Skip to content

Commit

Permalink
Add support for AstraAuthenticator (#123)
Browse files Browse the repository at this point in the history
  • Loading branch information
@absurdfarce
absurdfarce authored Jan 24, 2024
1 parent 769499e commit 508d09e
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 8 deletions.
23 changes: 16 additions & 7 deletions proxycore/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,12 @@ package proxycore
import (
"bytes"
"fmt"

"go.uber.org/zap"
)

type Authenticator interface {
InitialResponse(authenticator string) ([]byte, error)
InitialResponse(authenticator string, c *ClientConn) ([]byte, error)
EvaluateChallenge(token []byte) ([]byte, error)
Success(token []byte) error
}
Expand All @@ -31,14 +33,21 @@ type passwordAuth struct {
password string
}

func (d *passwordAuth) InitialResponse(authenticator string) ([]byte, error) {
switch authenticator {
case "com.datastax.bdp.cassandra.auth.DseAuthenticator":
const dseAuthenticator = "com.datastax.bdp.cassandra.auth.DseAuthenticator"
const passwordAuthenticator = "org.apache.cassandra.auth.PasswordAuthenticator"
const astraAuthenticator = "org.apache.cassandra.auth.AstraAuthenticator"

func (d *passwordAuth) InitialResponse(authenticator string, c *ClientConn) ([]byte, error) {
if authenticator == dseAuthenticator {
return []byte("PLAIN"), nil
case "org.apache.cassandra.auth.PasswordAuthenticator":
return d.makeToken(), nil
}
return nil, fmt.Errorf("unknown authenticator: %v", authenticator)
// We'll return a SASL response but if we're seeing an authenticator we're unfamiliar with at least log
// that information here
if (authenticator != passwordAuthenticator) && (authenticator != astraAuthenticator) {
c.logger.Info("observed unknown authenticator, treating as SASL",
zap.String("authenticator", authenticator))
}
return d.makeToken(), nil
}

func (d *passwordAuth) EvaluateChallenge(token []byte) ([]byte, error) {
Expand Down
2 changes: 1 addition & 1 deletion proxycore/clientconn.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ func (c *ClientConn) registerForEvents(ctx context.Context, version primitive.Pr
}

func (c *ClientConn) authInitialResponse(ctx context.Context, version primitive.ProtocolVersion, auth Authenticator, authenticate *message.Authenticate) error {
token, err := auth.InitialResponse(authenticate.Authenticator)
token, err := auth.InitialResponse(authenticate.Authenticator, c)
if err != nil {
return err
}
Expand Down

0 comments on commit 508d09e

Please sign in to comment.