asyncapi / bindings

AsyncAPI bindings specifications
Apache License 2.0
73 stars 75 forks source link

Custom SASL Mechanisms for Kafka #236

Open edeesis opened 10 months ago

edeesis commented 10 months ago

Reason/Context

Please try answering few of those questions

In https://github.com/asyncapi/spec/issues/466, security protocol and sasl mechanisms were added to the security scheme. However, the options provided are not exhaustive, for example with IAM Auth. Nor should they be because anyone can write their own SASL Mechanism.

Ideally there should be some way to set these values to something other than what's included in the spec.

There's no obvious way right now to document non-standard SASL mechanisms.

Users that utilize custom SASL mechanisms have no way right now to document those authentication strategies.

Description

Please try answering few of those questions

Instead of only accepting an enum for components.securitySchemes[].type, new properties could be added to securityScheme to override the values.

I do find it a bit confusing how to map the values in security schemes to the Kafka values. This table helps, but it would be nice if this table was made available in the documentation.

Should be able to be done without a breaking change.

Allow more than just enum values for components.securitySchemes[].type, or add a new field to security schemes to allow overriding the mechanism.

github-actions[bot] commented 10 months ago

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

dalelane commented 9 months ago

I completely agree in principle.

As a practical matter, have you got a suggestion for how to achieve this? I can think of two possible approaches:

1) Change the enum to be a string that has documented suggestions for common values, rather than an enumerated list 2) Add a "custom" option to the existing enum, and an additional optional field to provide details about the custom option

I'm not a JSON schema expert, so there are likely other approaches I'm not thinking of!

edeesis commented 8 months ago

Hi @dalelane. My apologies for the incredibly slow response time. The email for this must've gotten lost in the shuffle.

I think option 2 is probably the cleanest, if for no other reason than to allow the mapping between type and sasl.mechanism to be more explicit.

Adding custom bindings for Kafka on the security scheme object for sasl.mechanism makes the most sense to me.

github-actions[bot] commented 4 months ago

This issue has been automatically marked as stale because it has not had recent activity :sleeping:

It will be closed in 120 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation.

There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.

Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here.

Thank you for your patience :heart:

edeesis commented 4 months ago

I'm interested in picking this up if no one else is, but I don't currently have the bandwidth to visit it.

github-actions[bot] commented 2 weeks ago

This issue has been automatically marked as stale because it has not had recent activity :sleeping:

It will be closed in 120 days if no further activity occurs. To unstale this issue, add a comment with a detailed explanation.

There can be many reasons why some specific issue has no activity. The most probable cause is lack of time, not lack of interest. AsyncAPI Initiative is a Linux Foundation project not owned by a single for-profit company. It is a community-driven initiative ruled under open governance model.

Let us figure out together how to push this issue forward. Connect with us through one of many communication channels we established here.

Thank you for your patience :heart: