You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by lh...@apache.org on 2024/01/26 22:54:34 UTC
(pulsar) branch branch-3.0 updated (a6fd517ee39 -> c614e4def0f)
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a change to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
from a6fd517ee39 [improve][build] Add a default username in the image (#21695)
new d83c7182a77 Revert "[fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21633)"
new 57b73027a87 [cleanup] Deduplicate test certificates to simplify management (#20289)
new e9cd566eb56 [cleanup] Consolidate certs used in tests (#20336)
new 8bab1ecd720 Revert "[fix][test][branch-3.0] fix testCleanupEmptySubscriptionAuthenticationMap (#21744)"
new d510b1d1013 [fix][test] ProxyWithoutServiceDiscoveryTest should enable authz (#20348)
new e1982bc5151 [cleanup] Consolidate certs in broker (and some proxy) tests (#20353)
new 8e2eb50d9c9 [fix][broker] Fix PulsarService.getLookupServiceAddress returns wrong port if TLS is enabled (#21015)
new 1fc5cf14954 [fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21633)
new 5fc4f3d5ace [fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21842)
new 7d28dbf4be1 [fix][broker] Fix leader broker cannot be determined when the advertised address and advertised listeners are configured (#21894)
new c614e4def0f [fix][broker] Restore the broker id to match the format used in existing Pulsar releases (#21937)
The 11 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
bouncy-castle/bcfips-include-test/pom.xml | 22 ++
.../pulsar/client/TlsProducerConsumerBase.java | 23 +-
.../resources/authentication/tls/broker-cert.pem | 71 -----
.../resources/authentication/tls/broker-key.pem | 28 --
.../test/resources/authentication/tls/cacert.pem | 78 ------
.../resources/authentication/tls/client-cert.pem | 71 -----
.../resources/authentication/tls/client-key.pem | 28 --
build/regenerate_certs_for_tests.sh | 7 -
.../org/apache/pulsar/broker/PulsarService.java | 34 ++-
.../pulsar/broker/admin/impl/BrokersBase.java | 24 +-
.../pulsar/broker/admin/impl/NamespacesBase.java | 11 +-
.../pulsar/broker/loadbalance/LeaderBroker.java | 18 ++
.../broker/loadbalance/LeaderElectionService.java | 12 +-
.../pulsar/broker/loadbalance/NoopLoadManager.java | 14 +-
.../pulsar/broker/loadbalance/ResourceUnit.java | 2 -
.../loadbalance/extensions/BrokerRegistryImpl.java | 2 +-
.../extensions/ExtensibleLoadManagerImpl.java | 15 +-
.../channel/ServiceUnitStateChannelImpl.java | 38 +--
.../policies/IsolationPoliciesHelper.java | 8 +-
.../reporter/BrokerLoadDataReporter.java | 14 +-
.../reporter/TopBundleLoadDataReporter.java | 14 +-
.../broker/loadbalance/impl/LoadManagerShared.java | 99 +++----
.../loadbalance/impl/ModularLoadManagerImpl.java | 15 +-
.../impl/ModularLoadManagerWrapper.java | 21 +-
.../loadbalance/impl/SimpleLoadManagerImpl.java | 42 ++-
.../pulsar/broker/namespace/NamespaceService.java | 76 ++---
.../pulsar/broker/service/BrokerService.java | 2 +-
.../service/nonpersistent/NonPersistentTopic.java | 2 +-
.../broker/service/persistent/PersistentTopic.java | 2 +-
.../pulsar/broker/web/PulsarWebResource.java | 54 ++--
.../apache/pulsar/broker/PulsarServiceTest.java | 2 +
.../apache/pulsar/broker/SLAMonitoringTest.java | 16 +-
.../apache/pulsar/broker/admin/AdminApi2Test.java | 21 +-
.../broker/admin/AdminApiMultiBrokersTest.java | 5 +-
.../apache/pulsar/broker/admin/AdminApiTest.java | 39 ++-
.../pulsar/broker/admin/AdminApiTlsAuthTest.java | 38 ++-
.../org/apache/pulsar/broker/admin/AdminTest.java | 7 +-
.../broker/admin/BrokerAdminClientTlsAuthTest.java | 20 +-
.../pulsar/broker/admin/v1/V1_AdminApiTest.java | 16 +-
.../broker/auth/MockedPulsarServiceBaseTest.java | 19 +-
...isedListenersMultiBrokerLeaderElectionTest.java | 42 +++
.../loadbalance/AdvertisedListenersTest.java | 2 -
.../AntiAffinityNamespaceGroupTest.java | 4 +-
.../loadbalance/LeaderElectionServiceTest.java | 3 +-
.../broker/loadbalance/LoadBalancerTest.java | 13 +-
.../loadbalance/MultiBrokerLeaderElectionTest.java | 94 +++++--
.../loadbalance/SimpleLoadManagerImplTest.java | 35 +--
.../loadbalance/extensions/BrokerRegistryTest.java | 4 +-
.../extensions/ExtensibleLoadManagerImplTest.java | 48 ++--
.../channel/ServiceUnitStateChannelTest.java | 312 ++++++++++-----------
.../filter/BrokerIsolationPoliciesFilterTest.java | 64 ++---
.../extensions/scheduler/TransferShedderTest.java | 296 +++++++++----------
.../impl/ModularLoadManagerImplTest.java | 137 ++++-----
.../broker/namespace/NamespaceServiceTest.java | 39 ++-
.../OwnerShipForCurrentServerTestBase.java | 2 -
.../broker/service/AdvertisedAddressTest.java | 2 +-
.../pulsar/broker/service/BrokerServiceTest.java | 45 ++-
.../broker/service/ClusterMigrationTest.java | 9 +
.../broker/service/InactiveTopicDeleteTest.java | 4 +-
.../pulsar/broker/service/ReplicatorTest.java | 6 +-
.../systopic/PartitionedSystemTopicTest.java | 12 +-
.../broker/testcontext/PulsarTestContext.java | 48 +++-
.../broker/transaction/TransactionTestBase.java | 2 -
.../apache/pulsar/broker/web/WebServiceTest.java | 30 +-
.../api/AuthenticatedProducerConsumerTest.java | 57 ++--
.../AuthenticationTlsHostnameVerificationTest.java | 26 +-
.../pulsar/client/api/BrokerServiceLookupTest.java | 61 ++--
.../client/api/ClientAuthenticationTlsTest.java | 31 +-
.../pulsar/client/api/ProducerConsumerBase.java | 5 -
.../pulsar/client/api/ProxyProtocolTest.java | 12 +-
.../pulsar/client/api/TlsHostVerificationTest.java | 36 ++-
.../pulsar/client/api/TlsProducerConsumerBase.java | 23 +-
.../pulsar/client/api/TlsProducerConsumerTest.java | 20 +-
.../org/apache/pulsar/client/api/TlsSniTest.java | 6 +-
.../api/TokenExpirationProduceConsumerTest.java | 10 +-
.../apache/pulsar/compaction/CompactionTest.java | 4 +-
.../worker/PulsarFunctionLocalRunTest.java | 16 +-
.../worker/PulsarFunctionPublishTest.java | 16 +-
.../functions/worker/PulsarFunctionTlsTest.java | 16 +-
.../apache/pulsar/io/AbstractPulsarE2ETest.java | 16 +-
.../apache/pulsar/io/PulsarFunctionAdminTest.java | 20 +-
.../apache/pulsar/io/PulsarFunctionTlsTest.java | 21 +-
.../proxy/ProxyPublishConsumeTlsTest.java | 13 +-
.../authentication/tls-http/admin.cert.pem | 26 --
.../authentication/tls-http/admin.key-pk8.pem | 28 --
.../authentication/tls-http/broker.cert.pem | 27 --
.../authentication/tls-http/broker.key-pk8.pem | 28 --
.../resources/authentication/tls-http/ca.cert.pem | 29 --
.../authentication/tls-http/proxy.cert.pem | 26 --
.../authentication/tls-http/proxy.key-pk8.pem | 28 --
.../authentication/tls-http/superproxy.cert.pem | 26 --
.../authentication/tls-http/superproxy.key-pk8.pem | 28 --
.../authentication/tls-http/user1.cert.pem | 26 --
.../authentication/tls-http/user1.key-pk8.pem | 28 --
.../resources/authentication/tls/broker-cert.pem | 117 --------
.../resources/authentication/tls/broker-key.pem | 27 --
.../test/resources/authentication/tls/cacert.pem | 127 ---------
.../resources/authentication/tls/client-cert.pem | 90 ------
.../resources/authentication/tls/client-key.pem | 27 --
.../src/test/resources/certificate/client.crt | 20 --
.../src/test/resources/certificate/client.csr | 17 --
.../src/test/resources/certificate/client.key | 28 --
.../src/test/resources/certificate/server.crt | 20 --
.../src/test/resources/certificate/server.csr | 17 --
.../src/test/resources/certificate/server.key | 28 --
.../org/apache/pulsar/client/admin/Brokers.java | 24 +-
.../pulsar/common/policies/data/BrokerInfo.java | 2 +
.../common/policies/data/impl/BrokerInfoImpl.java | 9 +-
.../pulsar/client/admin/internal/BrokersImpl.java | 8 +-
.../pulsar/client/cli/PulsarClientToolTest.java | 9 +-
.../proxy/server/AuthedAdminProxyHandlerTest.java | 32 +--
.../pulsar/proxy/server/ProxyRefreshAuthTest.java | 1 +
.../proxy/server/ProxyServiceTlsStarterTest.java | 17 +-
.../apache/pulsar/proxy/server/ProxyTlsTest.java | 12 +-
.../pulsar/proxy/server/ProxyTlsTestWithAuth.java | 8 +-
.../server/ProxyWithoutServiceDiscoveryTest.java | 52 ++--
.../SuperUserAuthedAdminProxyHandlerTest.java | 26 +-
.../authentication/tls-admin-proxy/admin.cert.pem | 26 --
.../tls-admin-proxy/admin.key-pk8.pem | 28 --
.../authentication/tls-admin-proxy/broker.cert.pem | 27 --
.../tls-admin-proxy/broker.key-pk8.pem | 28 --
.../authentication/tls-admin-proxy/ca.cert.pem | 29 --
.../authentication/tls-admin-proxy/proxy.cert.pem | 26 --
.../tls-admin-proxy/proxy.key-pk8.pem | 28 --
.../tls-admin-proxy/randouser.cert.pem | 19 --
.../tls-admin-proxy/randouser.key-pk8.pem | 28 --
.../tls-admin-proxy/superproxy.cert.pem | 26 --
.../tls-admin-proxy/superproxy.key-pk8.pem | 28 --
.../authentication/tls-admin-proxy/user1.cert.pem | 26 --
.../tls-admin-proxy/user1.key-pk8.pem | 28 --
tests/certificate-authority/.gitignore | 3 +
tests/certificate-authority/README.md | 24 +-
tests/certificate-authority/index.txt | 2 +
.../certificate-authority/newcerts/1007.pem | 0
tests/certificate-authority/newcerts/1008.pem | 110 ++++++++
tests/certificate-authority/openssl.cnf | 17 +-
tests/certificate-authority/serial | 2 +-
.../server-keys/broker.cert.pem | 134 +++++++--
.../server-keys/broker.csr.pem | 26 +-
.../server-keys/broker.key-pk8.pem | 52 ++--
.../server-keys/broker.key.pem | 50 ++--
.../server-keys/proxy.cert.pem | 133 +++++++--
.../server-keys/proxy.csr.pem | 26 +-
.../server-keys/proxy.key-pk8.pem | 52 ++--
.../server-keys/proxy.key.pem | 50 ++--
.../integration/containers/BrokerContainer.java | 9 +-
.../integration/containers/ProxyContainer.java | 9 +-
.../tests/integration/tls/ClientTlsTest.java | 9 +
.../integration/topologies/PulsarCluster.java | 40 ++-
.../integration/topologies/PulsarClusterSpec.java | 6 +
150 files changed, 1948 insertions(+), 2863 deletions(-)
delete mode 100644 bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-cert.pem
delete mode 100644 bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-key.pem
delete mode 100644 bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/cacert.pem
delete mode 100644 bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-cert.pem
delete mode 100644 bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-key.pem
create mode 100644 pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersMultiBrokerLeaderElectionTest.java
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/admin.cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/admin.key-pk8.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/broker.cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/broker.key-pk8.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/ca.cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/proxy.cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/proxy.key-pk8.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/superproxy.cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/superproxy.key-pk8.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/user1.cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls-http/user1.key-pk8.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls/broker-key.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls/cacert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls/client-cert.pem
delete mode 100644 pulsar-broker/src/test/resources/authentication/tls/client-key.pem
delete mode 100644 pulsar-broker/src/test/resources/certificate/client.crt
delete mode 100644 pulsar-broker/src/test/resources/certificate/client.csr
delete mode 100644 pulsar-broker/src/test/resources/certificate/client.key
delete mode 100644 pulsar-broker/src/test/resources/certificate/server.crt
delete mode 100644 pulsar-broker/src/test/resources/certificate/server.csr
delete mode 100644 pulsar-broker/src/test/resources/certificate/server.key
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.cert.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.key-pk8.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.cert.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.key-pk8.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/ca.cert.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.cert.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.key-pk8.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.cert.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.key-pk8.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.cert.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.key-pk8.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.cert.pem
delete mode 100644 pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.key-pk8.pem
create mode 100644 tests/certificate-authority/.gitignore
copy pulsar-io/elastic-search/src/test/resources/ssl/elasticsearch.crt => tests/certificate-authority/newcerts/1007.pem (100%)
create mode 100644 tests/certificate-authority/newcerts/1008.pem
(pulsar) 11/11: [fix][broker] Restore the broker id to match the format used in existing Pulsar releases (#21937)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit c614e4def0ff4db8f873a5d2a4abb83756dd6f48
Author: Lari Hotari <lh...@users.noreply.github.com>
AuthorDate: Sun Jan 21 09:31:05 2024 -0800
[fix][broker] Restore the broker id to match the format used in existing Pulsar releases (#21937)
(cherry picked from commit 63473159c42b2867acbd8defe8e72f084dc32500)
---
.../org/apache/pulsar/broker/PulsarService.java | 13 +++++++++---
.../pulsar/broker/admin/impl/BrokersBase.java | 14 ++++++-------
.../apache/pulsar/broker/admin/AdminApi2Test.java | 7 +++----
.../apache/pulsar/broker/admin/AdminApiTest.java | 8 ++------
.../org/apache/pulsar/broker/admin/AdminTest.java | 4 ++--
.../pulsar/broker/admin/v1/V1_AdminApiTest.java | 5 +----
.../AntiAffinityNamespaceGroupTest.java | 4 ++--
.../broker/loadbalance/LoadBalancerTest.java | 4 ++--
.../impl/ModularLoadManagerImplTest.java | 4 ++--
.../broker/service/AdvertisedAddressTest.java | 2 +-
.../pulsar/broker/service/BrokerServiceTest.java | 9 --------
.../pulsar/broker/service/ReplicatorTest.java | 6 ++----
.../pulsar/client/api/BrokerServiceLookupTest.java | 2 +-
.../org/apache/pulsar/client/admin/Brokers.java | 24 +++++++++++-----------
.../pulsar/client/admin/internal/BrokersImpl.java | 8 ++++----
15 files changed, 51 insertions(+), 63 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
index 9e9ec448355..320d586e76e 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
@@ -822,10 +822,10 @@ public class PulsarService implements AutoCloseable, ShutdownService {
this.brokerServiceUrlTls = brokerUrlTls(config);
// the broker id is used in the load manager to identify the broker
+ // it should not be used for making connections to the broker
this.brokerId =
- String.format("%s:%s", advertisedAddress, config.getWebServicePortTls().isPresent()
- ? config.getWebServicePortTls().get()
- : config.getWebServicePort().orElseThrow());
+ String.format("%s:%s", advertisedAddress, config.getWebServicePort()
+ .or(config::getWebServicePortTls).orElseThrow());
if (null != this.webSocketService) {
@@ -1750,6 +1750,13 @@ public class PulsarService implements AutoCloseable, ShutdownService {
return brokerServiceUrlTls != null ? brokerServiceUrlTls : brokerServiceUrl;
}
+ /**
+ * Return the broker id. The broker id is used in the load manager to uniquely identify the broker at runtime.
