You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by rd...@apache.org on 2019/05/14 01:12:07 UTC

[pulsar] branch master updated: [pulsar-admin-tool] support json auth-param for tls-authentication (#4124)

This is an automated email from the ASF dual-hosted git repository.

rdhabalia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 248391d  [pulsar-admin-tool] support json auth-param for tls-authentication (#4124)
248391d is described below

commit 248391dcd8d84fdc33457be176c3e46bbcb325bd
Author: Rajan Dhabalia <rd...@apache.org>
AuthorDate: Mon May 13 18:12:00 2019 -0700

    [pulsar-admin-tool] support json auth-param for tls-authentication (#4124)
---
 .../pulsar/admin/cli/PulsarAdminToolTest.java      | 57 ++++++++++++++++++++++
 .../pulsar/client/impl/auth/AuthenticationTls.java | 23 ++++++++-
 2 files changed, 79 insertions(+), 1 deletion(-)

diff --git a/pulsar-client-tools-test/src/test/java/org/apache/pulsar/admin/cli/PulsarAdminToolTest.java b/pulsar-client-tools-test/src/test/java/org/apache/pulsar/admin/cli/PulsarAdminToolTest.java
index 9df9491..186a038 100644
--- a/pulsar-client-tools-test/src/test/java/org/apache/pulsar/admin/cli/PulsarAdminToolTest.java
+++ b/pulsar-client-tools-test/src/test/java/org/apache/pulsar/admin/cli/PulsarAdminToolTest.java
@@ -18,16 +18,22 @@
  */
 package org.apache.pulsar.admin.cli;
 
+import static org.junit.Assert.assertNull;
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
+import static org.testng.Assert.assertEquals;
 import static org.mockito.Mockito.times;
 
 import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 
+import java.lang.reflect.Field;
 import java.util.EnumSet;
+import java.util.Map;
+import java.util.Properties;
 import java.util.concurrent.TimeUnit;
 
 import org.apache.pulsar.client.admin.Bookies;
@@ -38,11 +44,15 @@ import org.apache.pulsar.client.admin.Lookup;
 import org.apache.pulsar.client.admin.Namespaces;
 import org.apache.pulsar.client.admin.NonPersistentTopics;
 import org.apache.pulsar.client.admin.PulsarAdmin;
+import org.apache.pulsar.client.admin.PulsarAdminBuilder;
 import org.apache.pulsar.client.admin.ResourceQuotas;
 import org.apache.pulsar.client.admin.Tenants;
 import org.apache.pulsar.client.admin.Topics;
+import org.apache.pulsar.client.admin.internal.PulsarAdminBuilderImpl;
 import org.apache.pulsar.client.admin.Schemas;
 import org.apache.pulsar.client.api.MessageId;
+import org.apache.pulsar.client.impl.auth.AuthenticationTls;
+import org.apache.pulsar.client.impl.conf.ClientConfigurationData;
 import org.apache.pulsar.common.policies.data.AuthAction;
 import org.apache.pulsar.common.policies.data.BacklogQuota;
 import org.apache.pulsar.common.policies.data.BacklogQuota.RetentionPolicy;
@@ -57,6 +67,7 @@ import org.apache.pulsar.common.policies.data.ResourceQuota;
 import org.apache.pulsar.common.policies.data.RetentionPolicies;
 import org.apache.pulsar.common.policies.data.SubscribeRate;
 import org.apache.pulsar.common.policies.data.TenantInfo;
+import org.apache.pulsar.common.util.ObjectMapperFactory;
 import org.mockito.ArgumentMatcher;
 import org.mockito.Matchers;
 import org.mockito.Mockito;
@@ -774,6 +785,52 @@ public class PulsarAdminToolTest {
         verify(mockBookies).updateBookieRackInfo("my-bookie:3181", "my-group", new BookieInfo("rack-1", "host-1"));
     }
 
