You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by si...@apache.org on 2020/03/18 23:40:34 UTC
[pulsar] branch master updated: [functions] Default
functionAuthProvider when running in k8s (#6203)
This is an automated email from the ASF dual-hosted git repository.
sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 3a3174b [functions] Default functionAuthProvider when running in k8s (#6203)
3a3174b is described below
commit 3a3174be52b515a421800a2caab4c133ca5c1e39
Author: Addison Higham <ad...@gmail.com>
AuthorDate: Wed Mar 18 17:40:21 2020 -0600
[functions] Default functionAuthProvider when running in k8s (#6203)
In 2.4.x, when running with the KubernetesRuntime, it default to always
using the KubernetesSecretAuthProvider class. With the change in 2.5 to
making this behavior pluggable, there is currently a bug in that it
doesn't keep this behavior and requires a new configuration option to be
passed.
This commit changes the config so that it defaults to the correct class
when we are running with a kubernetes runtime. This restores the
behavior match that of earlier versions
This also moves the WorkerConfig test to the same package where the
workerConfig resides after the refactor and re-arranges the resources
files and copied via a maven task
Co-authored-by: Addison Higham <ah...@instructure.com>
---
pulsar-functions/runtime/pom.xml | 29 ++++++++++++++++++++++
.../pulsar/functions/worker/WorkerConfig.java | 19 +++++++++++++-
.../worker/WorkerApiV2ResourceConfigTest.java | 29 ++++++++++++++++++++++
.../test_worker_auth_override_config.yml} | 1 +
.../src/test/resources/test_worker_config.yml | 0
.../test_worker_k8s_auth_override_config.yml} | 2 ++
.../test/resources/test_worker_k8s_config.yml} | 1 +
.../resources/test_worker_k8s_legacy_config.yml} | 3 +++
pulsar-functions/worker/pom.xml | 9 ++++++-
9 files changed, 91 insertions(+), 2 deletions(-)
diff --git a/pulsar-functions/runtime/pom.xml b/pulsar-functions/runtime/pom.xml
index 253cbd3..ebbce77 100644
--- a/pulsar-functions/runtime/pom.xml
+++ b/pulsar-functions/runtime/pom.xml
@@ -81,4 +81,33 @@
</dependencies>
+ <build>
+ <plugins>
+ <!-- this task will copy config files to resources for the test to work -->
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-antrun-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>compile</phase>
+ <goals>
+ <goal>run</goal>
+ </goals>
+ <configuration>
+ <tasks>
+ <echo>copy test config files</echo>
+ <mkdir dir="${basedir}/src/test/resources"/>
+ <copy todir="${basedir}/src/test/resources/">
+ <fileset dir="${basedir}/../src/test/resources/">
+ <include name="*.yml"/>
+ </fileset>
+ </copy>
+ </tasks>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
diff --git a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java
index 6c4f3ab..d5fbc49 100644
--- a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java
+++ b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/worker/WorkerConfig.java
@@ -35,6 +35,8 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
+import lombok.AccessLevel;
+import lombok.Getter;
import org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider;
import org.apache.pulsar.common.configuration.Category;
@@ -44,6 +46,8 @@ import org.apache.pulsar.common.functions.Resources;
import lombok.Data;
import lombok.experimental.Accessors;
+import org.apache.pulsar.functions.auth.KubernetesSecretsTokenAuthProvider;
+import org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory;
import org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactoryConfig;
import org.apache.pulsar.functions.runtime.process.ProcessRuntimeFactoryConfig;
import org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactory;
@@ -363,7 +367,20 @@ public class WorkerConfig implements Serializable, PulsarConfiguration {
" The Function Authentication Provider is responsible to distributing the necessary" +
" authentication information to individual functions e.g. user tokens"
)