+ * It should not be used for making connections to the broker. The broker id is available after {@link #start()}
+ * has been called.
+ *
+ * @return broker id
+ */
public String getBrokerId() {
return Objects.requireNonNull(brokerId,
"brokerId is not initialized before start has been called");
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
index 31abeee54be..1234e9d49f4 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
@@ -86,7 +86,7 @@ public class BrokersBase extends AdminResource {
@GET
@Path("/{cluster}")
@ApiOperation(
- value = "Get the list of active brokers (web service addresses) in the cluster."
+ value = "Get the list of active brokers (broker ids) in the cluster."
+ "If authorization is not enabled, any cluster name is valid.",
response = String.class,
responseContainer = "Set")
@@ -116,7 +116,7 @@ public class BrokersBase extends AdminResource {
@GET
@ApiOperation(
- value = "Get the list of active brokers (web service addresses) in the local cluster."
+ value = "Get the list of active brokers (broker ids) in the local cluster."
+ "If authorization is not enabled",
response = String.class,
responseContainer = "Set")
@@ -156,8 +156,8 @@ public class BrokersBase extends AdminResource {
}
@GET
- @Path("/{clusterName}/{broker-webserviceurl}/ownedNamespaces")
- @ApiOperation(value = "Get the list of namespaces served by the specific broker",
+ @Path("/{clusterName}/{brokerId}/ownedNamespaces")
+ @ApiOperation(value = "Get the list of namespaces served by the specific broker id",
response = NamespaceOwnershipStatus.class, responseContainer = "Map")
@ApiResponses(value = {
@ApiResponse(code = 307, message = "Current broker doesn't serve the cluster"),
@@ -165,9 +165,9 @@ public class BrokersBase extends AdminResource {
@ApiResponse(code = 404, message = "Cluster doesn't exist") })
public void getOwnedNamespaces(@Suspended final AsyncResponse asyncResponse,
@PathParam("clusterName") String cluster,
- @PathParam("broker-webserviceurl") String broker) {
+ @PathParam("brokerId") String brokerId) {
validateSuperUserAccessAsync()
- .thenCompose(__ -> maybeRedirectToBroker(broker))
+ .thenCompose(__ -> maybeRedirectToBroker(brokerId))
.thenCompose(__ -> validateClusterOwnershipAsync(cluster))
.thenCompose(__ -> pulsar().getNamespaceService().getOwnedNameSpacesStatusAsync())
.thenAccept(asyncResponse::resume)
@@ -175,7 +175,7 @@ public class BrokersBase extends AdminResource {
// If the exception is not redirect exception we need to log it.
if (!isRedirectException(ex)) {
LOG.error("[{}] Failed to get the namespace ownership status. cluster={}, broker={}",
- clientAppId(), cluster, broker);
+ clientAppId(), cluster, brokerId);
}
resumeAsyncResponseExceptionally(asyncResponse, ex);
return null;
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java
index 0f94a8813c0..6ce4c24a191 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java
@@ -515,8 +515,7 @@ public class AdminApi2Test extends MockedPulsarServiceBaseTest {
assertEquals(topicStats.getSubscriptions().get("my-sub").getMsgDropRate(), 0);
assertEquals(topicStats.getPublishers().size(), 0);
assertEquals(topicStats.getMsgDropRate(), 0);
- assertEquals(topicStats.getOwnerBroker(),
- pulsar.getAdvertisedAddress() + ":" + pulsar.getConfiguration().getWebServicePort().get());
+ assertEquals(topicStats.getOwnerBroker(), pulsar.getBrokerId());
PersistentTopicInternalStats internalStats = admin.topics().getInternalStats(nonPersistentTopicName, false);
assertEquals(internalStats.cursors.keySet(), Set.of("my-sub"));
@@ -1309,7 +1308,7 @@ public class AdminApi2Test extends MockedPulsarServiceBaseTest {
String cluster = pulsar.getConfiguration().getClusterName();
String namespaceRegex = "other/" + cluster + "/other.*";
String brokerName = pulsar.getAdvertisedAddress();
- String brokerAddress = brokerName + ":" + pulsar.getConfiguration().getWebServicePort().get();
+ String brokerAddress = pulsar.getBrokerId();
Map<String, String> parameters1 = new HashMap<>();
parameters1.put("min_limit", "1");
@@ -1317,7 +1316,7 @@ public class AdminApi2Test extends MockedPulsarServiceBaseTest {
NamespaceIsolationData nsPolicyData1 = NamespaceIsolationData.builder()
.namespaces(Collections.singletonList(namespaceRegex))
- .primary(Collections.singletonList(brokerName + ":[0-9]*"))
+ .primary(Collections.singletonList(brokerName))
.secondary(Collections.singletonList(brokerName + ".*"))
.autoFailoverPolicy(AutoFailoverPolicyData.builder()
.policyType(AutoFailoverPolicyType.min_available)
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
index 5b1dba54d77..b5ce948725f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
@@ -545,10 +545,7 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
}
}
- String[] parts = list.get(0).split(":");
- Assert.assertEquals(parts.length, 2);
- Map<String, NamespaceOwnershipStatus> nsMap2 = adminTls.brokers().getOwnedNamespaces("test",
- String.format("%s:%d", parts[0], pulsar.getListenPortHTTPS().get()));
+ Map<String, NamespaceOwnershipStatus> nsMap2 = adminTls.brokers().getOwnedNamespaces("test", list.get(0));
Assert.assertEquals(nsMap2.size(), 2);
deleteNamespaceWithRetry("prop-xyz/ns1", false);
@@ -939,8 +936,7 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
assertEquals(topicStats.getSubscriptions().get(subName).getConsumers().size(), 1);
assertEquals(topicStats.getSubscriptions().get(subName).getMsgBacklog(), 10);
assertEquals(topicStats.getPublishers().size(), 0);
- assertEquals(topicStats.getOwnerBroker(),
- pulsar.getAdvertisedAddress() + ":" + pulsar.getConfiguration().getWebServicePortTls().get());
+ assertEquals(topicStats.getOwnerBroker(), pulsar.getBrokerId());
PersistentTopicInternalStats internalStats = admin.topics().getInternalStats(persistentTopicName, false);
assertEquals(internalStats.cursors.keySet(), Set.of(Codec.encode(subName)));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java
index e9352503822..25ef8d8aee1 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java
@@ -302,7 +302,7 @@ public class AdminTest extends MockedPulsarServiceBaseTest {
NamespaceIsolationDataImpl policyData = NamespaceIsolationDataImpl.builder()
.namespaces(Collections.singletonList("dummy/colo/ns"))
- .primary(Collections.singletonList("localhost" + ":" + pulsar.getListenPortHTTP()))
+ .primary(Collections.singletonList(pulsar.getAdvertisedAddress()))
.autoFailoverPolicy(AutoFailoverPolicyData.builder()
.policyType(AutoFailoverPolicyType.min_available)
.parameters(parameters1)
@@ -722,7 +722,7 @@ public class AdminTest extends MockedPulsarServiceBaseTest {
assertTrue(res instanceof Set);
Set<String> activeBrokers = (Set<String>) res;
assertEquals(activeBrokers.size(), 1);
- assertEquals(activeBrokers, Set.of(pulsar.getAdvertisedAddress() + ":" + pulsar.getListenPortHTTP().get()));
+ assertEquals(activeBrokers, Set.of(pulsar.getBrokerId()));
Object leaderBrokerRes = asyncRequests(ctx -> brokers.getLeaderBroker(ctx));
assertTrue(leaderBrokerRes instanceof BrokerInfo);
BrokerInfo leaderBroker = (BrokerInfo)leaderBrokerRes;
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
index 75ce99cba59..be4f735e91a 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
@@ -457,10 +457,7 @@ public class V1_AdminApiTest extends MockedPulsarServiceBaseTest {
}
}
- String[] parts = list.get(0).split(":");
- Assert.assertEquals(parts.length, 2);
- Map<String, NamespaceOwnershipStatus> nsMap2 = adminTls.brokers().getOwnedNamespaces("use",
- String.format("%s:%d", parts[0], pulsar.getListenPortHTTPS().get()));
+ Map<String, NamespaceOwnershipStatus> nsMap2 = adminTls.brokers().getOwnedNamespaces("use", list.get(0));
Assert.assertEquals(nsMap2.size(), 2);
admin.namespaces().deleteNamespace("prop-xyz/use/ns1");
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AntiAffinityNamespaceGroupTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AntiAffinityNamespaceGroupTest.java
index 560cfa9216a..5fbda961c0e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AntiAffinityNamespaceGroupTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AntiAffinityNamespaceGroupTest.java
@@ -103,14 +103,14 @@ public class AntiAffinityNamespaceGroupTest extends MockedPulsarServiceBaseTest
setupConfigs(conf);
super.internalSetup(conf);
pulsar1 = pulsar;
- primaryHost = String.format("%s:%d", "localhost", pulsar1.getListenPortHTTP().get());
+ primaryHost = pulsar1.getBrokerId();
admin1 = admin;
var config2 = getDefaultConf();
setupConfigs(config2);
additionalPulsarTestContext = createAdditionalPulsarTestContext(config2);
pulsar2 = additionalPulsarTestContext.getPulsarService();
- secondaryHost = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTP().get());
+ secondaryHost = pulsar2.getBrokerId();
primaryLoadManager = getField(pulsar1.getLoadManager().get(), "loadManager");
secondaryLoadManager = getField(pulsar2.getLoadManager().get(), "loadManager");
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
index e350004a739..04a2175b1d1 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
@@ -743,7 +743,7 @@ public class LoadBalancerTest {
// set up policy that use this broker as secondary
policyData = NamespaceIsolationData.builder()
.namespaces(Collections.singletonList("pulsar/use/secondary-ns.*"))
- .primary(Collections.singletonList(pulsarServices[0].getWebServiceAddress()))
+ .primary(Collections.singletonList(pulsarServices[0].getAdvertisedAddress()))
.secondary(allExceptFirstBroker)
.autoFailoverPolicy(AutoFailoverPolicyData.builder()
.policyType(AutoFailoverPolicyType.min_available)
@@ -755,7 +755,7 @@ public class LoadBalancerTest {
// set up policy that do not use this broker (neither primary nor secondary)
policyData = NamespaceIsolationData.builder()
.namespaces(Collections.singletonList("pulsar/use/shared-ns.*"))
- .primary(Collections.singletonList(pulsarServices[0].getWebServiceAddress()))
+ .primary(Collections.singletonList(pulsarServices[0].getAdvertisedAddress()))
.secondary(allExceptFirstBroker)
.autoFailoverPolicy(AutoFailoverPolicyData.builder()
.policyType(AutoFailoverPolicyType.min_available)
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
index 3552bd657c0..8609d5889af 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
@@ -177,7 +177,7 @@ public class ModularLoadManagerImplTest {
pulsar1 = new PulsarService(config1);
pulsar1.start();
- primaryBrokerId = String.format("%s:%d", "localhost", pulsar1.getListenPortHTTPS().get());
+ primaryBrokerId = pulsar1.getBrokerId();
url1 = new URL(pulsar1.getWebServiceAddress());
admin1 = PulsarAdmin.builder().serviceHttpUrl(url1.toString()).build();
@@ -211,7 +211,7 @@ public class ModularLoadManagerImplTest {
config.setBrokerServicePortTls(Optional.of(0));
pulsar3 = new PulsarService(config);
- secondaryBrokerId = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTPS().get());
+ secondaryBrokerId = pulsar2.getBrokerId();
url2 = new URL(pulsar2.getWebServiceAddress());
admin2 = PulsarAdmin.builder().serviceHttpUrl(url2.toString()).build();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/AdvertisedAddressTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/AdvertisedAddressTest.java
index 554c663850f..19e40ebf996 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/AdvertisedAddressTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/AdvertisedAddressTest.java
@@ -75,7 +75,7 @@ public class AdvertisedAddressTest {
Assert.assertEquals( pulsar.getAdvertisedAddress(), advertisedAddress );
Assert.assertEquals( pulsar.getBrokerServiceUrl(), String.format("pulsar://%s:%d", advertisedAddress, pulsar.getBrokerListenPort().get()) );
Assert.assertEquals( pulsar.getSafeWebServiceAddress(), String.format("http://%s:%d", advertisedAddress, pulsar.getListenPortHTTP().get()) );
- String brokerZkPath = String.format("/loadbalance/brokers/%s:%d", pulsar.getAdvertisedAddress(), pulsar.getListenPortHTTP().get());
+ String brokerZkPath = String.format("/loadbalance/brokers/%s", pulsar.getBrokerId());
String bkBrokerData = new String(bkEnsemble.getZkClient().getData(brokerZkPath, false, new Stat()), StandardCharsets.UTF_8);
JsonObject jsonBkBrokerData = new Gson().fromJson(bkBrokerData, JsonObject.class);
Assert.assertEquals( jsonBkBrokerData.get("pulsarServiceUrl").getAsString(), pulsar.getBrokerServiceUrl() );
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
index 0c059d20833..9789c9d725c 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
@@ -1646,13 +1646,4 @@ public class BrokerServiceTest extends BrokerTestBase {
fail("Unsubscribe failed");
}
}
-
- @Test
- public void testGetBrokerId() throws Exception {
- cleanup();
- conf.setWebServicePortTls(Optional.of(8081));
- setup();
- assertEquals(pulsar.getBrokerId(), "localhost:8081");
- resetState();
- }
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java
index 3d955250608..3fa3a8dfc0f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java
@@ -239,16 +239,14 @@ public class ReplicatorTest extends ReplicatorTestBase {
pulsar1.getConfiguration().setAuthorizationEnabled(true);
//init clusterData
- String cluster2ServiceUrls = String.format("%s,localhost:1234,localhost:5678,localhost:5677,localhost:5676",
- pulsar2.getWebServiceAddress());
- ClusterData cluster2Data = ClusterData.builder().serviceUrl(cluster2ServiceUrls).build();
+ ClusterData cluster2Data = ClusterData.builder().serviceUrl(pulsar2.getWebServiceAddress()).build();
String cluster2 = "activeCLuster2";
admin2.clusters().createCluster(cluster2, cluster2Data);
Awaitility.await().until(()
-> admin2.clusters().getCluster(cluster2) != null);
List<String> list = admin1.brokers().getActiveBrokers(cluster2);
- assertEquals(list.get(0), urlTls2.toString().replace("https://", ""));
+ assertEquals(list.get(0), pulsar2.getBrokerId());
//restore configuration
pulsar1.getConfiguration().setAuthorizationEnabled(false);
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
index cb72c7d42cd..dab4fe9087e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
@@ -760,7 +760,7 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
});
// Unload the NamespacePolicies and AntiAffinity check.
- String currentBroker = String.format("%s:%d", "localhost", pulsar.getListenPortHTTP().get());
+ String currentBroker = pulsar.getBrokerId();
assertTrue(loadManager.shouldNamespacePoliciesUnload(namespace,"0x00000000_0xffffffff", currentBroker));
assertTrue(loadManager.shouldAntiAffinityNamespaceUnload(namespace,"0x00000000_0xffffffff", currentBroker));
diff --git a/pulsar-client-admin-api/src/main/java/org/apache/pulsar/client/admin/Brokers.java b/pulsar-client-admin-api/src/main/java/org/apache/pulsar/client/admin/Brokers.java
index 29c280f8ba5..dc0b7c9885a 100644
--- a/pulsar-client-admin-api/src/main/java/org/apache/pulsar/client/admin/Brokers.java
+++ b/pulsar-client-admin-api/src/main/java/org/apache/pulsar/client/admin/Brokers.java
@@ -35,7 +35,7 @@ public interface Brokers {
/**
* Get the list of active brokers in the local cluster.
