igwn-alert client only considers the first entry in the .config/hop/auth.toml file, regardless of hostname
The igwn-alert client always uses the first entry in the .config/hop/auth.toml file, even if the hostname indicates that it is for a different Kafka broker. For example, if the auth.toml file looks like this:
[[auth]]
username = "..."
password = "..."
protocol = "SASL_SSL"
mechanism = "OAUTHBEARER"
token_endpoint = "https://auth.gcn.nasa.gov/oauth2/token"
hostname = "kafka.gcn.nasa.gov"
ssl_ca_location = "..."
[[auth]]
username = "..."
password = "..."
protocol = "SASL_SSL"
mechanism = "SCRAM-SHA-512"
ssl_ca_location = "..."
then igwn-alert will read and erroneously use just the first section, and attempt to use OAUTHBEARER authentication, which of course fails:
%3|1668050501.055|FAIL|rdkafka#consumer-2| [thrd:sasl_ssl://kafka.scimma.org:9092/bootstrap]: sasl_ssl://kafka.scimma.org:9092/bootstrap: SASL OAUTHBEARER mechanism handshake failed: Broker: Unsupported SASL mechanism: broker's supported mechanisms: PLAIN,SCRAM-SHA-512 (after 151ms in state AUTH_HANDSHAKE)
Switching the order of the entries in the auth.toml file fixes it:
[[auth]]
username = "..."
password = "..."
protocol = "SASL_SSL"
mechanism = "SCRAM-SHA-512"
ssl_ca_location = "..."
[[auth]]
username = "..."
password = "..."
protocol = "SASL_SSL"
mechanism = "OAUTHBEARER"
token_endpoint = "https://auth.gcn.nasa.gov/oauth2/token"
hostname = "kafka.gcn.nasa.gov"
ssl_ca_location = "..."