Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Authentication] Support chained authentication with same auth method name #9094

Merged
merged 8 commits into from Jan 5, 2021
Merged

[Authentication] Support chained authentication with same auth method name #9094

merged 8 commits into from Jan 5, 2021

Conversation

sijie
Copy link
Member

@sijie sijie commented Dec 30, 2020

Motivation

Chained authentication is a very useful mechanism for migrating a cluster from
one authentication provider to the other authentication provider. However,
Pulsar doesn't support configuring multiple authentication providers with same
auth method name.

For example, a Pulsar cluster was using standard JWT authentication initially.
The users want to upgrade the Pulsar cluster to use an OAuth2 authentication
mechanism. But both JWT and OAuth2 share the same authentication method name.

This change improves the authentication logic to support chained authentication
with same auth method name.

@sijie
[Authentication] Support chained authentication with same auth method…
bd666ab 
… name

*Motivation*

Chained authentication is a very useful mechanism for migrating a cluster from
one authentication provider to the other authentication provider. However,
Pulsar doesn't support configuring multiple authentication providers with same
auth method name.

For example, a Pulsar cluster was using standard JWT authentication initially.
The users want to upgrade the Pulsar cluster to use an OAuth2 authentication
mechanism. But both JWT and OAuth2 share the same authentication method name.

This change improves the authentication logic to support chained authentication
with same auth method name.
@sijie sijie added this to the 2.8.0 milestone Dec 30, 2020
@sijie sijie self-assigned this Dec 30, 2020
eolivelli
eolivelli approved these changes Dec 30, 2020
View reviewed changes
Copy link
Contributor

@eolivelli eolivelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice feature

LGTM

@jiazhai
Copy link
Member

jiazhai commented Dec 30, 2020

/pulsarbot run-failure-checks

1 similar comment
@codelipenghui
Copy link
Contributor

/pulsarbot run-failure-checks

@sijie
Copy link
Member Author

sijie commented Dec 30, 2020

/pulsarbot run-failure-checks

3 similar comments
@sijie
Copy link
Member Author

sijie commented Dec 31, 2020

/pulsarbot run-failure-checks

@codelipenghui
Copy link
Contributor

/pulsarbot run-failure-checks

@jiazhai
Copy link
Member

jiazhai commented Jan 1, 2021

/pulsarbot run-failure-checks

@codelipenghui
Copy link
Contributor

/pulsarbot run-failure-checks

1 similar comment
@codelipenghui
Copy link
Contributor

/pulsarbot run-failure-checks

@codelipenghui
Copy link
Contributor

@sijie There is a failed test, please take a look

Error:  Tests run: 3, Failures: 1, Errors: 0, Skipped: 1, Time elapsed: 26.913 s <<< FAILURE! - in org.apache.pulsar.broker.authentication.SaslAuthenticateTest
Error:  testSaslServerAndClientAuth(org.apache.pulsar.broker.authentication.SaslAuthenticateTest)  Time elapsed: 0.011 s  <<< FAILURE!
java.lang.ClassCastException: org.apache.pulsar.broker.authentication.AuthenticationProviderList cannot be cast to org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
	at org.apache.pulsar.broker.authentication.SaslAuthenticateTest.testSaslServerAndClientAuth(SaslAuthenticateTest.java:256)

@sijie
Copy link
Member Author

sijie commented Jan 4, 2021

@codelipenghui I have just pushed a change to fix the test.

@sijie
Copy link
Member Author

sijie commented Jan 4, 2021

/pulsarbot run-failure-checks

@sijie sijie merged commit c2a4e66 into apache:master Jan 5, 2021
codelipenghui pushed a commit that referenced this pull request Jan 6, 2021
@sijie @codelipenghui
[Authentication] Support chained authentication with same auth method…
bae9a12 
… name (#9094)

*Motivation*

Chained authentication is a very useful mechanism for migrating a cluster from
one authentication provider to the other authentication provider. However,
Pulsar doesn't support configuring multiple authentication providers with same
auth method name.

For example, a Pulsar cluster was using standard JWT authentication initially.
The users want to upgrade the Pulsar cluster to use an OAuth2 authentication
mechanism. But both JWT and OAuth2 share the same authentication method name.

This change improves the authentication logic to support chained authentication
with same auth method name.

(cherry picked from commit c2a4e66)
@codelipenghui codelipenghui added the cherry-picked/branch-2.7 Archived: 2.7 is end of life label Jan 7, 2021
codelipenghui pushed a commit that referenced this pull request Jan 7, 2021
@sijie @codelipenghui
[Authentication] Support chained authentication with same auth method…
28504ab 
… name (#9094)

*Motivation*

Chained authentication is a very useful mechanism for migrating a cluster from
one authentication provider to the other authentication provider. However,
Pulsar doesn't support configuring multiple authentication providers with same
auth method name.

For example, a Pulsar cluster was using standard JWT authentication initially.
The users want to upgrade the Pulsar cluster to use an OAuth2 authentication
mechanism. But both JWT and OAuth2 share the same authentication method name.

This change improves the authentication logic to support chained authentication
with same auth method name.

(cherry picked from commit c2a4e66)
@momo-jun momo-jun mentioned this pull request Apr 7, 2022
Closed
1 task
@sijie sijie mentioned this pull request Apr 7, 2022
Open
1 task
@BewareMyPower BewareMyPower mentioned this pull request May 26, 2022
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jiazhai jiazhai jiazhai approved these changes

@eolivelli eolivelli eolivelli approved these changes

@codelipenghui codelipenghui codelipenghui approved these changes

@merlimat merlimat Awaiting requested review from merlimat

Assignees

@sijie sijie

Labels
area/security cherry-picked/branch-2.7 Archived: 2.7 is end of life release/2.6.3 release/2.7.1
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sijie @jiazhai @codelipenghui @eolivelli