* <p/>
- * Get the list of active brokers (web service addresses) in the local cluster.
+ * Get the list of active brokers (broker ids) in the local cluster.
* <p/>
* Response Example:
*
@@ -44,7 +44,7 @@ public interface Brokers {
* * * "prod1-broker3.messaging.use.example.com:8080"]</code>
* </pre>
*
- * @return a list of (host:port)
+ * @return a list of broker ids
* @throws NotAuthorizedException
* You don't have admin permission to get the list of active brokers in the cluster
* @throws PulsarAdminException
@@ -55,7 +55,7 @@ public interface Brokers {
/**
* Get the list of active brokers in the local cluster asynchronously.
* <p/>
- * Get the list of active brokers (web service addresses) in the local cluster.
+ * Get the list of active brokers (broker ids) in the local cluster.
* <p/>
* Response Example:
*
@@ -64,13 +64,13 @@ public interface Brokers {
* "prod1-broker3.messaging.use.example.com:8080"]</code>
* </pre>
*
- * @return a list of (host:port)
+ * @return a list of broker ids
*/
CompletableFuture<List<String>> getActiveBrokersAsync();
/**
* Get the list of active brokers in the cluster.
* <p/>
- * Get the list of active brokers (web service addresses) in the cluster.
+ * Get the list of active brokers (broker ids) in the cluster.
* <p/>
* Response Example:
*
@@ -81,7 +81,7 @@ public interface Brokers {
*
* @param cluster
* Cluster name
- * @return a list of (host:port)
+ * @return a list of broker ids
* @throws NotAuthorizedException
* You don't have admin permission to get the list of active brokers in the cluster
* @throws NotFoundException
@@ -94,7 +94,7 @@ public interface Brokers {
/**
* Get the list of active brokers in the cluster asynchronously.
* <p/>
- * Get the list of active brokers (web service addresses) in the cluster.
+ * Get the list of active brokers (broker ids) in the cluster.
* <p/>
* Response Example:
*
@@ -105,7 +105,7 @@ public interface Brokers {
*
* @param cluster
* Cluster name
- * @return a list of (host:port)
+ * @return a list of broker ids
*/
CompletableFuture<List<String>> getActiveBrokersAsync(String cluster);
@@ -156,11 +156,11 @@ public interface Brokers {
* </pre>
*
* @param cluster
- * @param brokerUrl
+ * @param brokerId
* @return
* @throws PulsarAdminException
*/
- Map<String, NamespaceOwnershipStatus> getOwnedNamespaces(String cluster, String brokerUrl)
+ Map<String, NamespaceOwnershipStatus> getOwnedNamespaces(String cluster, String brokerId)
throws PulsarAdminException;
/**
@@ -176,10 +176,10 @@ public interface Brokers {
* </pre>
*
* @param cluster
- * @param brokerUrl
+ * @param brokerId
* @return
*/
- CompletableFuture<Map<String, NamespaceOwnershipStatus>> getOwnedNamespacesAsync(String cluster, String brokerUrl);
+ CompletableFuture<Map<String, NamespaceOwnershipStatus>> getOwnedNamespacesAsync(String cluster, String brokerId);
/**
* Update a dynamic configuration value into ZooKeeper.
diff --git a/pulsar-client-admin/src/main/java/org/apache/pulsar/client/admin/internal/BrokersImpl.java b/pulsar-client-admin/src/main/java/org/apache/pulsar/client/admin/internal/BrokersImpl.java
index 0e6296724b3..7b4ebb1778d 100644
--- a/pulsar-client-admin/src/main/java/org/apache/pulsar/client/admin/internal/BrokersImpl.java
+++ b/pulsar-client-admin/src/main/java/org/apache/pulsar/client/admin/internal/BrokersImpl.java
@@ -75,15 +75,15 @@ public class BrokersImpl extends BaseResource implements Brokers {
}
@Override
- public Map<String, NamespaceOwnershipStatus> getOwnedNamespaces(String cluster, String brokerUrl)
+ public Map<String, NamespaceOwnershipStatus> getOwnedNamespaces(String cluster, String brokerId)
throws PulsarAdminException {
- return sync(() -> getOwnedNamespacesAsync(cluster, brokerUrl));
+ return sync(() -> getOwnedNamespacesAsync(cluster, brokerId));
}
@Override
public CompletableFuture<Map<String, NamespaceOwnershipStatus>> getOwnedNamespacesAsync(
- String cluster, String brokerUrl) {
- WebTarget path = adminBrokers.path(cluster).path(brokerUrl).path("ownedNamespaces");
+ String cluster, String brokerId) {
+ WebTarget path = adminBrokers.path(cluster).path(brokerId).path("ownedNamespaces");
return asyncGetRequest(path, new FutureCallback<Map<String, NamespaceOwnershipStatus>>(){});
}
(pulsar) 03/11: [cleanup] Consolidate certs used in tests (#20336)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit e9cd566eb564f58ef6b76954ade13a98d02d4391
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Wed May 17 10:29:45 2023 -0500
[cleanup] Consolidate certs used in tests (#20336)
Builds on: https://github.com/apache/pulsar/pull/20289
There are many certificates in our test code base. It would be much simpler to have one place were we create and manage certificates so that when we need to make changes, they are consolidated.
There is likely one or two more PRs to finish consolidating certs.
* Remove certs that are no longer used
* Replace references to old certs with references to the `certificate-authority` certs
* Create new server certs with valid hostnames on them so that tests will pass. Document the process used to create these certs.
* Fix an issue in the `PulsarTestContext` where the configuration was not correctly updated.
* Remove configurations that allow for insecure connections in tests that are doing some kind of TLS verification. The only places where we leave insecure validation in place is tests that are specifically verifying the functionality.
* Copy `certificate-authority` to the relevant `bouncy-castle` directory
When tests pass, this change will be correctly verified.
- [x] `doc`
This PR includes doc changes
PR in forked repository: https://github.com/michaeljmarshall/pulsar/pull/48
(cherry picked from commit d45a2203a4e79a2da15d572e66e28bcec762382d)
---
bouncy-castle/bcfips-include-test/pom.xml | 22 ++++
.../pulsar/client/TlsProducerConsumerBase.java | 23 ++--
.../resources/authentication/tls/broker-cert.pem | 71 -----------
.../resources/authentication/tls/broker-key.pem | 28 -----
.../test/resources/authentication/tls/cacert.pem | 78 ------------
.../resources/authentication/tls/client-cert.pem | 71 -----------
.../resources/authentication/tls/client-key.pem | 28 -----
build/regenerate_certs_for_tests.sh | 7 --
.../broker/admin/BrokerAdminClientTlsAuthTest.java | 2 +-
.../broker/testcontext/PulsarTestContext.java | 3 +
.../api/AuthenticatedProducerConsumerTest.java | 53 ++++----
.../AuthenticationTlsHostnameVerificationTest.java | 26 ++--
.../client/api/ClientAuthenticationTlsTest.java | 27 ++---
.../pulsar/client/api/ProducerConsumerBase.java | 5 -
.../pulsar/client/api/ProxyProtocolTest.java | 12 +-
.../pulsar/client/api/TlsHostVerificationTest.java | 36 ++++--
.../pulsar/client/api/TlsProducerConsumerBase.java | 23 ++--
.../pulsar/client/api/TlsProducerConsumerTest.java | 20 +--
.../org/apache/pulsar/client/api/TlsSniTest.java | 6 +-
.../api/TokenExpirationProduceConsumerTest.java | 10 +-
.../worker/PulsarFunctionLocalRunTest.java | 16 ++-
.../worker/PulsarFunctionPublishTest.java | 16 ++-
.../apache/pulsar/io/AbstractPulsarE2ETest.java | 16 ++-
.../apache/pulsar/io/PulsarFunctionAdminTest.java | 20 +--
.../apache/pulsar/io/PulsarFunctionTlsTest.java | 21 ++--
.../proxy/ProxyPublishConsumeTlsTest.java | 13 +-
tests/certificate-authority/.gitignore | 3 +
tests/certificate-authority/README.md | 24 ++--
tests/certificate-authority/index.txt | 2 +
tests/certificate-authority/newcerts/1007.pem | 111 +++++++++++++++++
tests/certificate-authority/newcerts/1008.pem | 110 +++++++++++++++++
tests/certificate-authority/openssl.cnf | 17 ++-
tests/certificate-authority/serial | 2 +-
.../server-keys/broker.cert.pem | 134 +++++++++++++++++----
.../server-keys/broker.csr.pem | 26 ++--
.../server-keys/broker.key-pk8.pem | 52 ++++----
.../server-keys/broker.key.pem | 50 ++++----
.../server-keys/proxy.cert.pem | 133 ++++++++++++++++----
.../server-keys/proxy.csr.pem | 26 ++--
.../server-keys/proxy.key-pk8.pem | 52 ++++----
.../server-keys/proxy.key.pem | 50 ++++----
41 files changed, 812 insertions(+), 633 deletions(-)
diff --git a/bouncy-castle/bcfips-include-test/pom.xml b/bouncy-castle/bcfips-include-test/pom.xml
index 2770b5127c8..1298601c24e 100644
--- a/bouncy-castle/bcfips-include-test/pom.xml
+++ b/bouncy-castle/bcfips-include-test/pom.xml
@@ -85,6 +85,28 @@
<skip>true</skip>
</configuration>
</plugin>
+ <plugin>
+ <artifactId>maven-resources-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>copy-resources</id>
+ <phase>test-compile</phase>
+ <goals>
+ <goal>copy-resources</goal>
+ </goals>
+ <configuration>
+ <outputDirectory>${project.build.testOutputDirectory}/certificate-authority</outputDirectory>
+ <overwrite>true</overwrite>
+ <resources>
+ <resource>
+ <directory>${project.parent.parent.basedir}/tests/certificate-authority</directory>
+ <filtering>false</filtering>
+ </resource>
+ </resources>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java b/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java
index 330d4fbc068..e8e12838def 100644
--- a/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java
+++ b/bouncy-castle/bcfips-include-test/src/test/java/org/apache/pulsar/client/TlsProducerConsumerBase.java
@@ -37,11 +37,6 @@ import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
public class TlsProducerConsumerBase extends ProducerConsumerBase {
- protected final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- protected final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- protected final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
- protected final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- protected final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
private final String clusterName = "use";
@BeforeMethod(alwaysRun = true)
@@ -63,9 +58,9 @@ public class TlsProducerConsumerBase extends ProducerConsumerBase {
protected void internalSetUpForBroker() throws Exception {
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setClusterName(clusterName);
conf.setTlsRequireTrustedClientCertOnConnect(true);
Set<String> tlsProtocols = Sets.newConcurrentHashSet();
@@ -81,12 +76,12 @@ public class TlsProducerConsumerBase extends ProducerConsumerBase {
}
ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(lookupUrl)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
.operationTimeout(1000, TimeUnit.MILLISECONDS);
if (addCertificates) {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
clientBuilder.authentication(AuthenticationTls.class.getName(), authParams);
}
pulsarClient = clientBuilder.build();
@@ -94,15 +89,15 @@ public class TlsProducerConsumerBase extends ProducerConsumerBase {
protected void internalSetUpForNamespace() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
if (admin != null) {
admin.close();
}
admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).allowTlsInsecureConnection(false)
.authentication(AuthenticationTls.class.getName(), authParams).build());
admin.clusters().createCluster(clusterName, ClusterData.builder()
.serviceUrl(brokerUrl.toString())
diff --git a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-cert.pem b/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-cert.pem
deleted file mode 100644
index e2b44e0bf0c..00000000000
--- a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-cert.pem
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 15537474201172114493 (0xd7a0327703a8fc3d)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=CARoot
- Validity
- Not Before: Feb 22 06:26:33 2023 GMT
- Not After : Feb 19 06:26:33 2033 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Pulsar, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:af:bf:b7:2d:98:ad:9d:f6:da:a3:13:d4:62:0f:
- 98:be:1c:a2:89:22:ba:6f:d5:fd:1f:67:e3:91:03:
- 98:80:81:0e:ed:d8:f6:70:7f:2c:36:68:3d:53:ea:
- 58:3a:a6:d5:89:66:4b:bd:1e:57:71:13:6d:4b:11:
- e5:40:a5:76:84:24:92:40:58:80:96:c9:1f:2c:c4:
- 55:eb:a3:79:73:70:5c:37:9a:89:ed:2f:ba:6b:e3:
- 82:7c:69:4a:02:54:8b:81:5e:3c:bf:4c:8a:cb:ea:
- 2c:5e:83:e7:b7:10:08:5f:82:58:a3:89:d1:da:92:
- ba:2a:28:ee:30:28:3f:5b:ae:10:71:96:c7:e1:12:
- c5:b0:1a:ad:44:6f:44:3a:11:4a:9a:3c:0f:8d:06:
- 80:7b:34:ef:3f:6c:f4:5e:c5:44:54:1e:c8:dd:c7:
- 80:85:80:d9:68:e6:c6:53:03:77:e1:fe:18:61:07:
- 77:05:4c:ed:59:bc:5d:41:38:6a:ef:5d:a1:b2:60:
- 98:d4:48:28:95:02:8a:0e:fd:cf:7b:1b:d2:11:cc:
- 10:0c:50:73:d7:cc:38:6c:83:dd:79:26:aa:90:c8:
- 9b:84:86:bc:59:e9:62:69:f4:98:1b:c4:80:78:7e:
- a0:1a:81:9d:d2:e1:66:dd:c4:cc:fc:63:04:ac:ec:
- a7:35
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Alternative Name:
- DNS:localhost, IP Address:127.0.0.1
- Signature Algorithm: sha256WithRSAEncryption
- 5f:e0:73:7b:5e:db:c0:8b:5e:4c:43:5f:80:94:ca:0b:f8:e9:
- 9b:93:91:3d:b1:3a:99:ce:1c:fb:15:32:68:3e:b9:9c:52:d0:
- 4b:7f:17:09:ec:af:6b:05:3e:e2:a3:e6:cc:bb:53:d7:ea:4a:
- 82:3c:4e:a5:37:ca:f4:1e:38:e2:d6:a5:98:4d:ee:b9:e2:9a:
- 48:d2:9f:0a:bc:61:42:70:22:b9:fb:cd:73:72:fb:94:13:ac:
- 6e:c5:b6:4b:24:ef:0f:df:2d:e6:56:da:b2:76:e8:16:be:7f:
- 3f:1b:99:6e:32:3e:b9:f4:2b:35:72:c7:e4:c6:a5:92:68:c0:
- 1f:a0:f7:17:fd:a3:b6:73:98:d3:ea:1c:af:ea:7d:f8:a0:27:
- 40:dc:4e:8b:13:28:ba:65:60:c5:90:57:e8:54:c1:83:b4:9d:
- f0:ae:2a:de:27:57:e5:a2:e5:f4:87:1c:df:6b:dc:7b:43:ff:
- b6:be:0b:3b:b2:8b:1a:36:dc:e3:57:aa:52:ef:23:d6:50:d7:
- e4:72:8f:a0:0a:43:de:3d:f2:42:5b:fa:ed:1f:8d:0e:cf:c5:
- 6a:ce:3b:8e:fd:6b:68:01:a9:f9:d2:0e:0d:ac:39:8d:f5:6c:
- 80:f8:49:af:bb:b9:d4:81:b9:f3:b2:b6:ce:75:1c:20:e8:6a:
- 53:dc:26:86
------BEGIN CERTIFICATE-----
-MIIDCTCCAfGgAwIBAgIJANegMncDqPw9MA0GCSqGSIb3DQEBCwUAMBExDzANBgNV
-BAMMBkNBUm9vdDAeFw0yMzAyMjIwNjI2MzNaFw0zMzAyMTkwNjI2MzNaMFcxCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRYwFAYDVQQL
-Ew1BcGFjaGUgUHVsc2FyMRIwEAYDVQQDEwlsb2NhbGhvc3QwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCvv7ctmK2d9tqjE9RiD5i+HKKJIrpv1f0fZ+OR
