backend: support AWS IAM role auth

vrmare · Feb 13, 2024 · 9a3353e · 9a3353e
1 parent 330971d
commit 9a3353e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 8 deletions.
diff --git a/backend/go.mod b/backend/go.mod
@@ -50,6 +50,7 @@ require (
 	github.com/twmb/go-cache v1.2.0
 	github.com/vmihailenco/msgpack/v5 v5.4.1
 	github.com/zencoder/go-smile v0.0.0-20220221105746-06ef4fe5fa0a
+	go.opentelemetry.io/otel v1.22.0
 	go.opentelemetry.io/otel/exporters/prometheus v0.45.0
 	go.opentelemetry.io/otel/sdk/metric v1.22.0
 	go.uber.org/zap v1.26.0
@@ -167,7 +168,6 @@ require (
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/yusufpapurcu/wmi v1.2.3 // indirect
-	go.opentelemetry.io/otel v1.22.0 // indirect
 	go.opentelemetry.io/otel/metric v1.22.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.22.0 // indirect
 	go.opentelemetry.io/otel/trace v1.22.0 // indirect

diff --git a/backend/pkg/kafka/config_helper.go b/backend/pkg/kafka/config_helper.go
@@ -146,13 +146,17 @@ func NewKgoConfig(cfg *config.Kafka, logger *zap.Logger, hooks kgo.Hook) ([]kgo.
 
 		// AWS MSK IAM
 		if cfg.SASL.Mechanism == config.SASLMechanismAWSManagedStreamingIAM {
-			mechanism := aws.Auth{
-				AccessKey:    cfg.SASL.AWSMskIam.AccessKey,
-				SecretKey:    cfg.SASL.AWSMskIam.SecretKey,
-				SessionToken: cfg.SASL.AWSMskIam.SessionToken,
-				UserAgent:    cfg.SASL.AWSMskIam.UserAgent,
-			}.AsManagedStreamingIAMMechanism()
-			opts = append(opts, kgo.SASL(mechanism))
+			if cfg.SASL.AWSMskIam.AccessKey != "" &&
+				cfg.SASL.AWSMskIam.SecretKey != "" &&
+				cfg.SASL.AWSMskIam.SessionToken != "" {
+				mechanism := aws.Auth{
+					AccessKey:    cfg.SASL.AWSMskIam.AccessKey,
+					SecretKey:    cfg.SASL.AWSMskIam.SecretKey,
+					SessionToken: cfg.SASL.AWSMskIam.SessionToken,
+					UserAgent:    cfg.SASL.AWSMskIam.UserAgent,
+				}.AsManagedStreamingIAMMechanism()
+				opts = append(opts, kgo.SASL(mechanism))
+			}
 		}
 	}