Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[improve][client] AuthenticationAthenz supports Copper Argos #19445

Merged
merged 1 commit into from
Feb 8, 2023
Merged

[improve][client] AuthenticationAthenz supports Copper Argos #19445

merged 1 commit into from
Feb 8, 2023

Conversation

massakam
Copy link
Contributor

@massakam massakam commented Feb 7, 2023
edited
Loading

Motivation

Athenz has a mechanism called Copper Argos. This means that ZTS distributes an X.509 certificate and private key pair to each service, which it can use to identify itself to other services within the organization.
https://github.com/AthenZ/athenz/blob/master/docs/copper_argos.md

However, the current Pulsar's authentication plugin for Athenz cannot accept X.509 certificates as parameters, so we cannot use Copper Argos.

Modifications

Add the parameters x509CertChain and caCert to the AuthenticationAthenz class of the Athenz authentication plugin. If an X.509 certificate is passed as a parameter, it assumes Copper Argos is used and instantiates an SSLContext and creates a ZTSClient based on it. Existing users of this plugin will not be affected by this change.

Verifying this change

  • Make sure that the change passes the CI checks.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@massakam massakam added type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages component/client-java doc-required Your PR changes impact docs and you will update later. ready-to-test labels Feb 7, 2023
@massakam massakam added this to the 3.0.0 milestone Feb 7, 2023
@massakam massakam self-assigned this Feb 7, 2023
@massakam massakam changed the title [improve][auth] AuthenticationAthenz supports Copper Argos [improve][client] AuthenticationAthenz supports Copper Argos Feb 7, 2023
@codecov-commenter
Copy link

codecov-commenter commented Feb 7, 2023
edited
Loading

Codecov Report

Merging #19445 (29c19a0) into master (016e7f0) will increase coverage by 39.07%.
The diff coverage is 51.78%.

Impacted file tree graph

@@              Coverage Diff              @@
##             master   #19445       +/-   ##
=============================================
+ Coverage     24.75%   63.83%   +39.07%     
- Complexity      288     3475     +3187     
=============================================
  Files          1579     1832      +253     
  Lines        121841   134145    +12304     
  Branches      13304    14760     +1456     
=============================================
+ Hits          30164    85626    +55462     
+ Misses        87240    40775    -46465     
- Partials       4437     7744     +3307
Flag Coverage Δ
inttests 24.78% <50.00%> (+0.03%) ⬆️
systests 25.49% <58.33%> (?)
unittests 61.17% <51.78%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
.../pulsar/client/impl/auth/AuthenticationAthenz.java 59.45% <50.00%> (ø)
...va/org/apache/pulsar/broker/service/ServerCnx.java 56.15% <58.33%> (+24.49%) ⬆️
...in/java/org/apache/pulsar/common/api/AuthData.java 71.42% <0.00%> (ø)
.../apache/pulsar/broker/namespace/LookupOptions.java 87.50% <0.00%> (ø)
...apache/pulsar/common/util/SafeCollectionUtils.java 0.00% <0.00%> (ø)
...pache/pulsar/common/configuration/BindAddress.java 22.22% <0.00%> (ø)
...lsar/client/impl/conf/ReaderConfigurationData.java 81.39% <0.00%> (ø)
...r/client/admin/internal/data/AuthPoliciesImpl.java 65.21% <0.00%> (ø)
...sar/common/policies/data/impl/BundlesDataImpl.java 92.30% <0.00%> (ø)
...ar/common/policies/data/InactiveTopicPolicies.java 83.33% <0.00%> (ø)
... and 1400 more

@merlimat merlimat merged commit d7c4e37 into apache:master Feb 8, 2023
@massakam massakam deleted the copper-argos branch February 8, 2023 04:45
@momo-jun
Copy link
Contributor

Hi @massakam, It will help users a lot if you can add the docs for this improvement. Do you have any planned updates on that?

@massakam
Copy link
Contributor Author

@momo-jun Yes, I will make a pull-request to the pulsar-site repository later.

This was referenced Feb 15, 2023
Merged
Merged
Merged
@momo-jun momo-jun added doc-complete Your PR changes impact docs and the related docs have been already added. and removed doc-required Your PR changes impact docs and you will update later. labels Mar 3, 2023
@shustsud shustsud mentioned this pull request May 23, 2023
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@merlimat merlimat merlimat approved these changes

Assignees

@massakam massakam

Labels
doc-complete Your PR changes impact docs and the related docs have been already added. ready-to-test type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Projects
None yet
Milestone
3.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@massakam @codecov-commenter @momo-jun @merlimat