From d9b07cf04c423406946af615b2add3a57b41b077 Mon Sep 17 00:00:00 2001
From: Muchembi <juliuskmuchembi@gmail.com>
Date: Wed, 9 Apr 2025 12:19:00 +0300
Subject: [PATCH 1/3] Support for Google Managed Service for Apache Kafka

---
 api/build.gradle                                         | 9 +++++++++
 frontend/src/lib/constants.ts                            | 1 +
 frontend/src/widgets/ClusterConfigForm/schema.ts         | 1 +
 .../src/widgets/ClusterConfigForm/utils/getJaasConfig.ts | 2 ++
 .../utils/transformFormDataToPayload.ts                  | 9 +++++++++
 gradle/libs.versions.toml                                | 4 ++++
 6 files changed, 26 insertions(+)

diff --git a/api/build.gradle b/api/build.gradle
index ca51f8b21..6d9a2f7b5 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -62,6 +62,15 @@ dependencies {
     implementation libs.netty.common
     implementation libs.netty.handler
 
+
+    // Google Managed Service for Kafka support
+    implementation (libs.google.managed.kafka.login.handler) {
+        exclude group: 'com.google.oauth-client', module: 'google-oauth-client'
+    }
+    implementation (libs.google.oauth.client) {
+        because("CVE Fix: It is excluded above because of a vulnerability")
+    }
+
     // Annotation processors
     implementation libs.lombok
     implementation libs.mapstruct
diff --git a/frontend/src/lib/constants.ts b/frontend/src/lib/constants.ts
index 0249c23a4..b04c21c17 100644
--- a/frontend/src/lib/constants.ts
+++ b/frontend/src/lib/constants.ts
@@ -94,6 +94,7 @@ export const AUTH_OPTIONS = [
   { value: 'SASL/LDAP', label: 'SASL/LDAP' },
   { value: 'SASL/AWS IAM', label: 'SASL/AWS IAM' },
   { value: 'SASL/Azure Entra', label: 'SASL/Azure Entra' },
+  { value: 'SASL/GCP IAM', label: 'SASL/GCP IAM' },
   { value: 'mTLS', label: 'mTLS' },
 ];
 
diff --git a/frontend/src/widgets/ClusterConfigForm/schema.ts b/frontend/src/widgets/ClusterConfigForm/schema.ts
index cc32e6c12..5385a3961 100644
--- a/frontend/src/widgets/ClusterConfigForm/schema.ts
+++ b/frontend/src/widgets/ClusterConfigForm/schema.ts
@@ -144,6 +144,7 @@ const authPropsSchema = lazy((_, { parent }) => {
         awsProfileName: string(),
       });
     case 'SASL/Azure Entra':
+    case 'SASL/GCP IAM':
     case 'mTLS':
     default:
       return mixed().optional();
diff --git a/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts b/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts
index 0a9b914ea..e0eda2057 100644
--- a/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts
+++ b/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts
@@ -11,6 +11,8 @@ const JAAS_CONFIGS = {
   'SASL/AWS IAM': 'software.amazon.msk.auth.iam.IAMLoginModule',
   'SASL/Azure Entra':
     'org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule',
+  'SASL/GCP IAM':
+    'com.google.cloud.hosted.kafka.auth.GcpLoginCallbackHandler',
 };
 
 type MethodName = keyof typeof JAAS_CONFIGS;
diff --git a/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts b/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts
index d26709547..dc42a7208 100644
--- a/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts
+++ b/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts
@@ -272,6 +272,15 @@ export const transformFormDataToPayload = (data: ClusterConfigFormValues) => {
           'sasl.jaas.config': getJaasConfig('SASL/Azure Entra', {}),
         };
         break;
+      case 'SASL/GCP IAM':
+        config.properties = {
+          'security.protocol': securityProtocol,
+          'sasl.mechanism': 'OAUTHBEARER',
+          'sasl.client.callback.handler.class':
+            'com.google.cloud.hosted.kafka.auth.GcpLoginCallbackHandler',
+          'sasl.jaas.config': getJaasConfig('SASL/GCP IAM', {}),
+        };
+      break;
       case 'mTLS':
         config.properties = {
           'security.protocol': 'SSL',
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 0f26e9cd9..ea645012f 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -133,3 +133,7 @@ netty-handler = { module = 'io.netty:netty-handler', version.ref = 'netty' }
 
 # test scope
 bouncycastle-bcpkix = { module = 'org.bouncycastle:bcpkix-jdk18on', version = '1.80' }
+
+# Google Managed Service for Apache Kafka support
+google-managed-kafka-login-handler = {module = 'com.google.cloud.hosted.kafka:managed-kafka-auth-login-handler', version = '1.0.5'}
+google-oauth-client = { module = 'com.google.oauth-client:google-oauth-client', version = '1.39.0' }

From e6f8c30b166e4b1ab4f1ae42a703e7a23df8d2f9 Mon Sep 17 00:00:00 2001
From: Muchembi <juliuskmuchembi@gmail.com>
Date: Wed, 9 Apr 2025 15:02:11 +0300
Subject: [PATCH 2/3] Support for Google Managed Service for Apache Kafka

---
 frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts  | 3 +--
 .../ClusterConfigForm/utils/transformFormDataToPayload.ts      | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts b/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts
index e0eda2057..1575e9e05 100644
--- a/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts
+++ b/frontend/src/widgets/ClusterConfigForm/utils/getJaasConfig.ts
@@ -11,8 +11,7 @@ const JAAS_CONFIGS = {
   'SASL/AWS IAM': 'software.amazon.msk.auth.iam.IAMLoginModule',
   'SASL/Azure Entra':
     'org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule',
-  'SASL/GCP IAM':
-    'com.google.cloud.hosted.kafka.auth.GcpLoginCallbackHandler',
+  'SASL/GCP IAM': 'com.google.cloud.hosted.kafka.auth.GcpLoginCallbackHandler',
 };
 
 type MethodName = keyof typeof JAAS_CONFIGS;
diff --git a/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts b/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts
index dc42a7208..9ff593874 100644
--- a/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts
+++ b/frontend/src/widgets/ClusterConfigForm/utils/transformFormDataToPayload.ts
@@ -280,7 +280,7 @@ export const transformFormDataToPayload = (data: ClusterConfigFormValues) => {
             'com.google.cloud.hosted.kafka.auth.GcpLoginCallbackHandler',
           'sasl.jaas.config': getJaasConfig('SASL/GCP IAM', {}),
         };
-      break;
+        break;
       case 'mTLS':
         config.properties = {
           'security.protocol': 'SSL',

From b3c51e40c7d0263677b9080645537fe97b09404b Mon Sep 17 00:00:00 2001
From: Muchembi <juliuskmuchembi@gmail.com>
Date: Wed, 9 Apr 2025 15:17:41 +0300
Subject: [PATCH 3/3] Support for GCP IAM Auth for Google Managed Service for
 Apache Kafka -> resolve #1012

---
 api/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/build.gradle b/api/build.gradle
index 6d9a2f7b5..563da52ab 100644
--- a/api/build.gradle
+++ b/api/build.gradle
@@ -63,7 +63,7 @@ dependencies {
     implementation libs.netty.handler
 
 
-    // Google Managed Service for Kafka support
+    // Google Managed Service for Kafka IAM support
     implementation (libs.google.managed.kafka.login.handler) {
         exclude group: 'com.google.oauth-client', module: 'google-oauth-client'
     }