-A5iAgQ7t2PZwfyw2aD1T6lg6ptWJZku9HldxE21LEeVApXaEJJJAWICWyR8sxFXr
-o3lzcFw3montL7pr44J8aUoCVIuBXjy/TIrL6ixeg+e3EAhfglijidHakroqKO4w
-KD9brhBxlsfhEsWwGq1Eb0Q6EUqaPA+NBoB7NO8/bPRexURUHsjdx4CFgNlo5sZT
-A3fh/hhhB3cFTO1ZvF1BOGrvXaGyYJjUSCiVAooO/c97G9IRzBAMUHPXzDhsg915
-JqqQyJuEhrxZ6WJp9JgbxIB4fqAagZ3S4WbdxMz8YwSs7Kc1AgMBAAGjHjAcMBoG
-A1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAX+Bz
-e17bwIteTENfgJTKC/jpm5ORPbE6mc4c+xUyaD65nFLQS38XCeyvawU+4qPmzLtT
-1+pKgjxOpTfK9B444talmE3uueKaSNKfCrxhQnAiufvNc3L7lBOsbsW2SyTvD98t
-5lbasnboFr5/PxuZbjI+ufQrNXLH5MalkmjAH6D3F/2jtnOY0+ocr+p9+KAnQNxO
-ixMoumVgxZBX6FTBg7Sd8K4q3idX5aLl9Icc32vce0P/tr4LO7KLGjbc41eqUu8j
-1lDX5HKPoApD3j3yQlv67R+NDs/Fas47jv1raAGp+dIODaw5jfVsgPhJr7u51IG5
-87K2znUcIOhqU9wmhg==
------END CERTIFICATE-----
diff --git a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-key.pem b/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-key.pem
deleted file mode 100644
index 004bf8e21a7..00000000000
--- a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCvv7ctmK2d9tqj
-E9RiD5i+HKKJIrpv1f0fZ+ORA5iAgQ7t2PZwfyw2aD1T6lg6ptWJZku9HldxE21L
-EeVApXaEJJJAWICWyR8sxFXro3lzcFw3montL7pr44J8aUoCVIuBXjy/TIrL6ixe
-g+e3EAhfglijidHakroqKO4wKD9brhBxlsfhEsWwGq1Eb0Q6EUqaPA+NBoB7NO8/
-bPRexURUHsjdx4CFgNlo5sZTA3fh/hhhB3cFTO1ZvF1BOGrvXaGyYJjUSCiVAooO
-/c97G9IRzBAMUHPXzDhsg915JqqQyJuEhrxZ6WJp9JgbxIB4fqAagZ3S4WbdxMz8
-YwSs7Kc1AgMBAAECggEAAaWEK9MwXTiA1+JJrRmETtOp2isPIBkbI/4vLZ6hASM0
-ZpoPxQIMAf58BJs/dF03xu/EaeMs4oxSC9ABG9fxAk/tZtjta3w65Ip6W5jOfHxj
-AMpb3HMEBhq9kDjUTq1IGVAutYQcEMkC3WfS9e4ahfqMpguWgbu6LsbvZFgcL9mv
-pGnKv9YVe6Xk6isvqtq6G1af0rd7c//xF0i0e/qEo83Buok3gLEZOELZbcRxjUYc
-jnyglnXnwkGjuL4E3wgS3l73ZKsb6+AYoqhMPVz8t4/PN3tTrsBJKOSYo8KzIm0U
-ek9T8XmPbP0cuheRxp9Dp8TXJJQZK0N9jz+EL0ogQQKBgQDnavm8GpR4pap9cDOc
-+YI5s823b507pNdSU8elO9gLsP0JlFzv+sqghVko29r85D7Vn3MkgYTy0S4ANLCs
-0NFDY8N2QH6U1dTkk1QXZydVZDuKJ5SSpC4v+Vafl8yDxhB4Nlxhbm9vJEMfLcXh
-2kL6UlAuFDtYD0AdczwnHu5DjQKBgQDCauocm55FpcyDMMBO2CjurxcjBYS3S1xT
-Bz+sPtxJLjlKbAt8kSHUQcCcX9zhrQBfsT38LATCmKaOFqUW5/PPh2LcrxiMqlL1
-OJBUJ3Te2LTjlUn8r+DHv/69UIh5tchwRr3YgB0DuIs7jfmr4VfiOWTBtPVhoGFR
-1Wt60j30SQKBgHzreS26J2VNAFBALgxRf6OIVMbtgDG/FOCDCyU9vazp+F2gcd61
-QYYPFYcBzx9uUiDctroBFHRCyJMh3jEbc6ruAogl3m6XUxmkEeOkMk5dEerM3N2f
-tLL+5Gy385U6aI+LwKhzhcG4EGeXPNdjC362ykNldnddnB2Jo/H2N2XNAoGAdnft
-xpbxP+GDGKIZXTIM5zzcLWQMdiC+1n1BSHVZiGJZWMczzKknYw7aDq+/iekApE79
-xW8RS373ZvfXi3i2Mcx+6pjrrbOQL4tTL2SHq8+DknaDCi4mG7IbyUKMlxW1WO1S
-e929UGogtZ6S+DCte9WbVwosyFuRUetpvgLk67kCgYBWetihZjgBWrqVYT24TTRH
-KxzSzH1JgzzF9qgTdlhXDv9hC+Kc0uTKsgViesDqVuCOjkwzY5OQr9c6duO0fwwP
-qNk/qltdgjMC5iiv7duyukfbEuqKEdGGer9HFb7en96dZdVQJpYHaaslAGurtD80
-ejCQZgzR2XaHSuIQb0IUVQ==
------END PRIVATE KEY-----
diff --git a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/cacert.pem b/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/cacert.pem
deleted file mode 100644
index 4ed454ec52a..00000000000
--- a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/cacert.pem
+++ /dev/null
@@ -1,78 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 15358526754272834781 (0xd52472b5c5c3f4dd)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=CARoot
- Validity
- Not Before: Feb 22 06:26:32 2023 GMT
- Not After : Feb 19 06:26:32 2033 GMT
- Subject: CN=CARoot
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:d0:87:45:0b:b4:83:11:ab:5a:b4:b6:1c:15:d4:
- 92:6a:0c:ac:3b:76:da:ff:8d:61:1b:bd:96:bd:d7:
- b0:70:23:87:d4:00:19:b2:e5:63:b7:80:58:4a:a4:
- d8:a8:a6:4f:eb:c8:8c:54:07:f5:56:52:23:64:fc:
- 66:54:39:f1:33:d0:e5:cc:b6:40:c8:d7:9a:9f:0e:
- c4:aa:57:b0:b3:e2:41:61:54:ca:1f:90:3b:18:ef:
- 60:d2:dc:ee:34:29:33:08:1b:37:4b:c4:ca:7e:cb:
- 94:7f:50:c4:8d:16:2f:90:03:94:07:bf:cf:52:ff:
- 24:54:56:ac:74:6c:d3:31:8c:ce:ef:b3:14:5a:5b:
- 8a:0c:83:2d:e1:f7:4d:60:2f:a1:4d:85:38:96:7f:
- 01:2f:9a:99:c7:2e:3d:09:4d:5e:53:df:fd:29:9f:
- ff:6b:e4:c2:a1:e3:67:85:db:e2:02:4d:6f:29:d4:
- e1:b3:a2:34:71:e0:90:dd:3f:b3:3f:86:41:8c:97:
- 09:e6:c3:de:a0:0e:d3:d4:3e:ce:ea:58:70:e6:9f:
- 24:a8:19:ca:df:61:b8:9c:c3:4e:53:d0:69:96:44:
- 84:76:2b:99:65:08:06:42:d4:b2:76:a7:2f:69:12:
- d5:c2:65:a6:ff:2c:77:73:00:e7:97:a5:77:6b:8a:
- 9c:3f
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Subject Key Identifier:
- A7:55:6B:51:10:75:CE:4E:5B:0B:64:FF:A9:6D:23:FB:57:88:59:69
- X509v3 Authority Key Identifier:
- keyid:A7:55:6B:51:10:75:CE:4E:5B:0B:64:FF:A9:6D:23:FB:57:88:59:69
- DirName:/CN=CARoot
- serial:D5:24:72:B5:C5:C3:F4:DD
-
- Signature Algorithm: sha256WithRSAEncryption
- 21:b1:4d:2b:14:1e:5a:91:5d:28:9e:ba:cb:ed:f1:96:da:c3:
- fa:8d:b5:74:e4:c5:fb:2f:3e:39:b4:a6:59:69:dd:84:64:a8:
- f0:e0:39:d2:ef:87:cc:8b:09:9f:0a:84:1f:d0:96:9c:4b:64:
- ea:08:09:26:1c:84:f4:06:5f:5e:b9:ba:b3:3c:6c:81:e0:93:
- 46:89:07:51:95:36:77:96:76:5d:a6:68:71:bb:60:88:a7:83:
- 27:7c:66:5d:64:36:cb:8e:bd:02:f7:fb:52:63:83:2f:fe:57:
- 4c:d5:0c:1b:ea:ef:88:ad:8c:a9:d4:b3:2c:b8:c4:e2:90:cb:
- 0f:24:0e:df:fc:2a:c6:83:08:49:45:b0:41:85:0e:b4:6f:f7:
- 18:56:7b:a5:0b:f6:1b:7f:72:88:ee:c8:ef:b3:e3:3e:f0:68:
- 1b:c9:55:bb:4d:21:65:6b:9e:5c:dd:60:4b:7f:f1:84:f8:67:
- 51:c2:60:88:42:6e:6c:9c:14:b8:96:b0:18:10:97:2c:94:e7:
- 79:14:7b:d1:a2:a4:d8:94:84:ac:a9:ca:17:95:c2:27:8b:2b:
- d8:19:6a:14:4b:c3:03:a6:30:55:40:bd:ce:0c:c2:d5:af:7d:
- 6d:65:89:6b:74:ed:21:12:f1:aa:c9:c9:ba:da:9a:ca:14:6c:
- 39:f4:02:32
------BEGIN CERTIFICATE-----
-MIIDGjCCAgKgAwIBAgIJANUkcrXFw/TdMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV
-BAMMBkNBUm9vdDAeFw0yMzAyMjIwNjI2MzJaFw0zMzAyMTkwNjI2MzJaMBExDzAN
-BgNVBAMMBkNBUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANCH
-RQu0gxGrWrS2HBXUkmoMrDt22v+NYRu9lr3XsHAjh9QAGbLlY7eAWEqk2KimT+vI
-jFQH9VZSI2T8ZlQ58TPQ5cy2QMjXmp8OxKpXsLPiQWFUyh+QOxjvYNLc7jQpMwgb
-N0vEyn7LlH9QxI0WL5ADlAe/z1L/JFRWrHRs0zGMzu+zFFpbigyDLeH3TWAvoU2F
-OJZ/AS+amccuPQlNXlPf/Smf/2vkwqHjZ4Xb4gJNbynU4bOiNHHgkN0/sz+GQYyX
-CebD3qAO09Q+zupYcOafJKgZyt9huJzDTlPQaZZEhHYrmWUIBkLUsnanL2kS1cJl
-pv8sd3MA55eld2uKnD8CAwEAAaN1MHMwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUp1VrURB1zk5bC2T/qW0j+1eIWWkwQQYDVR0jBDowOIAUp1VrURB1zk5bC2T/
-qW0j+1eIWWmhFaQTMBExDzANBgNVBAMMBkNBUm9vdIIJANUkcrXFw/TdMA0GCSqG
-SIb3DQEBCwUAA4IBAQAhsU0rFB5akV0onrrL7fGW2sP6jbV05MX7Lz45tKZZad2E
-ZKjw4DnS74fMiwmfCoQf0JacS2TqCAkmHIT0Bl9eubqzPGyB4JNGiQdRlTZ3lnZd
-pmhxu2CIp4MnfGZdZDbLjr0C9/tSY4Mv/ldM1Qwb6u+IrYyp1LMsuMTikMsPJA7f
-/CrGgwhJRbBBhQ60b/cYVnulC/Ybf3KI7sjvs+M+8GgbyVW7TSFla55c3WBLf/GE
-+GdRwmCIQm5snBS4lrAYEJcslOd5FHvRoqTYlISsqcoXlcIniyvYGWoUS8MDpjBV
-QL3ODMLVr31tZYlrdO0hEvGqycm62prKFGw59AIy
------END CERTIFICATE-----
diff --git a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-cert.pem b/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-cert.pem
deleted file mode 100644
index 3cf236c4012..00000000000
--- a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-cert.pem
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 15537474201172114494 (0xd7a0327703a8fc3e)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=CARoot
- Validity
- Not Before: Feb 22 06:26:33 2023 GMT
- Not After : Feb 19 06:26:33 2033 GMT
- Subject: C=US, ST=CA, O=Apache, OU=Apache Pulsar, CN=superUser
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:cd:43:7d:98:40:f9:b0:5b:bc:ae:db:c0:0b:ad:
- 26:90:96:e0:62:38:ed:68:b1:70:46:3b:de:44:f9:
- 14:51:86:10:eb:ca:90:e7:88:e8:f9:91:85:e0:dd:
- b5:b4:14:b9:78:e3:86:d5:54:6d:68:ec:14:92:b4:
- f8:22:5b:05:3d:ed:31:25:65:08:05:84:ca:e6:0c:
- 21:12:58:32:c7:1a:60:a3:4f:d2:4a:9e:28:19:7c:
- 45:84:00:8c:89:dc:de:8a:e5:4f:88:91:cc:a4:f1:
- 81:45:4c:7d:c2:ff:e2:c1:89:c6:12:73:95:e2:36:
- bd:db:ae:8b:5a:68:6a:90:51:de:2b:88:5f:aa:67:
- f4:a8:e3:63:dc:be:19:82:cc:9d:7f:e6:8d:fb:82:
- be:22:01:3d:56:13:3b:5b:04:b4:e8:c5:18:e6:2e:
- 0d:fa:ba:4a:8d:e8:c6:5a:a1:51:9a:4a:62:d7:af:
- dd:b4:fc:e2:d5:cd:ae:99:6c:5c:61:56:0b:d7:0c:
- 1a:77:5c:f5:3a:6a:54:b5:9e:33:ac:a9:75:28:9a:
- 76:af:d0:7a:57:00:1b:91:13:31:fd:42:88:21:47:
- 05:10:01:2f:59:bb:c7:3a:d9:e1:58:4c:1b:6c:71:
- b6:98:ef:dd:03:82:58:a3:32:dc:90:a1:b6:a6:1e:
- e1:0b
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Alternative Name:
- DNS:localhost, IP Address:127.0.0.1
- Signature Algorithm: sha256WithRSAEncryption
- b8:fc:d3:8f:8a:e0:6b:74:57:e2:a3:79:b2:18:60:0b:2c:05:
- f9:e3:ae:dd:e9:ad:52:88:52:73:b4:12:b0:39:90:65:12:f5:
- 95:0e:5f:4b:f2:06:4a:57:ab:e1:f9:b1:34:68:83:d7:d7:5e:
- 69:0a:16:44:ea:1d:97:53:51:10:51:8b:ec:0a:b3:c8:a3:3d:
- 85:4d:f4:8f:7d:b3:b5:72:e4:9e:d7:f3:01:bf:66:e1:40:92:
- 54:63:16:b6:b5:66:ed:30:38:94:1d:1a:8f:28:34:27:ab:c9:
- 5f:d5:16:7e:e4:f5:93:d2:19:35:44:0a:c4:2e:6a:25:38:1d:
- ee:5a:c8:29:fa:96:dc:95:82:38:9e:36:3a:68:34:7b:4e:d9:
- fa:0d:b2:88:a2:6c:4f:03:18:a7:e3:41:67:38:de:e5:f6:ff:
- 2a:1c:f0:ec:1a:02:a7:e8:4e:3a:c3:04:72:f8:6a:4f:28:a6:
- cf:0b:a2:db:33:74:d1:10:9e:ec:b4:ac:f8:b1:24:f4:ef:0e:
- 05:e4:9d:1b:9a:40:f7:09:66:9c:9d:86:8b:76:96:46:e8:d1:
- dc:10:c7:7d:0b:69:41:dc:a7:8e:e3:a3:36:e3:42:63:93:8c:
- 91:80:0d:27:11:1c:2d:ae:fb:92:88:6c:6b:09:40:1a:30:dd:
- 8f:ac:0f:62
------BEGIN CERTIFICATE-----
-MIIDCTCCAfGgAwIBAgIJANegMncDqPw+MA0GCSqGSIb3DQEBCwUAMBExDzANBgNV
-BAMMBkNBUm9vdDAeFw0yMzAyMjIwNjI2MzNaFw0zMzAyMTkwNjI2MzNaMFcxCzAJ
-BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEPMA0GA1UEChMGQXBhY2hlMRYwFAYDVQQL
-Ew1BcGFjaGUgUHVsc2FyMRIwEAYDVQQDEwlzdXBlclVzZXIwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQDNQ32YQPmwW7yu28ALrSaQluBiOO1osXBGO95E
-+RRRhhDrypDniOj5kYXg3bW0FLl444bVVG1o7BSStPgiWwU97TElZQgFhMrmDCES
-WDLHGmCjT9JKnigZfEWEAIyJ3N6K5U+Ikcyk8YFFTH3C/+LBicYSc5XiNr3brota
-aGqQUd4riF+qZ/So42PcvhmCzJ1/5o37gr4iAT1WEztbBLToxRjmLg36ukqN6MZa
-oVGaSmLXr920/OLVza6ZbFxhVgvXDBp3XPU6alS1njOsqXUomnav0HpXABuREzH9
-QoghRwUQAS9Zu8c62eFYTBtscbaY790DglijMtyQobamHuELAgMBAAGjHjAcMBoG
-A1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAuPzT
-j4rga3RX4qN5shhgCywF+eOu3emtUohSc7QSsDmQZRL1lQ5fS/IGSler4fmxNGiD
-19deaQoWROodl1NREFGL7AqzyKM9hU30j32ztXLkntfzAb9m4UCSVGMWtrVm7TA4
-lB0ajyg0J6vJX9UWfuT1k9IZNUQKxC5qJTgd7lrIKfqW3JWCOJ42Omg0e07Z+g2y
-iKJsTwMYp+NBZzje5fb/Khzw7BoCp+hOOsMEcvhqTyimzwui2zN00RCe7LSs+LEk
-9O8OBeSdG5pA9wlmnJ2Gi3aWRujR3BDHfQtpQdynjuOjNuNCY5OMkYANJxEcLa77
-kohsawlAGjDdj6wPYg==
------END CERTIFICATE-----
diff --git a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-key.pem b/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-key.pem
deleted file mode 100644
index 3835b3eaccc..00000000000
--- a/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-key.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNQ32YQPmwW7yu
-28ALrSaQluBiOO1osXBGO95E+RRRhhDrypDniOj5kYXg3bW0FLl444bVVG1o7BSS
-tPgiWwU97TElZQgFhMrmDCESWDLHGmCjT9JKnigZfEWEAIyJ3N6K5U+Ikcyk8YFF
-TH3C/+LBicYSc5XiNr3brotaaGqQUd4riF+qZ/So42PcvhmCzJ1/5o37gr4iAT1W
-EztbBLToxRjmLg36ukqN6MZaoVGaSmLXr920/OLVza6ZbFxhVgvXDBp3XPU6alS1
-njOsqXUomnav0HpXABuREzH9QoghRwUQAS9Zu8c62eFYTBtscbaY790DglijMtyQ
-obamHuELAgMBAAECggEBALGnokJuqiz7mTj2NSdl+6TVEOuyPbiJKpV/J4cm1XEh
-ye9qaTQcCRhH3UmcWrG75jM9KevloLRY8A1x1/lUMhtA+XJWGTU9k6a8BLut3nT4
-3X87jNTMQgSczEXNe9WudmZcxhN7rVVtOOdTpt1pP0cnCWna5HTf0D8cuLvM975j
-r1YGTjKsCF1W+tp6ZAIIMfJkUI2qBRKvSxVCSs1vZBraox3yUVnq9oRLHxZZoqOd
-d51G5phRtn6ReVPBdT8fGUBEGg3jKxTu2/vLQMUyHy0hyCAM20gzOP4FIc2g+QZU
-y42byAuc89m0OrdRWsmzHCOxcq9DwY9npaz1RscR/2ECgYEA9bHJQ0Y1afpS5gn2
-KnXenRIw9oal1utQZnohCEJ4um+K/BCEHtDnI825LPNf34IKM2rSmssvHrYN51o0
-92j9lHHXsf6MVluwsTsIu8MtNaJ1BLt96dub4ScGT6vvzObKTwsajUfIHk+FNsKq
-zps8yh1q0qyyfAcvR82+Xr6JIsMCgYEA1d+RHGewi/Ub/GCG99A1KFKsgbiIJnWB
-IFmrcyPWignhzDUcw2SV9XqAzeK8EOIHNq3e5U/tkA7aCWxtLb5UsQ8xvmwQY2cy
-X2XvSdIhO4K2PgRLgjlzZ8RHSULglqyjB2i6TjwjFl8TsRzYr6JlV6+2cMujw4Bl
-g3a8gz071BkCgYBLP7BMkmw5kRliqxph1sffg3rLhmG0eU2elTkYtoMTVqZSnRxZ
-89FW/eMBCWkLo2BMbyMhlalQ1qFbgh1GyTkhBdzx/uwsZtiu7021dAmcq6z7ThE6
-VrBfPPyJ2jcPon/DxbrUGnAIGILMSsLVlGYB4RCehZYEto6chz8O9Xw60QKBgCnd
-us1BqviqwZC04JbQJie/j09RbS2CIQXRJ9PBNzUMXCwaVYgWP5ivI1mqQcBYTqsw
-fAqNi+aAUcQ4emLS+Ec0vzsUclzTDbRJAv+DZ8f7fWtEcfeLAYFVldLMiaRVJRDF
-OnsoIII3mGY6TFyNQKNanS8VXfheQQDsFFjoera5AoGBALXYEXkESXpw4LT6qJFz
-ktQuTZDfS6LtR14/+NkYL9c5wBC4Otkg4bNbT8xGlUjethRfpkm8xRTB6zfC1/p/
-Cg6YU1cwqlkRurAhE3PEv1dCc1IDbzou8xnwqHrd6sGPDQmQ3aEtU5eJhDZKIZfx
-nQqPGK92+Jtne7+W1mFZooxs
------END PRIVATE KEY-----
diff --git a/build/regenerate_certs_for_tests.sh b/build/regenerate_certs_for_tests.sh
index fff1c057060..9582a7496cd 100755
--- a/build/regenerate_certs_for_tests.sh
+++ b/build/regenerate_certs_for_tests.sh
@@ -68,13 +68,6 @@ reissue_certificate_no_subject \
$ROOT_DIR/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/no-subject-alt-key.pem \
$ROOT_DIR/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/no-subject-alt-cert.pem
-generate_ca
-cp ca-cert.pem $ROOT_DIR/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/cacert.pem
-reissue_certificate $ROOT_DIR/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-key.pem \
- $ROOT_DIR/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/broker-cert.pem
-reissue_certificate $ROOT_DIR/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-key.pem \
- $ROOT_DIR/bouncy-castle/bcfips-include-test/src/test/resources/authentication/tls/client-cert.pem
-
generate_ca
cp ca-cert.pem $ROOT_DIR/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-cacert.pem
reissue_certificate $ROOT_DIR/pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/broker-key.pem \
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
index 19a550457a4..0e4f1bccc81 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
@@ -63,7 +63,7 @@ public class BrokerAdminClientTlsAuthTest extends MockedPulsarServiceBaseTest {
conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setAuthenticationEnabled(true);
- conf.setSuperUserRoles(Set.of("superproxy", "broker.pulsar.apache.org"));
+ conf.setSuperUserRoles(Set.of("superproxy", "broker-localhost-SAN"));
conf.setAuthenticationProviders(
Set.of("org.apache.pulsar.broker.authentication.AuthenticationProviderTls"));
