From b540fa308cef58efb7e3738c303f235773d1419f Mon Sep 17 00:00:00 2001
From: Andrew <mindovermiles262@gmail.com>
Date: Sat, 19 Nov 2022 19:04:57 -0700
Subject: [PATCH] Kafka SASL SCRAM Authentication (#2939)

* Adds settings for SASL SCRAM SHA-256 and SHA-512

Signed-off-by: Andrew <mindovermiles262@gmail.com>

* Update setup-apache-kafka.md

Signed-off-by: Andrew <mindovermiles262@gmail.com>

Signed-off-by: Andrew <mindovermiles262@gmail.com>
Co-authored-by: Hannah Hunter <94493363+hhunter-ms@users.noreply.github.com>
Co-authored-by: Mukundan Sundararajan <65565396+mukundansundar@users.noreply.github.com>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
---
 .../supported-pubsub/setup-apache-kafka.md                | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md
index 0817524ef..86d4a350c 100644
--- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md
+++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-apache-kafka.md
@@ -34,6 +34,8 @@ spec:
     secretKeyRef:
       name: kafka-secrets
       key: saslPasswordSecret
+  - name: saslMechanism
+    value: "SHA-512"
   - name: maxMessageBytes # Optional.
     value: 1024
   - name: consumeRetryInterval # Optional.
@@ -55,6 +57,7 @@ spec:
 | authType            | Y | Configure or disable authentication. Supported values: `none`, `password`, `mtls`, or `oidc` | `"password"`, `"none"`
 | saslUsername        | N | The SASL username used for authentication. Only required if `authType` is set to `"password"`. | `"adminuser"`
 | saslPassword        | N | The SASL password used for authentication. Can be `secretKeyRef` to use a [secret reference]({{< ref component-secrets.md >}}). Only required if `authType is set to `"password"`. | `""`, `"KeFg23!"`
+| saslMechanism      | N | The SASL Authentication Mechanism you wish to use. Only required if `authType` is set to `"password"`. Defaults to `PLAINTEXT` | `"SHA-512", "SHA-256", "PLAINTEXT"`
 | initialOffset       | N | The initial offset to use if no offset was previously committed. Should be "newest" or "oldest". Defaults to "newest". | `"oldest"`
 | maxMessageBytes     | N | The maximum size in bytes allowed for a single Kafka message. Defaults to 1024. | `2048`
 | consumeRetryInterval | N | The interval between retries when attempting to consume topics. Treats numbers without suffix as milliseconds. Defaults to 100ms. | `200ms` |
@@ -111,8 +114,7 @@ spec:
 
 #### SASL Password
 
-Setting `authType` to `password` enables [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication using the **PLAIN** mechanism. This requires setting
-the `saslUsername` and `saslPassword` fields. 
+Setting `authType` to `password` enables [SASL](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication. This requires setting the `saslUsername` and `saslPassword` fields.
 
 ```yaml
 apiVersion: dapr.io/v1alpha1
@@ -137,6 +139,8 @@ spec:
     secretKeyRef:
       name: kafka-secrets
       key: saslPasswordSecret
+  - name: saslMechanism
+    value: "SHA-512"
   - name: maxMessageBytes # Optional.
     value: 1024
   - name: consumeRetryInterval # Optional.