diff --git a/docs/data-sources/kafka.md b/docs/data-sources/kafka.md index 0d56c4253..f2c8b3a45 100644 --- a/docs/data-sources/kafka.md +++ b/docs/data-sources/kafka.md @@ -162,6 +162,10 @@ Read-Only: - `producer_purgatory_purge_interval_requests` (Number) - `replica_fetch_max_bytes` (Number) - `replica_fetch_response_max_bytes` (Number) +- `sasl_oauthbearer_expected_audience` (String) +- `sasl_oauthbearer_expected_issuer` (String) +- `sasl_oauthbearer_jwks_endpoint_url` (String) +- `sasl_oauthbearer_sub_claim_name` (String) - `socket_request_max_bytes` (Number) - `transaction_remove_expired_transaction_cleanup_interval_ms` (Number) - `transaction_state_log_segment_bytes` (Number) diff --git a/docs/resources/kafka.md b/docs/resources/kafka.md index 5089332d5..4ad8b2c34 100644 --- a/docs/resources/kafka.md +++ b/docs/resources/kafka.md @@ -164,6 +164,10 @@ Optional: - `producer_purgatory_purge_interval_requests` (Number) The purge interval (in number of requests) of the producer request purgatory(defaults to 1000). - `replica_fetch_max_bytes` (Number) The number of bytes of messages to attempt to fetch for each partition (defaults to 1048576). This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. - `replica_fetch_response_max_bytes` (Number) Maximum bytes expected for the entire fetch response (defaults to 10485760). Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum. +- `sasl_oauthbearer_expected_audience` (String) The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences. +- `sasl_oauthbearer_expected_issuer` (String) Optional setting for the broker to use to verify that the JWT was created by the expected issuer. +- `sasl_oauthbearer_jwks_endpoint_url` (String) OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC. . +- `sasl_oauthbearer_sub_claim_name` (String) Name of the scope from which to extract the subject claim from the JWT. Defaults to sub. - `socket_request_max_bytes` (Number) The maximum number of bytes in a socket request (defaults to 104857600). - `transaction_remove_expired_transaction_cleanup_interval_ms` (Number) The interval at which to remove transactions that have expired due to transactional.id.expiration.ms passing (defaults to 3600000 (1 hour)). - `transaction_state_log_segment_bytes` (Number) The transaction topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads (defaults to 104857600 (100 mebibytes)). diff --git a/go.mod b/go.mod index da817a758..41fa9bee5 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( cloud.google.com/go v0.110.0 // indirect cloud.google.com/go/storage v1.28.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect - github.com/aiven/go-api-schemas v1.36.0 + github.com/aiven/go-api-schemas v1.37.0 github.com/aws/aws-sdk-go v1.44.122 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/davecgh/go-spew v1.1.1 // indirect diff --git a/go.sum b/go.sum index ec585faac..fe20dd25f 100644 --- a/go.sum +++ b/go.sum @@ -203,8 +203,8 @@ github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7l github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/aiven/aiven-go-client/v2 v2.1.0 h1:n8k34HpEQ7KgxRcyX/F5WKR6xh8MSAM6TtPHnghDNGg= github.com/aiven/aiven-go-client/v2 v2.1.0/go.mod h1:x0xhzxWEKAwKv0xY5FvECiI6tesWshcPHvjwl0B/1SU= -github.com/aiven/go-api-schemas v1.36.0 h1:v74EatWotTayXaVWLgx26S1IikGCkmRsnXDrt3yHYes= -github.com/aiven/go-api-schemas v1.36.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= +github.com/aiven/go-api-schemas v1.37.0 h1:XkJudUJFMd5Ox35iIB9kw5I9jpAGReSHpuSFCOYFjig= +github.com/aiven/go-api-schemas v1.37.0/go.mod h1:/bPxBUHza/2Aeer6hIIdB++GxKiw9K1KCBtRa2rtZ5I= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= diff --git a/internal/schemautil/userconfig/apiconvert/fromapi_test.go b/internal/schemautil/userconfig/apiconvert/fromapi_test.go index e9af74654..ab051ab8b 100644 --- a/internal/schemautil/userconfig/apiconvert/fromapi_test.go +++ b/internal/schemautil/userconfig/apiconvert/fromapi_test.go @@ -132,6 +132,10 @@ func TestFromAPI(t *testing.T) { "producer_purgatory_purge_interval_requests": 0, "replica_fetch_max_bytes": 0, "replica_fetch_response_max_bytes": 0, + "sasl_oauthbearer_expected_audience": "", + "sasl_oauthbearer_expected_issuer": "", + "sasl_oauthbearer_jwks_endpoint_url": "", + "sasl_oauthbearer_sub_claim_name": "", "socket_request_max_bytes": 0, "transaction_remove_expired_transaction_cleanup_interval_ms": 0, "transaction_state_log_segment_bytes": 0, diff --git a/internal/schemautil/userconfig/dist/service_types.go b/internal/schemautil/userconfig/dist/service_types.go index 337cbd298..53bf02569 100644 --- a/internal/schemautil/userconfig/dist/service_types.go +++ b/internal/schemautil/userconfig/dist/service_types.go @@ -2535,6 +2535,26 @@ func ServiceTypeKafka() *schema.Schema { Optional: true, Type: schema.TypeInt, }, + "sasl_oauthbearer_expected_audience": { + Description: "The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences.", + Optional: true, + Type: schema.TypeString, + }, + "sasl_oauthbearer_expected_issuer": { + Description: "Optional setting for the broker to use to verify that the JWT was created by the expected issuer.", + Optional: true, + Type: schema.TypeString, + }, + "sasl_oauthbearer_jwks_endpoint_url": { + Description: "OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC. .", + Optional: true, + Type: schema.TypeString, + }, + "sasl_oauthbearer_sub_claim_name": { + Description: "Name of the scope from which to extract the subject claim from the JWT. Defaults to sub.", + Optional: true, + Type: schema.TypeString, + }, "socket_request_max_bytes": { Description: "The maximum number of bytes in a socket request (defaults to 104857600).", Optional: true, @@ -2742,6 +2762,26 @@ func ServiceTypeKafka() *schema.Schema { Optional: true, Type: schema.TypeInt, }, + "sasl_oauthbearer_expected_audience": { + Description: "The (optional) comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences.", + Optional: true, + Type: schema.TypeString, + }, + "sasl_oauthbearer_expected_issuer": { + Description: "Optional setting for the broker to use to verify that the JWT was created by the expected issuer.", + Optional: true, + Type: schema.TypeString, + }, + "sasl_oauthbearer_jwks_endpoint_url": { + Description: "OIDC JWKS endpoint URL. By setting this the SASL SSL OAuth2/OIDC authentication is enabled. See also other options for SASL OAuth2/OIDC. .", + Optional: true, + Type: schema.TypeString, + }, + "sasl_oauthbearer_sub_claim_name": { + Description: "Name of the scope from which to extract the subject claim from the JWT. Defaults to sub.", + Optional: true, + Type: schema.TypeString, + }, "socket_request_max_bytes": { Description: "The maximum number of bytes in a socket request (defaults to 104857600).", Optional: true,