conf.setAuthorizationEnabled(true);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java
index 379b5cf63ff..49a3fd7ef1e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java
@@ -327,6 +327,9 @@ public class PulsarTestContext implements AutoCloseable {
*/
public Builder configCustomizer(Consumer<ServiceConfiguration> configCustomerizer) {
configCustomerizer.accept(svcConfig);
+ if (config != null) {
+ configCustomerizer.accept(config);
+ }
return this;
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
index b5a37d3fed9..3e34305c244 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
@@ -65,12 +65,6 @@ import org.testng.annotations.Test;
public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
private static final Logger log = LoggerFactory.getLogger(AuthenticatedProducerConsumerTest.class);
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
-
private final String BASIC_CONF_FILE_PATH = "./src/test/resources/authentication/basic/.htpasswd";
private final SecretKey SECRET_KEY = AuthTokenUtils.createSecretKey(SignatureAlgorithm.HS256);
@@ -89,9 +83,9 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(true);
conf.setTopicLevelPoliciesEnabled(false);
@@ -105,7 +99,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
conf.setBrokerClientTlsEnabled(true);
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
+ "tlsCertFile:" + getTlsFileForClient("admin.cert")
+ + ",tlsKeyFile:" + getTlsFileForClient("admin.key-pk8"));
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
@@ -127,7 +122,7 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
protected final void internalSetup(Authentication auth) throws Exception {
admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(true).authentication(auth)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).authentication(auth)
.build());
String lookupUrl;
// For http basic authentication test
@@ -137,7 +132,7 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
lookupUrl = pulsar.getBrokerServiceUrlTls();
}
replacePulsarClient(PulsarClient.builder().serviceUrl(lookupUrl).statsInterval(0, TimeUnit.SECONDS)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(true).authentication(auth)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).authentication(auth)
.enableTls(true));
}
@@ -189,8 +184,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
log.info("-- Starting {} test --", methodName);
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);
@@ -247,8 +242,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
log.info("-- Starting {} test --", methodName);
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);
@@ -292,8 +287,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
log.info("-- Starting {} test --", methodName);
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);
@@ -325,8 +320,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
log.info("-- Starting {} test --", methodName);
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);
@@ -363,8 +358,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
@Test
public void testDeleteAuthenticationPoliciesOfTopic() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);
@@ -425,7 +420,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
admin.clusters().deleteCluster("test");
}
- private final Authentication tlsAuth = new AuthenticationTls(TLS_CLIENT_CERT_FILE_PATH, TLS_CLIENT_KEY_FILE_PATH);
+ private final Authentication tlsAuth =
+ new AuthenticationTls(getTlsFileForClient("admin.cert"), getTlsFileForClient("admin.key-pk8"));
private final Authentication tokenAuth = new AuthenticationToken(ADMIN_TOKEN);
@DataProvider
@@ -455,10 +451,9 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
@Cleanup
PulsarClient client = PulsarClient.builder().serviceUrl(url.get())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
- .tlsKeyFilePath(TLS_CLIENT_KEY_FILE_PATH)
- .tlsCertificateFilePath(TLS_CLIENT_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
+ .tlsKeyFilePath(getTlsFileForClient("admin.key-pk8"))
+ .tlsCertificateFilePath(getTlsFileForClient("admin.cert"))
.authentication(auth)
.allowTlsInsecureConnection(false)
.enableTlsHostnameVerification(false)
@@ -471,8 +466,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
@Test
public void testCleanupEmptyTopicAuthenticationMap() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java
index 2b6201fa56a..65758aa522b 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticationTlsHostnameVerificationTest.java
@@ -47,17 +47,10 @@ public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerB
private final String TLS_MIM_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/broker-cert.pem";
private final String TLS_MIM_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/hn-verification/broker-key.pem";
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
-
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
-
private final String BASIC_CONF_FILE_PATH = "./src/test/resources/authentication/basic/.htpasswd";
private boolean hostnameVerificationEnabled = true;
- private String clientTrustCertFilePath = TLS_TRUST_CERT_FILE_PATH;
+ private String clientTrustCertFilePath = CA_CERT_FILE_PATH;
protected void setup() throws Exception {
super.internalSetup();
@@ -82,7 +75,8 @@ public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerB
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
+ "tlsCertFile:" + getTlsFileForClient("admin.cert")
+ + ",tlsKeyFile:" + getTlsFileForClient("admin.key-pk8"));
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
@@ -101,8 +95,8 @@ public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerB
protected void setupClient() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
@@ -151,11 +145,11 @@ public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerB
conf.setTopicLevelPoliciesEnabled(false);
conf.setWebServicePortTls(Optional.of(0));
conf.setAuthenticationProviders(Sets.newTreeSet(AuthenticationProviderTls.class.getName()));
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setTlsCertificateFilePath(TLS_MIM_SERVER_CERT_FILE_PATH);
conf.setTlsKeyFilePath(TLS_MIM_SERVER_KEY_FILE_PATH);
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_MIM_SERVER_KEY_FILE_PATH);
+ "tlsCertFile:" + getTlsFileForClient("admin.cert") + "," + "tlsKeyFile:" + TLS_MIM_SERVER_KEY_FILE_PATH);
setup();
@@ -193,9 +187,9 @@ public class AuthenticationTlsHostnameVerificationTest extends ProducerConsumerB
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
conf.setAuthenticationProviders(Sets.newTreeSet(AuthenticationProviderTls.class.getName()));
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTopicLevelPoliciesEnabled(false);
setup();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java
index 186bf9d736e..c9b243257c4 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java
@@ -37,15 +37,9 @@ import org.testng.annotations.Test;
@Test(groups = "broker-api")
public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
-
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
private final Authentication authenticationTls =
- new AuthenticationTls(TLS_CLIENT_CERT_FILE_PATH, TLS_CLIENT_KEY_FILE_PATH);
+ new AuthenticationTls(getTlsFileForClient("admin.cert"), getTlsFileForClient("admin.key-pk8"));
@Override
protected void doInitConf() throws Exception {
@@ -57,17 +51,18 @@ public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setTlsAllowInsecureConnection(false);
conf.setBrokerClientTlsEnabled(true);
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
- conf.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ "tlsCertFile:" + getTlsFileForClient("admin.cert")
+ + ",tlsKeyFile:" + getTlsFileForClient("admin.key-pk8"));
+ conf.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
}
@BeforeClass(alwaysRun = true)
@@ -94,7 +89,7 @@ public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
@Cleanup
PulsarAdmin pulsarAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsar().getWebServiceAddressTls())
.sslProvider("JDK")
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.build();
pulsarAdmin.clusters().getClusters();
}
@@ -105,7 +100,7 @@ public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
PulsarAdmin pulsarAdmin = PulsarAdmin.builder().serviceHttpUrl(getPulsar().getWebServiceAddressTls())
.sslProvider("JDK")
.authentication(authenticationTls)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.build();
pulsarAdmin.clusters().getClusters();
}
@@ -139,7 +134,7 @@ public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
PulsarClient pulsarClient = PulsarClient.builder().serviceUrl(getPulsar().getBrokerServiceUrlTls())
.sslProvider("JDK")
.operationTimeout(3, TimeUnit.SECONDS)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.build();
@Cleanup
Producer<byte[]> ignored = pulsarClient.newProducer().topic(UUID.randomUUID().toString()).create();
@@ -152,7 +147,7 @@ public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
.sslProvider("JDK")
.operationTimeout(3, TimeUnit.SECONDS)
.authentication(authenticationTls)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.build();
@Cleanup
Producer<byte[]> ignored = pulsarClient.newProducer().topic(UUID.randomUUID().toString()).create();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProducerConsumerBase.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProducerConsumerBase.java
index ca58bddf13c..f58c1fa26af 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProducerConsumerBase.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProducerConsumerBase.java
@@ -31,11 +31,6 @@ import org.testng.Assert;
import org.testng.annotations.BeforeMethod;
public abstract class ProducerConsumerBase extends MockedPulsarServiceBaseTest {
- protected final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- protected final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- protected final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
- protected final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- protected final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
protected String methodName;
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProxyProtocolTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProxyProtocolTest.java
index 7f632d5a764..19009689dc8 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProxyProtocolTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ProxyProtocolTest.java
@@ -45,11 +45,11 @@ public class ProxyProtocolTest extends TlsProducerConsumerBase {
String topicName = "persistent://my-property/use/my-ns/my-topic1";
ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(brokerServiceUrl)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
.proxyServiceUrl(proxyUrl, ProxyProtocol.SNI).operationTimeout(1000, TimeUnit.MILLISECONDS);
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
clientBuilder.authentication(AuthenticationTls.class.getName(), authParams);
@Cleanup
@@ -68,11 +68,11 @@ public class ProxyProtocolTest extends TlsProducerConsumerBase {
String topicName = "persistent://my-property/use/my-ns/my-topic1";
ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(brokerServiceUrl)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
.proxyServiceUrl(proxyUrl, ProxyProtocol.SNI).operationTimeout(1000, TimeUnit.MILLISECONDS);
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
clientBuilder.authentication(AuthenticationTls.class.getName(), authParams);
@Cleanup
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsHostVerificationTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsHostVerificationTest.java
index 95a78d7ffce..fff61c5c8c9 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsHostVerificationTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsHostVerificationTest.java
@@ -21,6 +21,7 @@ package org.apache.pulsar.client.api;
import java.util.HashMap;
import java.util.Map;
+import org.apache.pulsar.broker.testcontext.PulsarTestContext;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.client.impl.auth.AuthenticationTls;
@@ -30,21 +31,38 @@ import org.testng.annotations.Test;
@Test(groups = "broker-api")
public class TlsHostVerificationTest extends TlsProducerConsumerBase {
+ @Override
+ @Test(enabled = false)
+ protected void customizeMainPulsarTestContextBuilder(PulsarTestContext.Builder builder) {
+ builder.configCustomizer(config -> {
+ // Advertise a hostname that routes but is not on the certificate
+ // Note that if you are on a Mac, you'll need to run the following to make loopback work for 127.0.0.2
+ // $ sudo ifconfig lo0 alias 127.0.0.2 up
+ config.setAdvertisedAddress("127.0.0.2");
+ });
+ }
+
@Test
public void testTlsHostVerificationAdminClient() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
- String websocketTlsAddress = pulsar.getWebServiceAddressTls();
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
+ Assert.assertTrue(pulsar.getWebServiceAddressTls().startsWith("https://127.0.0.2:"),
+ "Test relies on this address");
PulsarAdmin adminClientTls = PulsarAdmin.builder()
- .serviceHttpUrl(websocketTlsAddress.replace("localhost", "127.0.0.1"))
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false)
+ .serviceHttpUrl(pulsar.getWebServiceAddressTls())
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).allowTlsInsecureConnection(false)
.authentication(AuthenticationTls.class.getName(), authParams).enableTlsHostnameVerification(true)
+ .requestTimeout(1, java.util.concurrent.TimeUnit.SECONDS)
.build();
try {
adminClientTls.tenants().getTenants();
Assert.fail("Admin call should be failed due to hostnameVerification enabled");
+ } catch (PulsarAdminException.TimeoutException e) {
+ // The test was previously able to fail here, but that is not the right way for the test to pass.
