Skip to content

Added example with oauth/oidc example with CCloud logicalCluster and identityPoolId #1593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Added example with oauth/oidc example with CCloud logicalCluster and identityPoolId #1593

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
18a5faf
Added example with oauth/oidc example with CCloud logicalCluster and …
sarwarbhuiyan Jun 24, 2023
bf66410
Removed retries, message.send.max.retries, and delivery.timeout.ms
sarwarbhuiyan Jun 26, 2023
5223cd2
removed debug param
sarwarbhuiyan Jun 26, 2023
cddd40d
Merge branch 'master' into oauth_ccloud_example
pranavrth Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 15 additions & 25 deletions examples/oauth_producer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,36 +29,24 @@
import requests


def _get_token(args, config):
"""Note here value of config comes from sasl.oauthbearer.config below.
It is not used in this example but you can put arbitrary values to
configure how you can get the token (e.g. which token URL to use)
"""
payload = {
'grant_type': 'client_credentials',
'scope': ' '.join(args.scopes)
}
resp = requests.post(args.token_url,
auth=(args.client_id, args.client_secret),
data=payload)
token = resp.json()
return token['access_token'], time.time() + float(token['expires_in'])


def producer_config(args):
logger = logging.getLogger(__name__)
return {
logger.setLevel(logging.DEBUG)
params = {
'bootstrap.servers': args.bootstrap_servers,
'security.protocol': 'sasl_plaintext',
'security.protocol': 'SASL_SSL',
'sasl.mechanisms': 'OAUTHBEARER',
# sasl.oauthbearer.config can be used to pass argument to your oauth_cb
# It is not used in this example since we are passing all the arguments
# from command line
# 'sasl.oauthbearer.config': 'not-used',
'oauth_cb': functools.partial(_get_token, args),
'logger': logger,
'sasl.oauthbearer.method': 'oidc',
'sasl.oauthbearer.client.id': args.client_id,
'sasl.oauthbearer.client.secret': args.client_secret,
'sasl.oauthbearer.token.endpoint.url': args.token_url,
'sasl.oauthbearer.scope': ' '.join(args.scopes)
}
# These two parameters are only applicable when producing to confluent cloud where some sasl extensions are required.
if args.logical_cluster and args.identity_pool_id:
params['sasl.oauthbearer.extensions'] = 'logicalCluster='+args.logical_cluster+',identityPoolId='+args.identity_pool_id

return params

def delivery_report(err, msg):
"""
Expand Down Expand Up @@ -131,5 +119,7 @@ def main(args):
help="Token URL.")
parser.add_argument('--scopes', dest="scopes", required=True, nargs='+',
help="Scopes requested from OAuth server.")

parser.add_argument('--logical-cluster', dest="logical_cluster", required=False, help="Logical Cluster.")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we move this to CC specific example, does it make sense to mark these are required?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The original example is using an outdated callback based method so this example applies there too. Also, since the only difference between CC and AK/CP is this one param, it doesn't make sense to split it into another file. There's a wider task of updating all the examples to be using the recommended approach.

The purpose of examples is to educate.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can improve old example as well and create a new example to cater mainly CC usecase. The idea is to make it easy for non CC user to use SASL as well. With everything specific to CC, user might get confused.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not just specific to CC though. If you don't include the logicalClusterId and identityPoolId in the cli params, it's just just works against any AK or CP.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just don't want code that'll be copy pasted for a 2 line difference. The cli works with both CP and CC.

parser.add_argument('--identity-pool-id', dest="identity_pool_id", required=False, help="Identity Pool ID.")

main(parser.parse_args())