conf.Net.SASL.Password)1241requestTime := time.Now()1243// Will be decremented in updateIncomingCommunicationMetrics (except error)1244b.addRequestInFlightMetrics(1)1245bytesWritten, err := b.write(authBytes)1246b.updateOutgoingCommunicationMetrics(bytesWritten)1247if err != nil {1248b.addRequestInFlightMetrics(-1)1249Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())1250return err1251}1252header := make([]byte, 4)1254n, err := b.readFull(header)1255b.updateIncomingCommunicationMetrics(n, time.Since(requestTime))1256// If the credentials are valid, we would get a 4 byte response filled with null characters.1257// Otherwise, the broker closes the connection and we get an EOF1258if err != nil {1259Logger.Printf("Failed to read response while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())1260return err1261}1262DebugLogger.Printf("SASL authentication successful with broker %s:%v - %v\n", b.addr, n, header)1264return nil1265}1266// sendAndReceiveV1SASLPlainAuth flows the v1 sasl authentication using the kafka protocol1268func (b *Broker) sendAndReceiveV1SASLPlainAuth() error {1269correlationID := b.correlationID1270requestTime := time.Now()1272// Will be decremented in updateIncomingCommunicationMetrics (except error)1274b.addRequestInFlightMetrics(1)1275bytesWritten, resVersion, err := b.sendSASLPlainAuthClientResponse(correlationID)1276b.updateOutgoingCommunicationMetrics(bytesWritten)1277if err != nil {1279b.addRequestInFlightMetrics(-1)1280Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())1281return err1282}1283b.correlationID++1285res := &SaslAuthenticateResponse{}1287bytesRead, err := b.receiveSASLServerResponse(res, correlationID, resVersion)1288b.updateIncomingCommunicationMetrics(bytesRead, time.Since(requestTime))1289// With v1 sasl we get an error message set in the response we can return1291if err != nil {1292Logger.Printf(1293"Error returned from broker %s during SASL authentication: %v\n",1294b.addr, err.Error())1295return err1296}1297return nil1299}1300func currentUnixMilli() int64 {1302return time.Now().UnixNano() / int64(time.Millisecond)1303}1304// sendAndReceiveSASLOAuth performs the authentication flow as described by KIP-2551306// https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=759688761307func (b *Broker) sendAndReceiveSASLOAuth(provider AccessTokenProvider) error {1308if err := b.sendAndReceiveSASLHandshake(SASLTypeOAuth, SASLHandshakeV1); err != nil {1309return err1310}1311token, err := provider.Token()1313if err != nil {1314return err1315}1316message, err := buildClientFirstMessage(token)1318if err != nil {1319return err1320}1321challenged, err := b.sendClientMessage(message)1323if err != nil {1324return err1325}1326if challenged {1328// Abort the token exchange. The broker returns the failure code.1329_, err = b.sendClientMessage([]byte(`\x01`))1330}1331return err1333}1334// sendClientMessage sends a SASL/OAUTHBEARER client message and returns true1336// if the broker responds with a challenge, in which case the token is1337// rejected.1338func (b *Broker) sendClientMessage(message []byte) (bool, error) {1339requestTime := time.Now()1340// Will be decremented in updateIncomingCommunicationMetrics (except error)1341b.addRequestInFlightMetrics(1)1342correlationID := b.correlationID1343bytesWritten, resVersion, err := b.sendSASLOAuthBearerClientMessage(message, correlationID)1345b.updateOutgoingCommunicationMetrics(bytesWritten)1346if err != nil {1347b.addRequestInFlightMetrics(-1)1348return false, err1349}1350b.correlationID++1352res := &SaslAuthenticateResponse{}1354bytesRead, err := b.receiveSASLServerResponse(res, correlationID, resVersion)1355requestLatency := time.Since(requestTime)1357b.updateIncomingCommunicationMetrics(bytesRead, requestLatency)1358isChallenge := len(res.SaslAuthBytes) > 01360if isChallenge && err != nil {1362Logger.Printf("Broker rejected authentication token: %s", res.SaslAuthBytes)1363}1364return isChallenge, err1366}1367func (b *Broker) sendAndReceiveSASLSCRAM() error {1369if b.conf.Net.SASL.Version == SASLHandshakeV0 {1370return b.sendAndReceiveSASLSCRAMv0()1371}1372return b.sendAndReceiveSASLSCRAMv1()1373}1374func (b *Broker) sendAndReceiveSASLSCRAMv0() error {1376if err := b.sendAndReceiveSASLHandshake(b.conf.Net.SASL.Mechanism, SASLHandshakeV0); err != nil {1377return err1378}1379scramClient := b.conf.Net.SASL.SCRAMClientGeneratorFunc()1381if err := scramClient.Begin(b.conf.Net.SASL.User, b.conf.Net.SASL.Password, b.conf.Net.SASL.SCRAMAuthzID); err != nil {1382return fmt.Errorf("failed to start SCRAM exchange with the server: %w", err)1383}1384msg, err := scramClient.Step("")1386if err != nil {1387return fmt.Errorf("failed to advance the SCRAM exchange: %w", err)1388}1389for !scramClient.Done() {1391requestTime := time.Now()1392// Will be decremented in updateIncomingCommunicationMetrics (except error)1393b.addRequestInFlightMetrics(1)1394length := len(msg)1395authBytes := make([]byte, length+4) //4 byte length header + auth data1396binary.BigEndian.PutUint32(authBytes, uint32(length))1397copy(authBytes[4:], []byte(msg))1398_, err := b.write(authBytes)1399b.updateOutgoingCommunicationMetrics(length + 4)1400if err != nil {1401b.addRequestInFlightMetrics(-1)1402Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())1403return err1404}1405b.correlationID++1406header := make([]byte, 4)1407_, err = b.readFull(header)1408if err != nil {1409b.addRequestInFlightMetrics(-1)1410Logger.Printf("Failed to read response header while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())1411return err1412}1413payload := make([]byte, int32(binary.BigEndian.Uint32(header)))1414n, err := b.readFull(payload)1415if err != nil {1416b.addRequestInFlightMetrics(-1)1417Logger.Printf("Failed to read response payload while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())1418return err1419}1420b.updateIncomingCommunicationMetrics(n+4, time.Since(requestTime))1421msg, err = scramClient.Step(string(payload))1422if err != nil {1423Logger.Println("SASL authentication failed", err)1424return err1425}1426}1427DebugLogger.Println("SASL authentication succeeded")1429return nil1430}1431func (b *Broker) sendAndReceiveSASLSCRAMv1() error {1433if err := b.sendAndReceiveSASLHandshake(b.conf.Net.SASL.Mechanism, SASLHandshakeV1); err != nil {1434return err1435}1436scramClient := b.conf.Net.SASL.SCRAMClientGeneratorFunc()1438if err := scramClient.Begin(b.conf.Net.SASL.User, b.conf.Net.SASL.Password, b.conf.Net.SASL.SCRAMAuthzID); err != nil {1439return fmt.Errorf("failed to start SCRAM exchange with the server: %w", err)1440}1441msg, err := scramClient.Step("")1443if err != nil {1444return fmt.Errorf("failed to advance the SCRAM exchange: %w", err)1445}1446for !scramClient.Done() {1448requestTime := time.Now()1449// Will be decremented in updateIncomingCommunicationMetrics (except error)1450b.addRequestInFlightMetrics(1)1451correlationID := b.correlationID1452bytesWritten, err := b.sendSaslAuthenticateRequest(correlationID, []byte(msg))1453b.updateOutgoingCommunicationMetrics(bytesWritten)1454if err != nil {1455b.addRequestInFlightMetrics(-1)1456Logger.Printf("Failed to write SASL auth header to broker %s: %s\n", b.addr, err.Error())1457return err1458}1459b.correlationID++1461challenge, err := b.receiveSaslAuthenticateResponse(correlationID)1462if err != nil {1463b.addRequestInFlightMetrics(-1)1464Logger.Printf("Failed to read response while authenticating with SASL to broker %s: %s\n", b.addr, err.Error())1465return err1466}1467b.updateIncomingCommunicationMetrics(len(challenge), time.Since(requestTime))1469msg, err = scramClient.Step(string(challenge))1470if err != nil {1471Logger.Println("SASL authentication failed", err)1472return err1473}1474}1475DebugLogger.Println("SASL authentication succeeded")1477return nil1478}1479func (b *Broker) sendSaslAuthenticateRequest(correlationID int32, msg []byte) (int, error) {1481rb := b.createSaslAuthenticateRequest(msg)1482req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}1483buf, err := encode(req, b.conf.MetricRegistry)1484if err != nil {1485return 0, err1486}1487return b.write(buf)1489}1490func (b *Broker) createSaslAuthenticateRequest(msg []byte) *SaslAuthenticateRequest {1492authenticateRequest := SaslAuthenticateRequest{SaslAuthBytes: msg}1493if b.conf.Version.IsAtLeast(V2_2_0_0) {1494authenticateRequest.Version = 11495}1496return &authenticateRequest1498}1499func (b *Broker) receiveSaslAuthenticateResponse(correlationID int32) ([]byte, error) {1501buf := make([]byte, responseLengthSize+correlationIDSize)1502_, err := b.readFull(buf)1503if err != nil {1504return nil, err1505}1506header := responseHeader{}1508err = versionedDecode(buf, &header, 0)1509if err != nil {1510return nil, err1511}1512if header.correlationID != correlationID {1514return nil, fmt.Errorf("correlation ID didn't match, wanted %d, got %d", b.correlationID, header.correlationID)1515}1516buf = make([]byte, header.length-correlationIDSize)1518_, err = b.readFull(buf)1519if err != nil {1520return nil, err1521}1522res := &SaslAuthenticateResponse{}1524if err := versionedDecode(buf, res, 0); err != nil {1525return nil, err1526}1527if !errors.Is(res.Err, ErrNoError) {1528return nil, res.Err1529}1530return res.SaslAuthBytes, nil1531}1532// Build SASL/OAUTHBEARER initial client response as described by RFC-76281534// https://tools.ietf.org/html/rfc76281535func buildClientFirstMessage(token *AccessToken) ([]byte, error) {1536var ext string1537if token.Extensions != nil && len(token.Extensions) > 0 {1539if _, ok := token.Extensions[SASLExtKeyAuth]; ok {1540return []byte{}, fmt.Errorf("the extension `%s` is invalid", SASLExtKeyAuth)1541}1542ext = "\x01" + mapToString(token.Extensions, "=", "\x01")1543}1544resp := []byte(fmt.Sprintf("n,,\x01auth=Bearer %s%s\x01\x01", token.Token, ext))1546return resp, nil1548}1549// mapToString returns a list of key-value pairs ordered by key.1551// keyValSep separates the key from the value. elemSep separates each pair.1552func mapToString(extensions map[string]string, keyValSep string, elemSep string) string {1553buf := make([]string, 0, len(extensions))1554for k, v := range extensions {1556buf = append(buf, k+keyValSep+v)1557}1558sort.Strings(buf)1560return strings.Join(buf, elemSep)1562}1563func (b *Broker) sendSASLPlainAuthClientResponse(correlationID int32) (int, int16, error) {1565authBytes := []byte(b.conf.Net.SASL.AuthIdentity + "\x00" + b.conf.Net.SASL.User + "\x00" + b.conf.Net.SASL.Password)1566rb := b.createSaslAuthenticateRequest(authBytes)1567req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}1568buf, err := encode(req, b.conf.MetricRegistry)1569if err != nil {1570return 0, rb.Version, err1571}1572write, err := b.write(buf)1574return write, rb.Version, err1575}1576func (b *Broker) sendSASLOAuthBearerClientMessage(initialResp []byte, correlationID int32) (int, int16, error) {1578rb := b.createSaslAuthenticateRequest(initialResp)1579req := &request{correlationID: correlationID, clientID: b.conf.ClientID, body: rb}1581buf, err := encode(req, b.conf.MetricRegistry)1583if err != nil {1584return 0, rb.version(), err1585}1586write, err := b.write(buf)1588return write, rb.version(), err1589}1590func (b *Broker) receiveSASLServerResponse(res *SaslAuthenticateResponse, correlationID int32, resVersion int16) (int, error) {1592buf := make([]byte, responseLengthSize+correlationIDSize)1593bytesRead, err := b.readFull(buf)1594if err != nil {1595return bytesRead, err1596}1597header := responseHeader{}1599err = versionedDecode(buf, &header, 0)1600if err != nil {1601return bytesRead, err1602}1603if header.correlationID != correlationID {1605return bytesRead, fmt.Errorf("correlation ID didn't match, wanted %d, got %d", b.correlationID, header.correlationID)1606}1607buf = make([]byte, header.length-correlationIDSize)1609c, err := b.readFull(buf)1610bytesRead += c1611if err != nil {1612return bytesRead, err1613}1614if err := versionedDecode(buf, res, resVersion); err != nil {1616return bytesRead, err1617}1618if !errors.Is(res.Err, ErrNoError) {1620var err error = res.Err1621if res.ErrorMessage != nil {1622err = Wrap(res.Err, errors.New(*res.ErrorMessage))1623}1624return bytesRead, err1625}1626if res.SessionLifetimeMs > 0 {1628// Follows the Java Kafka implementation from SaslClientAuthenticator.ReauthInfo#setAuthenticationEndAndSessionReauthenticationTimes1629// pick a random percentage between 85% and 95% for session re-authentication1630positiveSessionLifetimeMs := res.SessionLifetimeMs1631authenticationEndMs := currentUnixMilli()1632pctWindowFactorToTakeNetworkLatencyAndClockDriftIntoAccount := 0.851633pctWindowJitterToAvoidReauthenticationStormAcrossManyChannelsSimultaneously := 0.101634pctToUse := pctWindowFactorToTakeNetworkLatencyAndClockDriftIntoAccount + rand.Float64()*pctWindowJitterToAvoidReauthenticationStormAcrossManyChannelsSimultaneously1635sessionLifetimeMsToUse := int64(float64(positiveSessionLifetimeMs) * pctToUse)1636DebugLogger.Printf("Session expiration in %d ms and session re-authentication on or after %d ms", positiveSessionLifetimeMs, sessionLifetimeMsToUse)1637b.clientSessionReauthenticationTimeMs = authenticationEndMs + sessionLifetimeMsToUse1638} else {1639b.clientSessionReauthenticationTimeMs = 01640}1641return bytesRead, nil1643}1644func (b *Broker) updateIncomingCommunicationMetrics(bytes int, requestLatency time.Duration) {1646b.updateRequestLatencyAndInFlightMetrics(requestLatency)1647b.responseRate.Mark(1)1648if b.brokerResponseRate != nil {1650b.brokerResponseRate.Mark(1)1651}1652responseSize := int64(bytes)1654b.incomingByteRate.Mark(responseSize)1655if b.brokerIncomingByteRate != nil {1656b.brokerIncomingByteRate.Mark(responseSize)1657}1658b.responseSize.Update(responseSize)1660if b.brokerResponseSize != nil {1661b.brokerResponseSize.Update(responseSize)1662}1663}1664func (b *Broker) updateRequestLatencyAndInFlightMetrics(requestLatency