+ // If you hit this error and are running on OSX, you may need to run "sudo ifconfig lo0 alias 127.0.0.2 up"
+ Assert.fail("Admin call should not timeout, it should fail due to SSL error");
} catch (PulsarAdminException e) {
// Ok
}
@@ -53,11 +71,13 @@ public class TlsHostVerificationTest extends TlsProducerConsumerBase {
@Test
public void testTlsHostVerificationDisabledAdminClient() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
+ Assert.assertTrue(pulsar.getWebServiceAddressTls().startsWith("https://127.0.0.2:"),
+ "Test relies on this address");
PulsarAdmin adminClient = PulsarAdmin.builder()
.serviceHttpUrl(pulsar.getWebServiceAddressTls())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).allowTlsInsecureConnection(false)
.authentication(AuthenticationTls.class.getName(), authParams).enableTlsHostnameVerification(false)
.build();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerBase.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerBase.java
index 6a2109836a2..39bab20d97d 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerBase.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerBase.java
@@ -38,11 +38,6 @@ import org.testng.annotations.Test;
@Test(groups = "broker-api")
public abstract class TlsProducerConsumerBase extends ProducerConsumerBase {
- protected final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- protected final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- protected final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
- protected final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- protected final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
private final String clusterName = "use";
@BeforeMethod
@@ -64,9 +59,9 @@ public abstract class TlsProducerConsumerBase extends ProducerConsumerBase {
protected void internalSetUpForBroker() {
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setClusterName(clusterName);
conf.setTlsRequireTrustedClientCertOnConnect(true);
Set<String> tlsProtocols = Sets.newConcurrentHashSet();
@@ -81,12 +76,12 @@ public abstract class TlsProducerConsumerBase extends ProducerConsumerBase {
pulsarClient.close();
}
ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(lookupUrl)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).enableTls(true).allowTlsInsecureConnection(false)
.operationTimeout(1000, TimeUnit.MILLISECONDS);
if (addCertificates) {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
clientBuilder.authentication(AuthenticationTls.class.getName(), authParams);
}
replacePulsarClient(clientBuilder);
@@ -94,15 +89,15 @@ public abstract class TlsProducerConsumerBase extends ProducerConsumerBase {
protected void internalSetUpForNamespace() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
if (admin != null) {
admin.close();
}
admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).allowTlsInsecureConnection(false)
.authentication(AuthenticationTls.class.getName(), authParams).build());
admin.clusters().createCluster(clusterName,
ClusterData.builder()
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerTest.java
index 0563fc3b9da..879289eb65d 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsProducerConsumerTest.java
@@ -146,9 +146,9 @@ public class TlsProducerConsumerTest extends TlsProducerConsumerBase {
.operationTimeout(1000, TimeUnit.MILLISECONDS);
AtomicInteger index = new AtomicInteger(0);
- ByteArrayInputStream certStream = createByteInputStream(TLS_CLIENT_CERT_FILE_PATH);
- ByteArrayInputStream keyStream = createByteInputStream(TLS_CLIENT_KEY_FILE_PATH);
- ByteArrayInputStream trustStoreStream = createByteInputStream(TLS_TRUST_CERT_FILE_PATH);
+ ByteArrayInputStream certStream = createByteInputStream(getTlsFileForClient("admin.cert"));
+ ByteArrayInputStream keyStream = createByteInputStream(getTlsFileForClient("admin.key-pk8"));
+ ByteArrayInputStream trustStoreStream = createByteInputStream(CA_CERT_FILE_PATH);
Supplier<ByteArrayInputStream> certProvider = () -> getStream(index, certStream);
Supplier<ByteArrayInputStream> keyProvider = () -> getStream(index, keyStream);
@@ -203,9 +203,9 @@ public class TlsProducerConsumerTest extends TlsProducerConsumerBase {
AtomicInteger certIndex = new AtomicInteger(1);
AtomicInteger keyIndex = new AtomicInteger(0);
AtomicInteger trustStoreIndex = new AtomicInteger(1);
- ByteArrayInputStream certStream = createByteInputStream(TLS_CLIENT_CERT_FILE_PATH);
- ByteArrayInputStream keyStream = createByteInputStream(TLS_CLIENT_KEY_FILE_PATH);
- ByteArrayInputStream trustStoreStream = createByteInputStream(TLS_TRUST_CERT_FILE_PATH);
+ ByteArrayInputStream certStream = createByteInputStream(getTlsFileForClient("admin.cert"));
+ ByteArrayInputStream keyStream = createByteInputStream(getTlsFileForClient("admin.key-pk8"));
+ ByteArrayInputStream trustStoreStream = createByteInputStream(CA_CERT_FILE_PATH);
Supplier<ByteArrayInputStream> certProvider = () -> getStream(certIndex, certStream,
keyStream/* invalid cert file */);
Supplier<ByteArrayInputStream> keyProvider = () -> getStream(keyIndex, keyStream);
@@ -252,7 +252,8 @@ public class TlsProducerConsumerTest extends TlsProducerConsumerBase {
return streams[index.intValue()];
}
- private final Authentication tlsAuth = new AuthenticationTls(TLS_CLIENT_CERT_FILE_PATH, TLS_CLIENT_KEY_FILE_PATH);
+ private final Authentication tlsAuth =
+ new AuthenticationTls(getTlsFileForClient("admin.cert"), getTlsFileForClient("admin.key-pk8"));
@DataProvider
public Object[] tlsTransport() {
@@ -276,13 +277,14 @@ public class TlsProducerConsumerTest extends TlsProducerConsumerBase {
internalSetUpForNamespace();
ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(url.get())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.allowTlsInsecureConnection(false)
.enableTlsHostnameVerification(false)
.authentication(auth);
if (auth == null) {
- clientBuilder.tlsKeyFilePath(TLS_CLIENT_KEY_FILE_PATH).tlsCertificateFilePath(TLS_CLIENT_CERT_FILE_PATH);
+ clientBuilder.tlsKeyFilePath(getTlsFileForClient("admin.key-pk8"))
+ .tlsCertificateFilePath(getTlsFileForClient("admin.cert"));
}
@Cleanup
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsSniTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsSniTest.java
index fd722e52e5f..173fa8acb0f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsSniTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TlsSniTest.java
@@ -50,12 +50,12 @@ public class TlsSniTest extends TlsProducerConsumerBase {
brokerServiceUrlTls.getPort());
ClientBuilder clientBuilder = PulsarClient.builder().serviceUrl(brokerServiceIpAddressUrl)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(false)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).allowTlsInsecureConnection(false)
.enableTlsHostnameVerification(false)
.operationTimeout(1000, TimeUnit.MILLISECONDS);
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
clientBuilder.authentication(AuthenticationTls.class.getName(), authParams);
@Cleanup
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TokenExpirationProduceConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TokenExpirationProduceConsumerTest.java
index e955a9ae706..4fc0d315d22 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TokenExpirationProduceConsumerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/TokenExpirationProduceConsumerTest.java
@@ -101,9 +101,9 @@ public class TokenExpirationProduceConsumerTest extends TlsProducerConsumerBase
protected void internalSetUpForBroker() {
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setClusterName(configClusterName);
conf.setAuthenticationRefreshCheckSeconds(1);
conf.setTlsRequireTrustedClientCertOnConnect(false);
@@ -121,7 +121,7 @@ public class TokenExpirationProduceConsumerTest extends TlsProducerConsumerBase
private PulsarClient getClient(String token) throws Exception {
ClientBuilder clientBuilder = PulsarClient.builder()
.serviceUrl(pulsar.getBrokerServiceUrlTls())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.enableTls(true)
.allowTlsInsecureConnection(false)
.enableTlsHostnameVerification(true)
@@ -132,7 +132,7 @@ public class TokenExpirationProduceConsumerTest extends TlsProducerConsumerBase
private PulsarAdmin getAdmin(String token) throws Exception {
PulsarAdminBuilder clientBuilder = PulsarAdmin.builder().serviceHttpUrl(pulsar.getWebServiceAddressTls())
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.allowTlsInsecureConnection(false)
.authentication(AuthenticationToken.class.getName(),"token:" +token)
.enableTlsHostnameVerification(true);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionLocalRunTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionLocalRunTest.java
index c832cba163d..aa190cd2e0a 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionLocalRunTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionLocalRunTest.java
@@ -89,6 +89,7 @@ import org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactoryConfig;
import org.apache.pulsar.functions.utils.FunctionCommon;
import org.apache.pulsar.io.core.Sink;
import org.apache.pulsar.io.core.SinkContext;
+import org.apache.pulsar.utils.ResourceUtils;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -121,11 +122,16 @@ public class PulsarFunctionLocalRunTest {
private static final String CLUSTER = "local";
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
+ private final String TLS_SERVER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ private final String TLS_SERVER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ private final String TLS_CLIENT_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
+ private final String TLS_CLIENT_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
+ private final String TLS_TRUST_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
private static final String SYSTEM_PROPERTY_NAME_NAR_FILE_PATH = "pulsar-io-data-generator.nar.path";
private PulsarFunctionTestTemporaryDirectory tempDirectory;
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionPublishTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionPublishTest.java
index 6fa7172773c..7bcf1dec871 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionPublishTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionPublishTest.java
@@ -71,6 +71,7 @@ import org.apache.pulsar.common.util.FutureUtil;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactory;
import org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactoryConfig;
+import org.apache.pulsar.utils.ResourceUtils;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
@@ -99,11 +100,16 @@ public class PulsarFunctionPublishTest {
String primaryHost;
String workerId;
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
+ private final String TLS_SERVER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ private final String TLS_SERVER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ private final String TLS_CLIENT_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
+ private final String TLS_CLIENT_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
+ private final String TLS_TRUST_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
private PulsarFunctionTestTemporaryDirectory tempDirectory;
@DataProvider(name = "validRoleName")
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/io/AbstractPulsarE2ETest.java b/pulsar-broker/src/test/java/org/apache/pulsar/io/AbstractPulsarE2ETest.java
index 19de771a568..f968315a712 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/io/AbstractPulsarE2ETest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/io/AbstractPulsarE2ETest.java
@@ -62,6 +62,7 @@ import org.apache.pulsar.functions.worker.PulsarFunctionTestTemporaryDirectory;
import org.apache.pulsar.functions.worker.PulsarWorkerService;
import org.apache.pulsar.functions.worker.WorkerConfig;
import org.apache.pulsar.functions.worker.WorkerService;
+import org.apache.pulsar.utils.ResourceUtils;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
import org.awaitility.Awaitility;
import org.slf4j.Logger;
@@ -75,11 +76,16 @@ public abstract class AbstractPulsarE2ETest {
