pulsar-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [pulsar] wolfstudy opened a new issue #7379: Enable TLS auth of Pulsar Function in standalone mode
Date Sun, 28 Jun 2020 06:18:47 GMT

wolfstudy opened a new issue #7379:
URL: https://github.com/apache/pulsar/issues/7379


   **Is your feature request related to a problem? Please describe.**
   
   When we want to enable TLS related encryption in the function worker. Some parameters use
brokers, but some parameters are not covered by the broker.
   
   For example, in `PulsarStandalone.java`, if we want to enable authentication using TLS,
then we need to configure TLS related parameters in functions_worker.yml, but Auth related
parameters inherit the configuration in `broker.conf`
   
   ```
   workerConfig.setAuthenticationEnabled(config.isAuthenticationEnabled());
   workerConfig.setAuthenticationProviders(config.getAuthenticationProviders());
   
   workerConfig.setAuthorizationEnabled(config.isAuthorizationEnabled());
   workerConfig.setAuthorizationProvider(config.getAuthorizationProvider());
   workerConfig.setConfigurationStoreServers(config.getConfigurationStoreServers());
   workerConfig.setZooKeeperSessionTimeoutMillis(config.getZooKeeperSessionTimeoutMillis());
   workerConfig.setZooKeeperOperationTimeoutSeconds(config.getZooKeeperOperationTimeoutSeconds());
   
   workerConfig.setTlsHostnameVerificationEnable(false);
   
   workerConfig.setTlsAllowInsecureConnection(config.isTlsAllowInsecureConnection());
   workerConfig.setTlsTrustCertsFilePath(config.getTlsTrustCertsFilePath());
   
   // client in worker will use this config to authenticate with broker
    workerConfig.setClientAuthenticationPlugin(config.getBrokerClientAuthenticationPlugin());
   workerConfig.setClientAuthenticationParameters(config.getBrokerClientAuthenticationParameters());
   
   // inherit super users
   workerConfig.setSuperUserRoles(config.getSuperUserRoles());
   ```
   
   For encryption-related functions, if the function worker wants to inherit the broker-related
configuration, then all the encryption-related options need to be inherited instead of a part
of them.
   
   **Describe the solution you'd like**
   
   I think we can modify the current behavior. If the relevant functions are configured in
functions_worker.yml, then we prefer to use the configuration in functions_worker.yml. If
not, we can inherit the broker-related configuration.
   
   Another thing is, if we want to turn on TLS related encryption, we need to configure `useTls:
true` in functions_worker.yml. But unfortunately, I didn’t find any hint about this option
in the existing documentation.
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message