Add support for AstraAuthenticator (#123)

absurdfarce · web-flow · commit 508d09e42015 · 2024-01-24T10:31:26.000-06:00
diff --git a/proxycore/auth.go b/proxycore/auth.go
@@ -17,10 +17,12 @@ package proxycore
 import (
 	"bytes"
 	"fmt"
+
+	"go.uber.org/zap"
 )
 
 type Authenticator interface {
-	InitialResponse(authenticator string) ([]byte, error)
+	InitialResponse(authenticator string, c *ClientConn) ([]byte, error)
 	EvaluateChallenge(token []byte) ([]byte, error)
 	Success(token []byte) error
 }
@@ -31,14 +33,21 @@ type passwordAuth struct {
 	password string
 }
 
-func (d *passwordAuth) InitialResponse(authenticator string) ([]byte, error) {
-	switch authenticator {
-	case "com.datastax.bdp.cassandra.auth.DseAuthenticator":
+const dseAuthenticator = "com.datastax.bdp.cassandra.auth.DseAuthenticator"
+const passwordAuthenticator = "org.apache.cassandra.auth.PasswordAuthenticator"
+const astraAuthenticator = "org.apache.cassandra.auth.AstraAuthenticator"
+
+func (d *passwordAuth) InitialResponse(authenticator string, c *ClientConn) ([]byte, error) {
+	if authenticator == dseAuthenticator {
 		return []byte("PLAIN"), nil
-	case "org.apache.cassandra.auth.PasswordAuthenticator":
-		return d.makeToken(), nil
 	}
-	return nil, fmt.Errorf("unknown authenticator: %v", authenticator)
+	// We'll return a SASL response but if we're seeing an authenticator we're unfamiliar with at least log
+	// that information here
+	if (authenticator != passwordAuthenticator) && (authenticator != astraAuthenticator) {
+		c.logger.Info("observed unknown authenticator, treating as SASL",
+			zap.String("authenticator", authenticator))
+	}
+	return d.makeToken(), nil
 }
 
 func (d *passwordAuth) EvaluateChallenge(token []byte) ([]byte, error) {
diff --git a/proxycore/clientconn.go b/proxycore/clientconn.go
@@ -152,7 +152,7 @@ func (c *ClientConn) registerForEvents(ctx context.Context, version primitive.Pr
 }
 
 func (c *ClientConn) authInitialResponse(ctx context.Context, version primitive.ProtocolVersion, auth Authenticator, authenticate *message.Authenticate) error {
-	token, err := auth.InitialResponse(authenticate.Authenticator)
+	token, err := auth.InitialResponse(authenticate.Authenticator, c)
 	if err != nil {
 		return err
 	}

Original file line number	Diff line number	Diff line change
`@@ -152,7 +152,7 @@ func (c *ClientConn) registerForEvents(ctx context.Context, version primitive.Pr`
`152`	`152`	`}`
`153`	`153`
`154`	`154`	`func (c ClientConn) authInitialResponse(ctx context.Context, version primitive.ProtocolVersion, auth Authenticator, authenticate message.Authenticate) error {`
`155`		`- token, err := auth.InitialResponse(authenticate.Authenticator)`
	`155`	`+ token, err := auth.InitialResponse(authenticate.Authenticator, c)`
`156`	`156`	`if err != nil {`
`157`	`157`	`return err`
`158`	`158`	`}`