public static final Logger log = LoggerFactory.getLogger(AbstractPulsarE2ETest.class);
- protected final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- protected final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
- protected final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- protected final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
- protected final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
+ protected final String TLS_SERVER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ protected final String TLS_SERVER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ protected final String TLS_CLIENT_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
+ protected final String TLS_CLIENT_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
+ protected final String TLS_TRUST_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
protected final String tenant = "external-repl-prop";
protected LocalBookkeeperEnsemble bkEnsemble;
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionAdminTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionAdminTest.java
index ec17382062c..22b9ad0df3a 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionAdminTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionAdminTest.java
@@ -51,6 +51,7 @@ import org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactoryConfig;
import org.apache.pulsar.functions.worker.PulsarWorkerService;
import org.apache.pulsar.functions.worker.WorkerConfig;
import org.apache.pulsar.functions.worker.WorkerService;
+import org.apache.pulsar.utils.ResourceUtils;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -77,10 +78,16 @@ public class PulsarFunctionAdminTest {
String pulsarFunctionsNamespace = tenant + "/pulsar-function-admin";
String primaryHost;
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
+ private final String TLS_SERVER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ private final String TLS_SERVER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ private final String TLS_CLIENT_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
+ private final String TLS_CLIENT_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
+ private final String TLS_TRUST_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
private static final Logger log = LoggerFactory.getLogger(PulsarFunctionAdminTest.class);
@@ -113,8 +120,7 @@ public class PulsarFunctionAdminTest {
config.setAuthenticationProviders(providers);
config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- config.setTlsAllowInsecureConnection(true);
-
+ config.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
functionsWorkerService = createPulsarFunctionWorker(config);
Optional<WorkerService> functionWorkerService = Optional.of(functionsWorkerService);
@@ -132,7 +138,6 @@ public class PulsarFunctionAdminTest {
PulsarAdmin.builder()
.serviceHttpUrl(pulsar.getWebServiceAddressTls())
.tlsTrustCertsFilePath(TLS_CLIENT_CERT_FILE_PATH)
- .allowTlsInsecureConnection(true)
.authentication(authTls)
.build());
@@ -203,7 +208,6 @@ public class PulsarFunctionAdminTest {
workerConfig.setBrokerClientAuthenticationParameters(
String.format("tlsCertFile:%s,tlsKeyFile:%s", TLS_CLIENT_CERT_FILE_PATH, TLS_CLIENT_KEY_FILE_PATH));
workerConfig.setUseTls(true);
- workerConfig.setTlsAllowInsecureConnection(true);
workerConfig.setTlsTrustCertsFilePath(TLS_CLIENT_CERT_FILE_PATH);
PulsarWorkerService workerService = new PulsarWorkerService();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionTlsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionTlsTest.java
index 5de3d4f7e08..810ac69ac3e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionTlsTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/io/PulsarFunctionTlsTest.java
@@ -66,6 +66,7 @@ import org.apache.pulsar.functions.worker.PulsarWorkerService;
import org.apache.pulsar.functions.worker.PulsarWorkerService.PulsarClientCreator;
import org.apache.pulsar.functions.worker.WorkerConfig;
import org.apache.pulsar.functions.worker.rest.WorkerServer;
+import org.apache.pulsar.utils.ResourceUtils;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -90,10 +91,16 @@ public class PulsarFunctionTlsTest {
PulsarAdmin functionAdmin;
private final List<String> namespaceList = new LinkedList<>();
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
+ private final String TLS_SERVER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ private final String TLS_SERVER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ private final String TLS_CLIENT_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
+ private final String TLS_CLIENT_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
+ private final String TLS_TRUST_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
private static final Logger log = LoggerFactory.getLogger(PulsarFunctionTlsTest.class);
private PulsarFunctionTestTemporaryDirectory tempDirectory;
@@ -121,7 +128,7 @@ public class PulsarFunctionTlsTest {
config.setAuthenticationProviders(providers);
config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- config.setTlsAllowInsecureConnection(true);
+ config.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
config.setAdvertisedAddress("localhost");
PulsarAdmin admin = mock(PulsarAdmin.class);
@@ -163,7 +170,7 @@ public class PulsarFunctionTlsTest {
authTls.configure(authParams);
functionAdmin = PulsarAdmin.builder().serviceHttpUrl(functionTlsUrl)
- .tlsTrustCertsFilePath(TLS_CLIENT_CERT_FILE_PATH).allowTlsInsecureConnection(true)
+ .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
.authentication(authTls).build();
Thread.sleep(100);
@@ -217,7 +224,7 @@ public class PulsarFunctionTlsTest {
String.format("tlsCertFile:%s,tlsKeyFile:%s", TLS_CLIENT_CERT_FILE_PATH, TLS_CLIENT_KEY_FILE_PATH));
workerConfig.setUseTls(true);
workerConfig.setTlsAllowInsecureConnection(true);
- workerConfig.setTlsTrustCertsFilePath(TLS_CLIENT_CERT_FILE_PATH);
+ workerConfig.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
workerConfig.setWorkerPortTls(0);
workerConfig.setTlsEnabled(true);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
index 3ee9b6127de..91cd4fab470 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/websocket/proxy/ProxyPublishConsumeTlsTest.java
@@ -64,12 +64,13 @@ public class ProxyPublishConsumeTlsTest extends TlsProducerConsumerBase {
config.setWebServicePort(Optional.of(0));
config.setWebServicePortTls(Optional.of(0));
config.setBrokerClientTlsEnabled(true);
- config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- config.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
- config.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ config.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ config.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ config.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ config.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
config.setClusterName("use");
- config.setBrokerClientAuthenticationParameters("tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + ",tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
+ config.setBrokerClientAuthenticationParameters("tlsCertFile:" + getTlsFileForClient("admin.cert") +
+ ",tlsKeyFile:" + getTlsFileForClient("admin.key-pk8"));
config.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
config.setConfigurationMetadataStoreUrl(GLOBAL_DUMMY_VALUE);
service = spyWithClassAndConstructorArgs(WebSocketService.class, config);
@@ -103,7 +104,7 @@ public class ProxyPublishConsumeTlsTest extends TlsProducerConsumerBase {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setSslContext(SecurityUtility
- .createSslContext(false, SecurityUtility.loadCertificatesFromPemFile(TLS_TRUST_CERT_FILE_PATH), null));
+ .createSslContext(false, SecurityUtility.loadCertificatesFromPemFile(CA_CERT_FILE_PATH), null));
WebSocketClient consumeClient = new WebSocketClient(sslContextFactory);
SimpleConsumerSocket consumeSocket = new SimpleConsumerSocket();
diff --git a/tests/certificate-authority/.gitignore b/tests/certificate-authority/.gitignore
new file mode 100644
index 00000000000..de3be754636
--- /dev/null
+++ b/tests/certificate-authority/.gitignore
@@ -0,0 +1,3 @@
+# Files generated when running openssl
+*.old
+*.attr
diff --git a/tests/certificate-authority/README.md b/tests/certificate-authority/README.md
index 008120a35f4..02ebbdf9258 100644
--- a/tests/certificate-authority/README.md
+++ b/tests/certificate-authority/README.md
@@ -3,23 +3,33 @@
Generated based on instructions from https://jamielinux.com/docs/openssl-certificate-authority/introduction.html,
though the intermediate CA has been omitted for simplicity.
-The environment variable, CA_HOME, must be set to point to the directory
-containing this file before running any openssl commands.
+The following commands must be run in the same directory as this README due to the configuration for the openssl.cnf file.
The password for the CA private key is ```PulsarTesting```.
## Generating server keys
-In this example, we're generating a key for the broker.
+In this example, we're generating a key for the broker and the proxy. If there is a need to create them again, a new
+CN will need to be used because we have the index.txt database in this directory. It's also possible that we could
+remove this file and start over. At the time of adding this change, I didn't see a need to change the paradigm.
-The common name when generating the CSR should be the domain name of the broker.
+The common name when generating the CSR used to be the domain name of the broker. However, now we rely on the Subject
+Alternative Name, or the SAN, to be the domain name. This is because the CN is deprecated in the certificate spec. The
+[openssl.cnf](openssl.cnf) file has been updated to reflect this change. The proxy and the broker have the following
+SAN: ```DNS:localhost, IP:127.0.0.1```.
```bash
openssl genrsa -out server-keys/broker.key.pem 2048
-openssl req -config openssl.cnf -key server-keys/broker.key.pem -new -sha256 -out server-keys/broker.csr.pem
-openssl ca -config openssl.cnf -extensions server_cert \
- -days 100000 -notext -md sha256 -in server-keys/broker.csr.pem -out server-keys/broker.cert.pem
+openssl req -config openssl.cnf -subj "/CN=broker-localhost-SAN" -key server-keys/broker.key.pem -new -sha256 -out server-keys/broker.csr.pem
+openssl ca -config openssl.cnf -extensions broker_cert -days 100000 -md sha256 -in server-keys/broker.csr.pem \
+ -out server-keys/broker.cert.pem -batch -key PulsarTesting
openssl pkcs8 -topk8 -inform PEM -outform PEM -in server-keys/broker.key.pem -out server-keys/broker.key-pk8.pem -nocrypt
+
+openssl genrsa -out server-keys/proxy.key.pem 2048
+openssl req -config openssl.cnf -subj "/CN=proxy-localhost-SAN" -key server-keys/proxy.key.pem -new -sha256 -out server-keys/proxy.csr.pem
+openssl ca -config openssl.cnf -extensions proxy_cert -days 100000 -md sha256 -in server-keys/proxy.csr.pem \
+ -out server-keys/proxy.cert.pem -batch -key PulsarTesting
+openssl pkcs8 -topk8 -inform PEM -outform PEM -in server-keys/proxy.key.pem -out server-keys/proxy.key-pk8.pem -nocrypt
```
You need to configure the server with broker.key-pk8.pem and broker.cert.pem.
diff --git a/tests/certificate-authority/index.txt b/tests/certificate-authority/index.txt
index 376f86725c2..acb5eed051c 100644
--- a/tests/certificate-authority/index.txt
+++ b/tests/certificate-authority/index.txt
@@ -5,3 +5,5 @@ V 22920409135604Z 1003 unknown /CN=proxy
V 22920410132517Z 1004 unknown /CN=superproxy
V 22920411084025Z 1005 unknown /CN=user1
V 22960802101401Z 1006 unknown /CN=proxy.pulsar.apache.org
+V 22970222155018Z 1007 unknown /CN=broker-localhost-SAN
+V 22970222155019Z 1008 unknown /CN=proxy-localhost-SAN
diff --git a/tests/certificate-authority/newcerts/1007.pem b/tests/certificate-authority/newcerts/1007.pem
new file mode 100644
index 00000000000..4237719f20e
--- /dev/null
+++ b/tests/certificate-authority/newcerts/1007.pem
@@ -0,0 +1,111 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4103 (0x1007)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=foobar
