search

shotover / shotover-proxy

L7 data-layer proxy
https://docs.shotover.io
Apache License 2.0
83 stars 16 forks source link

Store delegation token hmac as base64 #1628

Closed rukai closed 3 months ago

rukai commented 3 months ago

This PR completes a TODO left in the code from https://github.com/shotover/shotover-proxy/pull/1626

Delegation tokens are created by a super user and allows a connection to kafka to authenticate as a specific user. Shotover creates them to allow proxying scram connections which would otherwise be unable to be proxied.

The token task in scram_over_mtls.rs creates delegation tokens when the transforms request them. It will cache the token and fetch new tokens if they are not in the cache yet.

The tokens are stored in a type called DelegationToken. This contains the token_id which acts as the tokens username and the hmac which acts as the tokens password. https://github.com/shotover/shotover-proxy/blob/c1331f8944a1d2b1b005bfd6f728aecfd9b5154c/shotover/src/transforms/kafka/sink_cluster/scram_over_mtls.rs#L328-L333

Currently the hmac field stores the raw bytes of the hmac, in a Vec<u8>. This PR changes the hmac field to instead store the base64 encoding of the hmac, in a StrBytes.

This is more efficient as we dont need to convert to base64 every time we use the hmac to login with token.

codspeed-hq[bot] commented 3 months ago

CodSpeed Performance Report

Merging #1628 will not alter performance

Comparing rukai:store_hmac_as_base64 (d7ec227) with main (50b6301)

Summary

✅ 37 untouched benchmarks