2

我们使用的 sasl 机制是,但是SCRAM-SHA-256kafka 生产者只会接受sasl_mechanism, PLAIN,GSSAPIOAUTHBEARER

以下配置将给出错误

sasl_mechanism must be in PLAIN, GSSAPI, OAUTHBEARER

配置

    ssl_produce = KafkaProducer(bootstrap_servers='brokerCName:9093',
                     security_protocol='SASL_SSL',
                     ssl_cafile='pemfilename.pem',
                     sasl_mechanism='SCRAM-SHA-256',
                     sasl_plain_username='password',
                     sasl_plain_password='secret')

我需要知道如何指定正确的 sasl 机制。

谢谢

4

2 回答 2

4

kafka-python在2.0.0版本中SCRAM-SHA-256都支持。SCRAM-SHA-512

于 2020-02-13T13:20:47.563 回答
3

更新了 kafka-python v2.0.0+ 的答案

2.0.0 开始,kafka-python 支持SCRAM-SHA-256SCRAM-SHA-512.


旧版本的先前答案kafka-python

据我了解,您正在使用kafka-python客户端。从源代码中,我可以看到这sasl_mechanism='SCRAM-SHA-256'不是一个有效的选项:

    """
    ...
    sasl_mechanism (str): Authentication mechanism when security_protocol
        is configured for SASL_PLAINTEXT or SASL_SSL. Valid values are:
        PLAIN, GSSAPI, OAUTHBEARER.
    ...
    """

    if self.config['security_protocol'] in ('SASL_PLAINTEXT', 'SASL_SSL'):
        assert self.config['sasl_mechanism'] in self.SASL_MECHANISMS, (
            'sasl_mechanism must be in ' + ', '.join(self.SASL_MECHANISMS)) 

一种快速的解决方法是使用confluent-kafka支持的客户端 sasl_mechanism='SCRAM-SHA-256'

from confluent_kafka import Producer 

# See https://github.com/edenhill/librdkafka/blob/master/CONFIGURATION.md
conf = {
    'bootstrap.servers': 'localhost:9092',
    'security.protocol': 'SASL_SSL',
    'sasl.mechanisms': 'SCRAM-SHA-256',
    'sasl.username': 'yourUsername',
    'sasl.password': 'yourPassword', 
    # any other config you like ..
}

p = Producer(**conf)
 
# Rest of your code goes here.. 
于 2019-07-31T12:42:19.817 回答