Add support for AWS MSK IAM

pom.xml

@@ -23,6 +23,8 @@
         <protobuf.version>3.22.3</protobuf.version>
         <testcontainers.version>1.18.0</testcontainers.version>
         <kafka-libs.version>7.3.3</kafka-libs.version>
+        <msk.auth.version>1.0.0</msk.auth.version>
+        <sts.sdk.version>1.11.704</sts.sdk.version>
     </properties>
 
     <scm>
@@ -76,6 +78,11 @@
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
         </dependency>
+        <dependency>
+            <groupId>software.amazon.msk</groupId>
+            <artifactId>aws-msk-iam-auth</artifactId>
+            <version>${msk.auth.version}</version>
+        </dependency>
         <dependency>
             <groupId>io.confluent</groupId>
             <artifactId>kafka-avro-serializer</artifactId>
@@ -143,6 +150,12 @@
             <groupId>org.springframework.kafka</groupId>
             <artifactId>spring-kafka</artifactId>
         </dependency>
+
+        <dependency>
+            <groupId>com.amazonaws</groupId>
+            <artifactId>aws-java-sdk-sts</artifactId>
+            <version>${sts.sdk.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-undertow</artifactId>

src/main/java/kafdrop/config/KafkaConfiguration.java

@@ -28,15 +28,22 @@ public final class KafkaConfiguration {
   private String truststoreFile;
   private String propertiesFile;
   private String keystoreFile;
+  private String jaasConfig;
+  private String clientCallback;
+  private String iamEnabled;
 
   public void applyCommon(Properties properties) {
     properties.setProperty(CommonClientConfigs.BOOTSTRAP_SERVERS_CONFIG, brokerConnect);
+
     if (isSecured) {
       LOG.warn("The 'isSecured' property is deprecated; consult README.md on the preferred way to configure security");
-      properties.put(SaslConfigs.SASL_MECHANISM, saslMechanism);
     }
 
-    if (isSecured || securityProtocol.equals("SSL")) {
+    LOG.info("Setting sasl mechanism to {}", saslMechanism);
+    properties.put(SaslConfigs.SASL_MECHANISM, saslMechanism);
+
+    if (isSecured || securityProtocol.equals("SSL") || securityProtocol.equals("SASL_SSL")) {
+      LOG.info("Setting security protocol to {}", securityProtocol);
       properties.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, securityProtocol);
     }
 
@@ -45,6 +52,12 @@ public void applyCommon(Properties properties) {
       LOG.info("Assigning truststore location to {}", truststoreFile);
       properties.put("ssl.truststore.location", truststoreFile);
     }
+    LOG.info("Is iam enabled : {}", iamEnabled);
+    if (Boolean.parseBoolean(iamEnabled)) {
+      LOG.info("Setting sasl.jaas.config {} and sasl and callback callback properties {}", jaasConfig, clientCallback);
+      properties.put(SaslConfigs.SASL_CLIENT_CALLBACK_HANDLER_CLASS, clientCallback);
+      properties.put(SaslConfigs.SASL_JAAS_CONFIG, jaasConfig);
+    }
 
     LOG.info("Checking keystore file {}", keystoreFile);
     if (new File(keystoreFile).isFile()) {

src/main/resources/application.yml

@@ -38,9 +38,12 @@ kafdrop.monitor:
 
 kafka:
   brokerConnect: localhost:9092
-  isSecured: false
-  saslMechanism: "PLAIN"
-  securityProtocol: "SASL_PLAINTEXT"
+  isSecured: "${KAFKA_IS_SECURED:false}"
+  saslMechanism: "${KAFKA_SASL_MECHANISM:PLAIN}"
+  securityProtocol: "${KAFKA_SECURITY_PROTOCOL:SASL_PLAINTEXT}"
   truststoreFile: "${KAFKA_TRUSTSTORE_FILE:kafka.truststore.jks}"
   propertiesFile : "${KAFKA_PROPERTIES_FILE:kafka.properties}"
   keystoreFile: "${KAFKA_KEYSTORE_FILE:kafka.keystore.jks}"
+  iamEnabled: "${KAFKA_IAM_ENABLED:false}"
+  jaasConfig: "${KAFKA_JAAS_CONFIG}"
+  clientCallback: "software.amazon.msk.auth.iam.IAMClientCallbackHandler"