- private String functionAuthProviderClassName;
+ @Getter(AccessLevel.NONE) private String functionAuthProviderClassName;
+
+ public String getFunctionAuthProviderClassName() {
+ // if we haven't set a value and are running kubernetes, we default to the SecretsTokenAuthProvider
+ // as that matches behavior before this property could be overridden
+ if (!StringUtils.isEmpty(functionAuthProviderClassName)) {
+ return functionAuthProviderClassName;
+ } else {
+ if (StringUtils.equals(this.getFunctionRuntimeFactoryClassName(), KubernetesRuntimeFactory.class.getName()) || getKubernetesContainerFactory() != null) {
+ return KubernetesSecretsTokenAuthProvider.class.getName();
+ }
+ return null;
+ }
+ }
@FieldContext(
doc = "The full class-name of an instance of RuntimeCustomizer." +
diff --git a/pulsar-functions/worker/src/test/java/org/apache/pulsar/functions/worker/WorkerApiV2ResourceConfigTest.java b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/worker/WorkerApiV2ResourceConfigTest.java
similarity index 57%
rename from pulsar-functions/worker/src/test/java/org/apache/pulsar/functions/worker/WorkerApiV2ResourceConfigTest.java
rename to pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/worker/WorkerApiV2ResourceConfigTest.java
index 1d60aa4..5dd36ef 100644
--- a/pulsar-functions/worker/src/test/java/org/apache/pulsar/functions/worker/WorkerApiV2ResourceConfigTest.java
+++ b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/worker/WorkerApiV2ResourceConfigTest.java
@@ -19,8 +19,13 @@
package org.apache.pulsar.functions.worker;
import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNull;
import java.net.URL;
+
+import org.apache.pulsar.functions.auth.KubernetesSecretsTokenAuthProvider;
+import org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory;
+import org.apache.pulsar.functions.worker.WorkerConfig;
import org.testng.annotations.Test;
/**
@@ -60,4 +65,28 @@ public class WorkerApiV2ResourceConfigTest {
assertEquals(new Integer(7654), wc.getWorkerPort());
}
+ @Test
+ public void testFunctionAuthProviderDefaults() throws Exception {
+ URL emptyUrl = getClass().getClassLoader().getResource("test_worker_config.yml");
+ WorkerConfig emptyWc = WorkerConfig.load(emptyUrl.toURI().getPath());
+ assertNull(emptyWc.getFunctionAuthProviderClassName());
+
+ URL newK8SUrl = getClass().getClassLoader().getResource("test_worker_k8s_config.yml");
+ WorkerConfig newK8SWc = WorkerConfig.load(newK8SUrl.toURI().getPath());
+ assertEquals(newK8SWc.getFunctionRuntimeFactoryClassName(), KubernetesRuntimeFactory.class.getName());
+ assertEquals(newK8SWc.getFunctionAuthProviderClassName(), KubernetesSecretsTokenAuthProvider.class.getName());
+
+ URL legacyK8SUrl = getClass().getClassLoader().getResource("test_worker_k8s_legacy_config.yml");
+ WorkerConfig legacyK8SWc = WorkerConfig.load(legacyK8SUrl.toURI().getPath());
+ assertEquals(legacyK8SWc.getFunctionAuthProviderClassName(), KubernetesSecretsTokenAuthProvider.class.getName());
+
+ URL overrideK8SUrl = getClass().getClassLoader().getResource("test_worker_k8s_auth_override_config.yml");
+ WorkerConfig overrideK8SWc = WorkerConfig.load(overrideK8SUrl.toURI().getPath());
+ assertEquals(overrideK8SWc.getFunctionAuthProviderClassName(), "org.apache.my.overridden.auth");
+
+ URL emptyOverrideUrl = getClass().getClassLoader().getResource("test_worker_auth_override_config.yml");
+ WorkerConfig emptyOverrideWc = WorkerConfig.load(emptyOverrideUrl.toURI().getPath());
+ assertEquals(emptyOverrideWc.getFunctionAuthProviderClassName(),"org.apache.my.overridden.auth");
+ }
+
}
diff --git a/pulsar-functions/worker/src/test/resources/test_worker_config.yml b/pulsar-functions/src/test/resources/test_worker_auth_override_config.yml
similarity index 93%
copy from pulsar-functions/worker/src/test/resources/test_worker_config.yml
copy to pulsar-functions/src/test/resources/test_worker_auth_override_config.yml
index f2645f6..264beae 100644
