From 751739cf1b2fb34f639fae3b367301c7dbbe1a33 Mon Sep 17 00:00:00 2001
From: Shubhankar Ranade <sranade@confluent.io>
Date: Thu, 29 Feb 2024 15:07:33 -0500
Subject: [PATCH] Go clients test

---
 .../consumer-deployment.yaml                  | 21 +++++++++----------
 .../consumer.go                               | 19 ++++++++++-------
 .../docker-compose.yml                        |  6 +++---
 .../docker-compose.yml                        |  6 +++---
 .../producer-deployment.yaml                  | 21 +++++++++----------
 .../producer.go                               | 16 ++++++++------
 6 files changed, 48 insertions(+), 41 deletions(-)

diff --git a/examples/docker_spire_kafka_consumer_example/consumer-deployment.yaml b/examples/docker_spire_kafka_consumer_example/consumer-deployment.yaml
index 8e73d1b0c..29be759c6 100644
--- a/examples/docker_spire_kafka_consumer_example/consumer-deployment.yaml
+++ b/examples/docker_spire_kafka_consumer_example/consumer-deployment.yaml
@@ -3,12 +3,11 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert
-    kompose.version: 1.26.0 (40646f47)
-  creationTimestamp: null
+    kompose.version: 1.32.0 (HEAD)
   labels:
     io.kompose.service: consumer
-  name: consumer-chang
-  namespace: pkc-devcc97qpm5
+  name: consumer-shubhankar
+  namespace: pkc-devc19rzw5
 spec:
   replicas: 1
   selector:
@@ -19,26 +18,26 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert
-        kompose.version: 1.26.0 (40646f47)
-      creationTimestamp: null
+        kompose.version: 1.32.0 (HEAD)
       labels:
+        io.kompose.network/docker-spire-kafka-consumer-example-default: "true"
         io.kompose.service: consumer
     spec:
       containers:
         - env:
             - name: BOOTSTRAP_SERVERS
-              value: pkc-devcc97qpm5.us-west-2.aws.devel.cpdev.cloud:9092
+              value: pkc-devc19rzw5.us-west-2.aws.devel.cpdev.cloud:9092
             - name: LKC
-              value: lkc-devcczwjmmd
+              value: lkc-devc3mk0gw
             - name: PRINCIPAL
               value: sub
             - name: SOCKET_PATH
               value: unix:/opt/spire/sockets/workload_api.sock
             - name: TOPIC
-              value: kafka-spire-native
-          image: 755363985185.dkr.ecr.us-west-2.amazonaws.com/docker/dev/cc-base:kafka-consumer-spire-chang
+              value: kafka-spire-test
+          image: 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/confluentinc/cc-base:kafka-consumer-spire-shubhankar
           imagePullPolicy: Always
-          name: consumer-chang
+          name: consumer-shubhankar
           resources: {}
           volumeMounts:
             - mountPath: /opt/spire/sockets
diff --git a/examples/docker_spire_kafka_consumer_example/consumer.go b/examples/docker_spire_kafka_consumer_example/consumer.go
index 6d972cda2..28e095d86 100644
--- a/examples/docker_spire_kafka_consumer_example/consumer.go
+++ b/examples/docker_spire_kafka_consumer_example/consumer.go
@@ -20,13 +20,14 @@ package main
 import (
 	"context"
 	"fmt"
-	"github.com/confluentinc/confluent-kafka-go/v2/kafka"
-	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
-	"github.com/spiffe/go-spiffe/v2/workloadapi"
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
+
+	"github.com/confluentinc/confluent-kafka-go/v2/kafka"
+	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
+	"github.com/spiffe/go-spiffe/v2/workloadapi"
 )
 
 // handleJWTTokenRefreshEvent retrieves JWT from the SPIFFE workload API and
@@ -100,10 +101,14 @@ func main() {
 	fmt.Fprintf(os.Stderr, "bootstrapServers is: %s\n", bootstrapServers)
 
 	config := kafka.ConfigMap{
-		"bootstrap.servers":       bootstrapServers,
-		"security.protocol":       "SASL_SSL",
-		"sasl.mechanisms":         "OAUTHBEARER",
-		"sasl.oauthbearer.config": principal,
+		"bootstrap.servers": bootstrapServers,
+		"security.protocol": "SASL_SSL",
+		// "sasl.login.callback.handler.class":           "io.confluent.kafka.clients.plugins.auth.oauth.SpireJwtLoginCallbackHandler",
+		"sasl.mechanisms": "OAUTHBEARER",
+		"sasl.oauthbearer.token.spire.agent.endpoint": socketPath,
+		"sasl.jaas.config":                            "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required logicalCluster=" + lkc,
+		"sasl.oauthbearer.config":                     principal,
+		"group.id":                                    "foo",
 	}
 
