-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Issue 8338][Function Worker] Splitting the authentication logic of function worker and client #8824
Conversation
pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Zixuan Liu <nodeces@gmail.com>
ea3adcf
to
c4f197d
Compare
@nodece @sijie There is a bit of confusion here. If we want to add the prefix of
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change LGTM+1, just a little confusion, please check.
@wolfstudy you are right. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@nodece Can you address @wolfstudy 's comments?
@sijie @wolfstudy These configurations already exist in https://github.com/apache/pulsar/pull/8824/files#diff-d834862abe40feef5d85eec66686cd1b378b78cab5f384570da79890ba85c7b2R64-R70. I'm not sure if is correct. |
@nodece You are right.
This is the authentication and authorization plugin configuration for function-worker, |
…che#8824) Fixes apache#8338 ### Motivation >In some scenarios, users use their own function-worker to connect to an existing pulsar cluster. Their own function-worker and pulsar cluster have different authentication methods, In the following code, when both function-worker and client have enabled the authentication and authorization services, the authentication and authorization can take effect. A better way is to separate them. function-worker can enable and disable the authentication service, and the broker-client can also enable and disable the authentication service according to the configuration. ### Modifications Add a configuration called `brokerClientAuthenticationEnabled` in the configuration file, which is disabled by default. It is used to control whether the broker-client of function-worker enable or disable the authentication.
Fixes #8338 ### Motivation >In some scenarios, users use their own function-worker to connect to an existing pulsar cluster. Their own function-worker and pulsar cluster have different authentication methods, In the following code, when both function-worker and client have enabled the authentication and authorization services, the authentication and authorization can take effect. A better way is to separate them. function-worker can enable and disable the authentication service, and the broker-client can also enable and disable the authentication service according to the configuration. ### Modifications Add a configuration called `brokerClientAuthenticationEnabled` in the configuration file, which is disabled by default. It is used to control whether the broker-client of function-worker enable or disable the authentication. (cherry picked from commit 3464f46)
…che#8824) Fixes apache#8338 ### Motivation >In some scenarios, users use their own function-worker to connect to an existing pulsar cluster. Their own function-worker and pulsar cluster have different authentication methods, In the following code, when both function-worker and client have enabled the authentication and authorization services, the authentication and authorization can take effect. A better way is to separate them. function-worker can enable and disable the authentication service, and the broker-client can also enable and disable the authentication service according to the configuration. ### Modifications Add a configuration called `brokerClientAuthenticationEnabled` in the configuration file, which is disabled by default. It is used to control whether the broker-client of function-worker enable or disable the authentication. (cherry picked from commit 3464f46)
Confirmed with Penghui, the right logic is to allow users to enable/disable authentication separately. This PR fixes the logic and add description in the code snippet. |
Signed-off-by: Zixuan Liu nodeces@gmail.com
Fixes #8338
Motivation
Modifications
Add a configuration called
brokerClientAuthenticationEnabled
in the configuration file, which is disabled by default. It is used to control whether the broker-client of function-worker enable or disable the authentication.Verifying this change