+    @Test
+    void testAuthTlsWithJsonParam() throws Exception {
+
+        Properties properties = new Properties();
+        properties.put("authPlugin", AuthenticationTls.class.getName());
+        Map<String, String> paramMap = Maps.newHashMap();
+        final String certFilePath = "/my-file:role=name.cert";
+        final String keyFilePath = "/my-file:role=name.key";
+        paramMap.put("tlsCertFile", certFilePath);
+        paramMap.put("tlsKeyFile", keyFilePath);
+        final String paramStr = ObjectMapperFactory.getThreadLocal().writeValueAsString(paramMap);
+        properties.put("authParams", paramStr);
+        properties.put("webServiceUrl", "http://localhost:2181");
+        PulsarAdminTool tool = new PulsarAdminTool(properties);
+        try {
+            tool.run("brokers list use".split(" "));
+        } catch (Exception e) {
+            // Ok
+        }
+
+        // validate Athentication-tls has been configured
+        Field adminBuilderField = PulsarAdminTool.class.getDeclaredField("adminBuilder");
+        adminBuilderField.setAccessible(true);
+        PulsarAdminBuilderImpl builder = (PulsarAdminBuilderImpl) adminBuilderField.get(tool);
+        Field confField = PulsarAdminBuilderImpl.class.getDeclaredField("conf");
+        confField.setAccessible(true);
+        ClientConfigurationData conf = (ClientConfigurationData) confField.get(builder);
+        AuthenticationTls atuh = (AuthenticationTls) conf.getAuthentication();
+        assertEquals(atuh.getCertFilePath(), certFilePath);
+        assertEquals(atuh.getKeyFilePath(), keyFilePath);
+
+        properties.put("authParams", String.format("tlsCertFile:%s,tlsKeyFile:%s", certFilePath, keyFilePath));
+        tool = new PulsarAdminTool(properties);
+        try {
+            tool.run("brokers list use".split(" "));
+        } catch (Exception e) {
+            // Ok
+        }
+
+        builder = (PulsarAdminBuilderImpl) adminBuilderField.get(tool);
+        conf = (ClientConfigurationData) confField.get(builder);
+        atuh = (AuthenticationTls) conf.getAuthentication();
+        assertNull(atuh.getCertFilePath());
+        assertNull(atuh.getKeyFilePath());
+    }
+    
     String[] split(String s) {
         return s.split(" ");
     }
diff --git a/pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationTls.java b/pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationTls.java
index 2c1d979..a28e354 100644
--- a/pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationTls.java
+++ b/pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationTls.java
@@ -28,6 +28,8 @@ import org.apache.pulsar.client.api.EncodedAuthenticationParameterSupport;
 import org.apache.pulsar.client.api.PulsarClientException;
 import org.apache.pulsar.client.impl.AuthenticationUtil;
 
+import com.google.common.annotations.VisibleForTesting;
+
 /**
  *
  * This plugin requires these parameters
@@ -76,7 +78,16 @@ public class AuthenticationTls implements Authentication, EncodedAuthenticationP
 
     @Override
     public void configure(String encodedAuthParamString) {
-        setAuthParams(AuthenticationUtil.configureFromPulsar1AuthParamString(encodedAuthParamString));
+        Map<String, String> authParamsMap = null;
+        try {
+            authParamsMap = AuthenticationUtil.configureFromJsonString(encodedAuthParamString);
+        } catch (Exception e) {
+            // auth-param is not in json format
+        }
+        authParamsMap = (authParamsMap == null || authParamsMap.isEmpty())
+                ? AuthenticationUtil.configureFromPulsar1AuthParamString(encodedAuthParamString)
+                : authParamsMap;
+        setAuthParams(authParamsMap);
     }
 
     @Override
@@ -94,5 +105,15 @@ public class AuthenticationTls implements Authentication, EncodedAuthenticationP
         certFilePath = authParams.get("tlsCertFile");
         keyFilePath = authParams.get("tlsKeyFile");
     }
+    
+    @VisibleForTesting
+    public String getCertFilePath() {
+        return certFilePath;
+    }
+
+    @VisibleForTesting
+    public String getKeyFilePath() {
+        return keyFilePath;
+    }
 
 }