time.Duration) {1666requestLatencyInMs := int64(requestLatency / time.Millisecond)1667b.requestLatency.Update(requestLatencyInMs)1668if b.brokerRequestLatency != nil {1670b.brokerRequestLatency.Update(requestLatencyInMs)1671}1672b.addRequestInFlightMetrics(-1)1674}1675func (b *Broker) addRequestInFlightMetrics(i int64) {1677b.requestsInFlight.Inc(i)1678if b.brokerRequestsInFlight != nil {1679b.brokerRequestsInFlight.Inc(i)1680}1681}1682func (b *Broker) updateOutgoingCommunicationMetrics(bytes int) {1684b.requestRate.Mark(1)1685if b.brokerRequestRate != nil {1686b.brokerRequestRate.Mark(1)1687}1688requestSize := int64(bytes)1690b.outgoingByteRate.Mark(requestSize)1691if b.brokerOutgoingByteRate != nil {1692b.brokerOutgoingByteRate.Mark(requestSize)1693}1694b.requestSize.Update(requestSize)1696if b.brokerRequestSize != nil {1697b.brokerRequestSize.Update(requestSize)1698}1699}1700func (b *Broker) updateThrottleMetric(throttleTime time.Duration) {1702if throttleTime != time.Duration(0) {1703DebugLogger.Printf(1704"producer/broker/%d ProduceResponse throttled %v\n",1705b.ID(), throttleTime)1706if b.brokerThrottleTime != nil {1707throttleTimeInMs := int64(throttleTime / time.Millisecond)1708b.brokerThrottleTime.Update(throttleTimeInMs)1709}1710}1711}1712func (b *Broker) registerMetrics() {1714b.brokerIncomingByteRate = b.registerMeter("incoming-byte-rate")1715b.brokerRequestRate = b.registerMeter("request-rate")1716b.brokerRequestSize = b.registerHistogram("request-size")1717b.brokerRequestLatency = b.registerHistogram("request-latency-in-ms")1718b.brokerOutgoingByteRate = b.registerMeter("outgoing-byte-rate")1719b.brokerResponseRate = b.registerMeter("response-rate")1720b.brokerResponseSize = b.registerHistogram("response-size")1721b.brokerRequestsInFlight = b.registerCounter("requests-in-flight")1722b.brokerThrottleTime = b.registerHistogram("throttle-time-in-ms")1723}1724func (b *Broker) unregisterMetrics() {1726for name := range b.registeredMetrics {1727b.conf.MetricRegistry.Unregister(name)1728}1729b.registeredMetrics = nil1730}1731func (b *Broker) registerMeter(name string) metrics.Meter {1733nameForBroker := getMetricNameForBroker(name, b)1734if b.registeredMetrics == nil {1735b.registeredMetrics = map[string]struct{}{}1736}1737b.registeredMetrics[nameForBroker] = struct{}{}1738return metrics.GetOrRegisterMeter(nameForBroker, b.conf.MetricRegistry)1739}1740func (b *Broker) registerHistogram(name string) metrics.Histogram {1742nameForBroker := getMetricNameForBroker(name, b)1743if b.registeredMetrics == nil {1744b.registeredMetrics = map[string]struct{}{}1745}1746b.registeredMetrics[nameForBroker] = struct{}{}1747return getOrRegisterHistogram(nameForBroker, b.conf.MetricRegistry)1748}1749func (b *Broker) registerCounter(name string) metrics.Counter {1751nameForBroker := getMetricNameForBroker(name, b)1752if b.registeredMetrics == nil {1753b.registeredMetrics = map[string]struct{}{}1754}1755b.registeredMetrics[nameForBroker] = struct{}{}1756return metrics.GetOrRegisterCounter(nameForBroker, b.conf.MetricRegistry)1757}1758func validServerNameTLS(addr string, cfg *tls.Config) *tls.Config {1760if cfg == nil {1761cfg = &tls.Config{1762MinVersion: tls.VersionTLS12,1763}1764}1765if cfg.ServerName != "" {1766return cfg1767}1768c := cfg.Clone()1770sn, _, err := net.SplitHostPort(addr)1771if err != nil {1772Logger.Println(fmt.Errorf("failed to get ServerName from addr %w", err))1773}1774c.ServerName = sn1775return c1776}1777