[pulsar-io] pass the pulsar service url to debezium source for history database

[nlu90]

Motivation

The Debezium requires pulsar a service URL for history database usage.

In #11056 , the service.url field from PulsarKafkaWorkerConfig is no longer available. And the value is also deleted from multiple yaml config files in this commit. This causes the integration test for Debezium connector to fail.

Based on the Debezium paradigm, all configurations should be passed as strings. There's no easy way to inject a PulsarClient via configuration.

We need to ask user to provide the pulsar url explicitly and probably auth info also.

Modifications

1. Make the database.history.pulsar.service.url field required
2. Add the config value back to example yaml files
3. Update the integration test config

Verifying this change

• Make sure that the change passes the CI checks.

[dlg99]

This LGTM and it will fix the tests/allow connector to run.
This returns us to original problem of having to add extra parameters to configure the pulsar client, this can be address later IMO.

[eolivelli]

LGTM is this unblocks Debezium tests

IIUC we wanted to use the client in order to access auth and TLS.

With this change it is not possible to do it.

What is your plan?

[dlg99]

I thought it should start with DatabaseHistory.CONFIGURATION_FIELD_PREFIX_STRING which is CONFIGURATION_FIELD_PREFIX_STRING = "database.history."
debezium does

Configuration dbHistoryConfig = config.subset(DatabaseHistory.CONFIGURATION_FIELD_PREFIX_STRING, false)

[nlu90]

Yeah, I just updated them.

[nlu90]

LGTM is this unblocks Debezium tests

IIUC we wanted to use the client in order to access auth and TLS.

With this change it is not possible to do it.

What is your plan?

Based on Debezium's current paradigm, user can only pass string parameters in the configuration. For our case, it'll be better if they allow passing serialized objects. This will be the most secure way but needs help from Debezium community.

A second way would be we can access the PulsarClient via some static method in PulsarDatabaseHistory. This is a little bit hacky but works quickly if it's possible.

One last way is we add history database specific pulsar auth parameters in PulsarDatabaseHistory. This makes it follow the Debezium paradigm but not secure with pulsar.

[dlg99]

@nlu90

One last way is we add history database specific pulsar auth parameters

adding all parameters is tedious (the way config definition works there needs definition of each parameter with bunch of metadata around).
What if we could define one parameter, String, for serialized config json and then do something like

String clientConfJson = pulsarClient.getConfig();

to pass that to the PulsarDatabaseHistory that can use ClientBuilder.loadConf(..)

[nlu90]

@nlu90

One last way is we add history database specific pulsar auth parameters

adding all parameters is tedious (the way config definition works there needs definition of each parameter with bunch of metadata around).
What if we could define one parameter, String, for serialized config json and then do something like

String clientConfJson = pulsarClient.getConfig();

to pass that to the PulsarDatabaseHistory that can use ClientBuilder.loadConf(..)

@dlg99 This sounds an interesting idea!
I just checked the PulsarClient API, it doesn't support getConfig currently. We may want to discuss with the community about adding this API first.

[sijie]

@nlu90 what is the plan for supporting authentication for the Pulsar cluster?

[sijie]

A second way would be we can access the PulsarClient via some static method in PulsarDatabaseHistory. This is a little bit hacky but works quickly if it's possible.

@nlu90 I felt this is the most secure solution because the connector users don't need to provide the auth information through function config. The current PR still requires users to submit auth information via function config. Although I admit the code will look a bit hacky, it is still manageable.

[eolivelli]

if this patch is unblocking @dlg99 's work to add back support for running Integration Tests of Pulsar IO
I would prefer to commit the patch in the current form and then follow up.

CI is in a very bad state currently.

cc @sijie @rdhabalia @merlimat @codelipenghui

[sijie]

@eolivelli How is that related to CI in a very bad state since the integration tests for debezium is not enabled?

I would have a concern about this patch as it doesn't support accessing an authenticated Pulsar cluster yet. Even we merge this pull request for now, the connector can't be used in an authenticated cluster. I think we need to spend more time figuring out how to fix this properly. All the changes related are done in the master which is the development branch for 2.9 (which is targeted to release in September based on a time-based release schedule). I don't see why we need to rush on merging this. We need to fix this properly in order to make the debezium connector work in an authenticated cluster.

[sijie]

@nlu90 an alternative approach is to expose the client builder via the context. So we can just serialize the client builder to a base64 encoded string and pass it to debezium config. Hence the pulsar database history can get the client builder and create a Pulsar client from that. I created a PR (#11293) to demonstrate the idea. Let me know what you think.

[eolivelli]

@sijie

How is that related to CI in a very bad state since the integration tests for debezium is not enabled?
Sorry, I wasn't clear.

The point is that currently Debezium related tests are not running on CI, and I meant that if CI is not running the tests this is kind of a "bad state" :-)

We cannot enable them (#11154) because currently they will fail due to the problem that this PR is trying to address.

I would feel more confident with this change and any other proposal if we could revert #11056, commit #11154 and then be back in resolving the Client Auth problem.

So my proposal is:

• revert PIP-85: [pulsar-io] pass pulsar client via context to connector #11056 -> this prepares the way for Fixing Debezium integration tests #11154
• commit Fixing Debezium integration tests #11154 -> now we have CI that validates new changes
• work on this fix or on [IO] Pass client builder to debezium database history #11293

Does it sound like a good plan ?
because without #11154 we cannot validate on CI any patch related to Debezium

[dlg99]

@sijie I second @eolivelli here.
We should either merge this change + fix for the CI or revert the breaking change, merge the fix for the CI, and do a follow up for the authentication after that.
At least the follow up change will get tested this time.
I don't find attractive idea of piling up more changes on top of this commit because it:

• has unpredictable ETA. Whatever way you decide to go with authentication will require separate discussion/CR, maybe even PIP.
• is blocking other changes (i.e. debezium upgrade)
• is leaving the debezium connectors in broken state (affects people testing/experimenting with pulsar on 2.9-snapshot)
• assumes that more changes added with the integration tests not enabled on the CI

We are dealing with a case of broken functionality in the build. I think the first priority should be fixing the regression quickly and new features should be second.