--- a/pulsar-functions/worker/src/test/resources/test_worker_config.yml
+++ b/pulsar-functions/src/test/resources/test_worker_auth_override_config.yml
@@ -22,4 +22,5 @@ workerPort: 7654
pulsarServiceUrl: pulsar://localhost:6650
functionMetadataTopicName: test-function-metadata-topic
numFunctionPackageReplicas: 3
+functionAuthProviderClassName: "org.apache.my.overridden.auth"
diff --git a/pulsar-functions/worker/src/test/resources/test_worker_config.yml b/pulsar-functions/src/test/resources/test_worker_config.yml
similarity index 100%
copy from pulsar-functions/worker/src/test/resources/test_worker_config.yml
copy to pulsar-functions/src/test/resources/test_worker_config.yml
diff --git a/pulsar-functions/worker/src/test/resources/test_worker_config.yml b/pulsar-functions/src/test/resources/test_worker_k8s_auth_override_config.yml
similarity index 84%
copy from pulsar-functions/worker/src/test/resources/test_worker_config.yml
copy to pulsar-functions/src/test/resources/test_worker_k8s_auth_override_config.yml
index f2645f6..4c6a36a 100644
--- a/pulsar-functions/worker/src/test/resources/test_worker_config.yml
+++ b/pulsar-functions/src/test/resources/test_worker_k8s_auth_override_config.yml
@@ -22,4 +22,6 @@ workerPort: 7654
pulsarServiceUrl: pulsar://localhost:6650
functionMetadataTopicName: test-function-metadata-topic
numFunctionPackageReplicas: 3
+functionRuntimeFactoryClassName: "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory"
+functionAuthProviderClassName: "org.apache.my.overridden.auth"
diff --git a/pulsar-functions/worker/src/test/resources/test_worker_config.yml b/pulsar-functions/src/test/resources/test_worker_k8s_config.yml
similarity index 89%
copy from pulsar-functions/worker/src/test/resources/test_worker_config.yml
copy to pulsar-functions/src/test/resources/test_worker_k8s_config.yml
index f2645f6..c2b5efb 100644
--- a/pulsar-functions/worker/src/test/resources/test_worker_config.yml
+++ b/pulsar-functions/src/test/resources/test_worker_k8s_config.yml
@@ -22,4 +22,5 @@ workerPort: 7654
pulsarServiceUrl: pulsar://localhost:6650
functionMetadataTopicName: test-function-metadata-topic
numFunctionPackageReplicas: 3
+functionRuntimeFactoryClassName: "org.apache.pulsar.functions.runtime.kubernetes.KubernetesRuntimeFactory"
diff --git a/pulsar-functions/worker/src/test/resources/test_worker_config.yml b/pulsar-functions/src/test/resources/test_worker_k8s_legacy_config.yml
similarity index 94%
rename from pulsar-functions/worker/src/test/resources/test_worker_config.yml
rename to pulsar-functions/src/test/resources/test_worker_k8s_legacy_config.yml
index f2645f6..ee89a13 100644
--- a/pulsar-functions/worker/src/test/resources/test_worker_config.yml
+++ b/pulsar-functions/src/test/resources/test_worker_k8s_legacy_config.yml
@@ -22,4 +22,7 @@ workerPort: 7654
pulsarServiceUrl: pulsar://localhost:6650
functionMetadataTopicName: test-function-metadata-topic
numFunctionPackageReplicas: 3
+kubernetesContainerFactory:
+ k8Uri: "http://test"
+
diff --git a/pulsar-functions/worker/pom.xml b/pulsar-functions/worker/pom.xml
index 3881630..2a0082e 100644
--- a/pulsar-functions/worker/pom.xml
+++ b/pulsar-functions/worker/pom.xml
@@ -149,7 +149,7 @@
<build>
<plugins>
- <!-- this task will copy nar files to resources for the test to work -->
+ <!-- this task will copy nar files and config files to resources for the test to work -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
@@ -167,6 +167,13 @@
<echo>copy test source package</echo>
<mkdir dir="${basedir}/src/test/resources"/>
<copy file="${basedir}/../../pulsar-io/twitter/target/pulsar-io-twitter-${project.version}.nar" tofile="${basedir}/src/test/resources/pulsar-io-twitter.nar"/>
+ <echo>copy test config files</echo>
+ <mkdir dir="${basedir}/src/test/resources"/>
+ <copy todir="${basedir}/src/test/resources/">
+ <fileset dir="${basedir}/../src/test/resources/">
+ <include name="*.yml"/>
+ </fileset>
+ </copy>
</tasks>
</configuration>
</execution>