[v25.2.x] rpk: add OAUTHBEARER SASL mechanism support#30315
Closed
[v25.2.x] rpk: add OAUTHBEARER SASL mechanism support#30315
Conversation
Add OAUTHBEARER as a supported SASL mechanism in rpk, alongside the existing SCRAM-SHA-256 and SCRAM-SHA-512 mechanisms. - toSASLConfig and NewFranzClient now dispatch on OAUTHBEARER to set up kgo.SASL with the bearer token from the profile's sasl.password - toRpadminOptions similarly calls WithOAuthBearerAuthentication for the admin client - OAUTHBEARER is rejected early in remote debug bundle (follow-up issue referenced in the guard comment) - Update -X help text and profile docs to list all SASL mechanisms including PLAIN and OAUTHBEARER - Add unit tests for the SASL dispatch paths in adminapi, franz client, and schema registry client; fix $HOME-unset failures in those tests - Regenerate BUILD files for new test files (cherry picked from commits in PR #30169)
david-yu
force-pushed
the
manual-backport-30169-v25.2.x
branch
from
3740b53 to
884b5c2
Compare
Previous build failed fetching the LLVM 19.1.7 toolchain from GitHub releases (502 Bad Gateway), unrelated to this PR's changes.
Collaborator
CI test resultstest results on build#83732
|
Contributor
Author
|
Going to close since OAUTHBEARER SASL override landed for 25.3 and after: #27458 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Backport of #30169 to v25.2.x.
toSASLConfigandNewFranzClientdispatch on OAUTHBEARER to set up bearer token auth for Kafka connectionstoRpadminOptionscallsWithOAuthBearerAuthenticationfor the admin client-X helptext and profile docs to list all four SASL mechanisms including PLAIN and OAUTHBEARERConflicts resolved from original backport
profile_doc.go: deleted — file does not exist in v25.2.x; equivalentparams.godoc update auto-merged cleanlyschemaregistry/BUILD: droppedcontext_test.gofromgo_testsrcs (does not exist in v25.2.x)Release Notes
Features
--password(raw value ortoken:<TOKEN>format) with--sasl-mechanism OAUTHBEARER.🤖 Generated with Claude Code