 	c, err := kafka.NewConsumer(&config)
diff --git a/examples/docker_spire_kafka_consumer_example/docker-compose.yml b/examples/docker_spire_kafka_consumer_example/docker-compose.yml
index 088ab08da..a8860a6f1 100644
--- a/examples/docker_spire_kafka_consumer_example/docker-compose.yml
+++ b/examples/docker_spire_kafka_consumer_example/docker-compose.yml
@@ -6,8 +6,8 @@ services:
       context: .
       dockerfile: Dockerfile
     environment:
-     - BOOTSTRAP_SERVERS=pkc-devcc97qpm5.us-west-2.aws.devel.cpdev.cloud:9092
-     - TOPIC=kafka-spire-native
+     - BOOTSTRAP_SERVERS=pkc-devc19rzw5.us-west-2.aws.devel.cpdev.cloud:9092
+     - TOPIC=kafka-spire-test
      - PRINCIPAL=sub
      - SOCKET_PATH=unix:/opt/spire/sockets/workload_api.sock
-     - LKC=lkc-devcczwnq87
\ No newline at end of file
+     - LKC=lkc-devc3mk0gw
\ No newline at end of file
diff --git a/examples/docker_spire_kafka_producer_example/docker-compose.yml b/examples/docker_spire_kafka_producer_example/docker-compose.yml
index 6a90070e7..fabd5c1fb 100644
--- a/examples/docker_spire_kafka_producer_example/docker-compose.yml
+++ b/examples/docker_spire_kafka_producer_example/docker-compose.yml
@@ -6,8 +6,8 @@ services:
       context: .
       dockerfile: Dockerfile
     environment:
-     - BOOTSTRAP_SERVERS=pkc-devcc97qpm5.us-west-2.aws.devel.cpdev.cloud:9092
-     - TOPIC=kafka-spire-native
+     - BOOTSTRAP_SERVERS=pkc-devc19rzw5.us-west-2.aws.devel.cpdev.cloud:9092
+     - TOPIC=kafka-spire-test
      - PRINCIPAL=sub
      - SOCKET_PATH=unix:/opt/spire/sockets/workload_api.sock
-     - LKC=lkc-devcczwnq87
+     - LKC=lkc-devc3mk0gw
diff --git a/examples/docker_spire_kafka_producer_example/producer-deployment.yaml b/examples/docker_spire_kafka_producer_example/producer-deployment.yaml
index 04418e906..563f86cc1 100644
--- a/examples/docker_spire_kafka_producer_example/producer-deployment.yaml
+++ b/examples/docker_spire_kafka_producer_example/producer-deployment.yaml
@@ -3,12 +3,11 @@ kind: Deployment
 metadata:
   annotations:
     kompose.cmd: kompose convert
-    kompose.version: 1.26.0 (40646f47)
-  creationTimestamp: null
+    kompose.version: 1.32.0 (HEAD)
   labels:
     io.kompose.service: producer
-  name: producer-chang
-  namespace: pkc-devcc97qpm5
+  name: producer-shubhankar
+  namespace: pkc-devc19rzw5
 spec:
   replicas: 1
   selector:
@@ -19,26 +18,26 @@ spec:
     metadata:
       annotations:
         kompose.cmd: kompose convert
-        kompose.version: 1.26.0 (40646f47)
-      creationTimestamp: null
+        kompose.version: 1.32.0 (HEAD)
       labels:
+        io.kompose.network/docker-spire-kafka-producer-example-default: "true"
         io.kompose.service: producer
     spec:
       containers:
         - env:
             - name: BOOTSTRAP_SERVERS
-              value: pkc-devcc97qpm5.us-west-2.aws.devel.cpdev.cloud:9092
+              value: pkc-devc19rzw5.us-west-2.aws.devel.cpdev.cloud:9092
             - name: LKC
-              value: lkc-devcczwjmmd
+              value: lkc-devc3mk0gw
             - name: PRINCIPAL
               value: sub
             - name: SOCKET_PATH
               value: unix:/opt/spire/sockets/workload_api.sock
             - name: TOPIC
-              value: kafka-spire-native
-          image: 755363985185.dkr.ecr.us-west-2.amazonaws.com/docker/dev/cc-base:kafka-producer-spire-chang
+              value: kafka-spire-test
+          image: 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/dev/confluentinc/cc-base:kafka-producer-spire-shubhankar
           imagePullPolicy: Always
-          name: producer-chang
+          name: producer-shubhankar
           resources: {}
           volumeMounts:
             - mountPath: /opt/spire/sockets
diff --git a/examples/docker_spire_kafka_producer_example/producer.go b/examples/docker_spire_kafka_producer_example/producer.go
index 9a4adced3..0f3d05681 100644
--- a/examples/docker_spire_kafka_producer_example/producer.go
+++ b/examples/docker_spire_kafka_producer_example/producer.go
@@ -20,13 +20,14 @@ package main
 import (
 	"context"
 	"fmt"
-	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
-	"github.com/spiffe/go-spiffe/v2/workloadapi"
 	"os"
 	"os/signal"
 	"syscall"
 	"time"
 
+	"github.com/spiffe/go-spiffe/v2/svid/jwtsvid"
+	"github.com/spiffe/go-spiffe/v2/workloadapi"
+
 	"github.com/confluentinc/confluent-kafka-go/v2/kafka"
 )
 
@@ -102,10 +103,13 @@ func main() {
 	// You'll probably need to modify this configuration to
 	// match your environment.
 	config := kafka.ConfigMap{
-		"bootstrap.servers":       bootstrapServers,
-		"security.protocol":       "SASL_SSL",
-		"sasl.mechanisms":         "OAUTHBEARER",
-		"sasl.oauthbearer.config": principal,
+		"bootstrap.servers": bootstrapServers,
+		"security.protocol": "SASL_SSL",
+		// "sasl.login.callback.handler.class":           "io.confluent.kafka.clients.plugins.auth.oauth.SpireJwtLoginCallbackHandler",
+		"sasl.mechanisms": "OAUTHBEARER",
+		"sasl.oauthbearer.token.spire.agent.endpoint": socketPath,
+		"sasl.jaas.config":                            "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required logicalCluster=" + lkc,
+		"sasl.oauthbearer.config":                     principal,
 	}
 
 	p, err := kafka.NewProducer(&config)