+ Validity
+ Not Before: May 10 15:50:18 2023 GMT
+ Not After : Feb 22 15:50:18 2297 GMT
+ Subject: CN=broker-localhost-SAN
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:de:d1:da:bb:91:b3:16:c4:b2:e8:89:30:9e:c1:
+ 5e:0b:cf:db:c4:c3:d9:b1:af:40:a5:0b:38:36:1b:
+ 14:fe:0f:22:9c:e6:59:6a:15:5b:db:f6:f7:f3:a5:
+ 02:29:94:7a:d2:0c:67:ad:aa:63:62:7e:fc:58:11:
+ 29:48:b8:3c:91:b2:73:7e:12:6b:f2:ea:36:77:0f:
+ 15:9b:46:95:ce:73:15:8d:c8:d9:97:57:03:90:33:
+ 2d:7d:f3:ee:e5:01:6d:d8:c6:da:ab:07:b9:dd:1c:
+ e0:4b:ce:6a:de:a8:d2:e3:c1:52:6d:83:3a:0a:f0:
+ ed:cf:f7:56:6a:87:0e:73:e3:12:82:2b:65:ab:d8:
+ a9:44:5b:4a:2f:a5:92:94:32:f1:a1:e4:af:18:0f:
+ 0f:18:60:cd:f7:d0:9d:03:9f:d7:e9:a8:60:54:bb:
+ 3b:9a:05:db:fd:38:04:3c:b4:23:41:16:6c:7c:3b:
+ d9:b6:e0:2f:bd:cb:62:55:1b:e8:d0:8f:43:76:ef:
+ 55:86:cf:25:c3:bc:ae:e3:46:50:89:f7:71:ad:06:
+ 5e:28:e6:f6:f0:76:27:ea:7e:1b:67:53:39:26:20:
+ 19:18:82:b1:11:5f:ea:91:c2:e3:d3:f6:5a:c7:fd:
+ 61:a2:92:de:7d:7c:da:6d:e8:bf:39:52:10:31:60:
+ 4b:e1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Server
+ Netscape Comment:
+ OpenSSL Generated Server Certificate
+ X509v3 Subject Key Identifier:
+ 17:07:3B:AA:85:83:B5:04:83:EC:B2:6C:1E:3A:F0:F5:59:AA:61:28
+ X509v3 Subject Alternative Name:
+ DNS:localhost, DNS:unresolvable-broker-address, IP Address:127.0.0.1
+ X509v3 Authority Key Identifier:
+ keyid:57:0B:E9:CB:23:E8:BF:47:3E:50:7A:3F:45:7E:A1:18:43:9D:15:27
+ DirName:/CN=foobar
+ serial:D7:E2:87:4F:A0:79:E2:0C
+
+ X509v3 Key Usage: critical
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ Signature Algorithm: sha256WithRSAEncryption
+ e4:27:61:e2:0f:b6:a0:ca:9f:ce:e3:53:0b:44:ab:86:a1:e2:
+ 4d:88:e1:7d:2e:b0:aa:32:96:2b:3d:da:60:70:6a:c3:62:c5:
+ 76:f2:8f:0d:16:31:f2:ad:e5:2f:43:f3:cb:e4:fa:95:6c:20:
+ 81:33:1a:c7:5a:55:57:c9:ab:ca:66:45:30:58:00:db:e8:51:
+ c9:2c:a9:72:c1:18:f5:01:87:9f:73:20:85:6c:e5:6c:3f:c9:
+ 67:b4:f0:20:e5:ed:e2:4a:08:0b:af:68:43:e5:a9:c7:e1:39:
+ e8:b5:49:cb:47:4a:6d:e5:16:ae:88:92:13:85:8e:42:1e:0a:
+ eb:59:ed:a7:c1:9b:bc:4b:7b:99:f8:1d:f0:d7:1d:90:c9:cf:
+ 86:6a:d3:10:d0:36:e4:f5:b9:33:79:c7:a2:68:31:f7:bb:8d:
+ 1e:d6:33:79:bd:e7:0e:4f:4d:e9:2e:15:04:4f:6b:4b:2e:93:
+ 28:72:d1:0e:aa:ee:e6:ef:68:be:58:2b:cc:56:01:27:16:f9:
+ 34:8e:66:86:27:0a:b0:fb:32:56:a9:8a:d9:6f:b1:86:bd:ba:
+ fd:50:6c:d5:b2:54:e7:4e:c6:2d:19:88:a9:89:2c:ef:be:08:
+ 0d:2b:49:91:0b:09:42:64:06:a3:9d:d7:94:ed:e8:74:74:48:
+ 43:57:41:6f:e5:06:98:46:1d:c5:60:9c:69:f8:fb:fe:a6:01:
+ 4a:35:be:21:36:c2:a3:44:c8:c4:2c:21:09:f4:28:9a:ad:a0:
+ 97:1e:00:29:cc:0f:26:fa:59:21:25:c0:9e:fa:22:53:67:6d:
+ ab:a6:56:08:fd:37:1d:69:fe:ef:6f:29:89:1a:66:7b:c7:ff:
+ b1:34:f1:d6:be:21:81:e3:bc:4f:13:02:a7:4b:9d:13:05:46:
+ 40:88:4a:aa:db:fb:64:f8:6b:fb:5d:a0:b1:0c:1a:b8:4c:ab:
+ 6f:69:fe:0b:55:4e:b3:38:1f:91:0b:71:77:1e:11:39:54:9a:
+ 62:51:ea:6d:a8:5e:0d:4a:91:fb:d8:be:5d:93:e8:43:f3:4a:
+ 11:fb:31:cf:14:1a:1c:8d:31:1b:99:31:e0:2b:81:01:91:6f:
+ da:ba:cb:1f:51:21:55:29:3f:4c:71:e3:d0:29:41:de:a0:00:
+ da:07:ed:5e:c9:af:32:61:6d:55:f8:f5:2d:46:03:34:33:fb:
+ 2e:1e:aa:7c:fe:d2:30:4d:40:cc:ed:76:ec:f6:bd:ed:35:c8:
+ d8:b3:46:56:aa:2c:53:84:56:45:b0:a3:f6:35:66:93:da:8c:
+ 17:39:c1:29:7c:99:c5:0b:73:c1:f9:16:d0:57:fc:57:59:06:
+ af:39:9f:a9:51:35:0b:c7
+-----BEGIN CERTIFICATE-----
+MIIExzCCAq+gAwIBAgICEAcwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
+YmFyMCAXDTIzMDUxMDE1NTAxOFoYDzIyOTcwMjIyMTU1MDE4WjAfMR0wGwYDVQQD
+DBRicm9rZXItbG9jYWxob3N0LVNBTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAN7R2ruRsxbEsuiJMJ7BXgvP28TD2bGvQKULODYbFP4PIpzmWWoVW9v2
+9/OlAimUetIMZ62qY2J+/FgRKUi4PJGyc34Sa/LqNncPFZtGlc5zFY3I2ZdXA5Az
+LX3z7uUBbdjG2qsHud0c4EvOat6o0uPBUm2DOgrw7c/3VmqHDnPjEoIrZavYqURb
+Si+lkpQy8aHkrxgPDxhgzffQnQOf1+moYFS7O5oF2/04BDy0I0EWbHw72bbgL73L
+YlUb6NCPQ3bvVYbPJcO8ruNGUIn3ca0GXijm9vB2J+p+G2dTOSYgGRiCsRFf6pHC
+49P2Wsf9YaKS3n182m3ovzlSEDFgS+ECAwEAAaOCARcwggETMAkGA1UdEwQCMAAw
+EQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVy
+YXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBcHO6qFg7UEg+yybB46
+8PVZqmEoMDcGA1UdEQQwMC6CCWxvY2FsaG9zdIIbdW5yZXNvbHZhYmxlLWJyb2tl
+ci1hZGRyZXNzhwR/AAABMEEGA1UdIwQ6MDiAFFcL6csj6L9HPlB6P0V+oRhDnRUn
+oRWkEzARMQ8wDQYDVQQDDAZmb29iYXKCCQDX4odPoHniDDAOBgNVHQ8BAf8EBAMC
+BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBAOQnYeIP
+tqDKn87jUwtEq4ah4k2I4X0usKoylis92mBwasNixXbyjw0WMfKt5S9D88vk+pVs
+IIEzGsdaVVfJq8pmRTBYANvoUcksqXLBGPUBh59zIIVs5Ww/yWe08CDl7eJKCAuv
+aEPlqcfhOei1SctHSm3lFq6IkhOFjkIeCutZ7afBm7xLe5n4HfDXHZDJz4Zq0xDQ
+NuT1uTN5x6JoMfe7jR7WM3m95w5PTekuFQRPa0sukyhy0Q6q7ubvaL5YK8xWAScW
++TSOZoYnCrD7MlapitlvsYa9uv1QbNWyVOdOxi0ZiKmJLO++CA0rSZELCUJkBqOd
+15Tt6HR0SENXQW/lBphGHcVgnGn4+/6mAUo1viE2wqNEyMQsIQn0KJqtoJceACnM
+Dyb6WSElwJ76IlNnbaumVgj9Nx1p/u9vKYkaZnvH/7E08da+IYHjvE8TAqdLnRMF
+RkCISqrb+2T4a/tdoLEMGrhMq29p/gtVTrM4H5ELcXceETlUmmJR6m2oXg1KkfvY
+vl2T6EPzShH7Mc8UGhyNMRuZMeArgQGRb9q6yx9RIVUpP0xx49ApQd6gANoH7V7J
+rzJhbVX49S1GAzQz+y4eqnz+0jBNQMztduz2ve01yNizRlaqLFOEVkWwo/Y1ZpPa
+jBc5wSl8mcULc8H5FtBX/FdZBq85n6lRNQvH
+-----END CERTIFICATE-----
diff --git a/tests/certificate-authority/newcerts/1008.pem b/tests/certificate-authority/newcerts/1008.pem
new file mode 100644
index 00000000000..85687bdfd30
--- /dev/null
+++ b/tests/certificate-authority/newcerts/1008.pem
@@ -0,0 +1,110 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4104 (0x1008)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=foobar
+ Validity
+ Not Before: May 10 15:50:19 2023 GMT
+ Not After : Feb 22 15:50:19 2297 GMT
+ Subject: CN=proxy-localhost-SAN
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cc:15:c9:85:06:43:47:bd:46:9f:4f:03:1a:e0:
+ 6e:94:13:4e:b0:30:ea:88:ca:3a:e4:39:92:12:c1:
+ 77:51:8c:0d:3c:b9:26:5c:2f:dc:fc:b1:5a:bf:0e:
+ 47:ff:09:60:30:79:8e:55:26:fe:d0:a1:ed:9f:6d:
+ 8a:6a:06:85:f0:d0:dc:94:a6:54:a1:a6:c9:3e:57:
+ d5:69:7d:e9:25:c1:ef:6b:77:e1:62:76:d8:e4:54:
+ 91:40:bc:0b:11:74:b8:30:bb:d4:02:77:d6:bd:d2:
+ d0:e7:ad:df:7d:98:96:74:42:ad:53:b3:88:c8:dc:
+ 1d:db:51:63:84:ee:7e:85:73:14:5e:d4:c8:f0:01:
+ 5f:67:52:ed:94:87:f7:d6:aa:28:8b:2c:84:98:8c:
+ b9:91:b5:38:99:80:5d:b3:d4:db:95:96:09:ef:1d:
+ a1:6f:86:c8:17:86:f7:0a:1e:72:3b:50:8c:53:e5:
+ ce:d4:8c:cf:cc:81:3d:46:55:ff:65:25:0b:36:31:
+ 31:a6:22:27:47:96:59:38:c1:cd:66:a6:9a:83:98:
+ dc:b8:2e:10:8d:ba:45:ae:aa:20:6e:e3:0b:bd:ec:
+ e6:63:b5:40:55:d4:fe:97:b1:f1:8d:9a:c0:a2:46:
+ 8e:a3:ed:a0:1b:ed:40:b0:00:a5:28:f9:da:03:bd:
+ c1:a9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Server
+ Netscape Comment:
+ OpenSSL Generated Server Certificate
+ X509v3 Subject Key Identifier:
+ C5:33:73:67:03:B7:51:08:F4:BD:D3:CD:4F:DC:CF:83:11:53:AD:39
+ X509v3 Subject Alternative Name:
+ DNS:localhost, IP Address:127.0.0.1
+ X509v3 Authority Key Identifier:
+ keyid:57:0B:E9:CB:23:E8:BF:47:3E:50:7A:3F:45:7E:A1:18:43:9D:15:27
+ DirName:/CN=foobar
+ serial:D7:E2:87:4F:A0:79:E2:0C
+
+ X509v3 Key Usage: critical
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ Signature Algorithm: sha256WithRSAEncryption
+ 43:ef:67:29:9a:0c:53:97:7c:fc:72:73:6c:8d:48:78:4e:ec:
+ e3:14:9d:d9:1e:83:4c:d6:f0:56:e9:c4:d8:de:f5:54:fb:a5:
+ 3b:ff:59:23:75:26:74:f0:86:90:d0:4d:41:25:03:87:e0:60:
+ a4:9b:33:3d:bd:1c:79:b8:db:86:1c:38:09:26:0d:80:3e:f9:
+ 1e:28:11:0d:3d:6b:1e:1a:7a:9a:fa:fc:18:22:7f:fd:46:55:
+ c2:2f:56:5c:5c:8a:45:f2:74:7a:e4:6c:d0:e0:ea:ec:74:b7:
+ 0d:a8:f3:ca:18:cf:a4:be:a0:e0:4a:32:ca:15:7e:5d:06:56:
+ b7:71:7c:e0:dc:19:fa:be:3e:94:84:20:be:96:34:61:0b:f0:
+ d1:d6:31:49:0b:b0:20:b8:f9:5c:49:08:13:9b:45:c0:6f:58:
+ 16:81:0b:0c:f8:66:38:58:83:d4:b0:bc:14:35:8d:e2:1d:d5:
+ 2d:ea:02:ae:42:e1:88:22:5a:b0:cf:e5:31:b1:cb:d3:e9:d2:
+ 5e:88:55:bd:62:ac:85:aa:4e:fc:18:6b:65:f9:9e:fc:93:27:
+ 0c:c6:29:aa:f0:64:6e:72:dc:d9:95:ae:38:ae:64:9e:c6:44:
+ 8a:0b:0f:0e:d4:69:7e:79:e0:46:d0:75:96:2a:1a:60:af:30:
+ 23:dc:d2:67:0d:08:2a:9d:58:29:09:1e:c8:08:d5:3a:88:2d:
+ 1a:dc:47:dc:5d:bd:0d:5c:54:f1:5d:5a:6d:0d:de:bc:18:67:
+ 2d:dd:1b:fe:8b:0e:03:19:b0:0f:f2:59:69:d0:7a:4f:a1:33:
+ 74:f7:22:ef:ff:90:e1:4b:8e:ac:13:00:6f:00:9b:55:83:d2:
+ 96:db:a8:81:c9:a9:8d:c6:a6:21:3d:14:d3:43:71:28:c6:ea:
+ 6d:2d:91:b9:58:bf:ec:18:75:c4:8c:10:43:88:60:08:c0:bb:
+ 9d:fb:90:80:1e:d5:a3:ea:e7:8a:16:f7:f4:d7:cb:35:93:03:
+ 55:e4:cc:58:31:1e:df:6e:e4:1b:6e:ad:3a:76:56:e5:8b:4e:
+ d9:71:af:11:92:a7:7a:e2:66:cc:d2:73:f3:ec:e8:3b:67:f0:
+ 6a:31:10:82:e8:c4:1e:ae:c3:54:a7:e2:42:86:fe:43:75:ad:
+ ef:83:d7:1c:2f:91:94:1c:57:9d:1c:43:94:b1:47:b2:6c:96:
+ fd:83:69:0f:6c:e2:18:9b:65:8e:71:08:01:b3:73:46:aa:3c:
+ 2e:07:14:cd:03:ae:dc:5a:51:da:c5:41:53:cc:f5:fc:c8:db:
+ 4e:76:27:99:9a:ec:40:68:07:d6:10:e1:f9:68:6b:5d:52:95:
+ 3d:01:f4:a7:40:11:61:0a
+-----BEGIN CERTIFICATE-----
+MIIEpzCCAo+gAwIBAgICEAgwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
+YmFyMCAXDTIzMDUxMDE1NTAxOVoYDzIyOTcwMjIyMTU1MDE5WjAeMRwwGgYDVQQD
+DBNwcm94eS1sb2NhbGhvc3QtU0FOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAzBXJhQZDR71Gn08DGuBulBNOsDDqiMo65DmSEsF3UYwNPLkmXC/c/LFa
+vw5H/wlgMHmOVSb+0KHtn22KagaF8NDclKZUoabJPlfVaX3pJcHva3fhYnbY5FSR
+QLwLEXS4MLvUAnfWvdLQ563ffZiWdEKtU7OIyNwd21FjhO5+hXMUXtTI8AFfZ1Lt
+lIf31qooiyyEmIy5kbU4mYBds9TblZYJ7x2hb4bIF4b3Ch5yO1CMU+XO1IzPzIE9
+RlX/ZSULNjExpiInR5ZZOMHNZqaag5jcuC4QjbpFrqogbuMLvezmY7VAVdT+l7Hx
+jZrAokaOo+2gG+1AsAClKPnaA73BqQIDAQABo4H5MIH2MAkGA1UdEwQCMAAwEQYJ
+YIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRl
+ZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFMUzc2cDt1EI9L3TzU/cz4MR
+U605MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATBBBgNVHSMEOjA4gBRXC+nL
+I+i/Rz5Qej9FfqEYQ50VJ6EVpBMwETEPMA0GA1UEAwwGZm9vYmFyggkA1+KHT6B5
+4gwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4ICAQBD72cpmgxTl3z8cnNsjUh4TuzjFJ3ZHoNM1vBW6cTY3vVU+6U7
+/1kjdSZ08IaQ0E1BJQOH4GCkmzM9vRx5uNuGHDgJJg2APvkeKBENPWseGnqa+vwY
+In/9RlXCL1ZcXIpF8nR65GzQ4OrsdLcNqPPKGM+kvqDgSjLKFX5dBla3cXzg3Bn6
+vj6UhCC+ljRhC/DR1jFJC7AguPlcSQgTm0XAb1gWgQsM+GY4WIPUsLwUNY3iHdUt
+6gKuQuGIIlqwz+UxscvT6dJeiFW9YqyFqk78GGtl+Z78kycMximq8GRuctzZla44
+rmSexkSKCw8O1Gl+eeBG0HWWKhpgrzAj3NJnDQgqnVgpCR7ICNU6iC0a3EfcXb0N
+XFTxXVptDd68GGct3Rv+iw4DGbAP8llp0HpPoTN09yLv/5DhS46sEwBvAJtVg9KW
+26iByamNxqYhPRTTQ3EoxuptLZG5WL/sGHXEjBBDiGAIwLud+5CAHtWj6ueKFvf0
+18s1kwNV5MxYMR7fbuQbbq06dlbli07Zca8Rkqd64mbM0nPz7Og7Z/BqMRCC6MQe
+rsNUp+JChv5Dda3vg9ccL5GUHFedHEOUsUeybJb9g2kPbOIYm2WOcQgBs3NGqjwu
+BxTNA67cWlHaxUFTzPX8yNtOdieZmuxAaAfWEOH5aGtdUpU9AfSnQBFhCg==
+-----END CERTIFICATE-----
diff --git a/tests/certificate-authority/openssl.cnf b/tests/certificate-authority/openssl.cnf
index 9c8585edc9a..f7a23b3b33f 100644
--- a/tests/certificate-authority/openssl.cnf
+++ b/tests/certificate-authority/openssl.cnf
@@ -27,7 +27,7 @@ default_ca = CA_default
[ CA_default ]
# Directory and file locations.
-dir = $ENV::CA_HOME
+dir = .
certs = $dir/certs
crl_dir = $dir/crl
new_certs_dir = $dir/newcerts
@@ -92,12 +92,25 @@ authorityKeyIdentifier = keyid,issuer
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth, emailProtection
-[ server_cert ]
+[ broker_cert ]
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
+# The unresolvable address is used for SNI testing
+subjectAltName = DNS:localhost, DNS:unresolvable-broker-address, IP:127.0.0.1
+authorityKeyIdentifier = keyid,issuer:always
+keyUsage = critical, digitalSignature, keyEncipherment
+extendedKeyUsage = serverAuth
+
+[ proxy_cert ]
+# Extensions for server certificates (`man x509v3_config`).
+basicConstraints = CA:FALSE
+nsCertType = server
+nsComment = "OpenSSL Generated Server Certificate"
+subjectKeyIdentifier = hash
+subjectAltName = DNS:localhost, IP:127.0.0.1
authorityKeyIdentifier = keyid,issuer:always
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
diff --git a/tests/certificate-authority/serial b/tests/certificate-authority/serial
index fb35a14c027..6cb3869343b 100644
--- a/tests/certificate-authority/serial
+++ b/tests/certificate-authority/serial
@@ -1 +1 @@
-1007
+1009
diff --git a/tests/certificate-authority/server-keys/broker.cert.pem b/tests/certificate-authority/server-keys/broker.cert.pem
index b5c7a5dc709..4237719f20e 100644
--- a/tests/certificate-authority/server-keys/broker.cert.pem
+++ b/tests/certificate-authority/server-keys/broker.cert.pem
@@ -1,27 +1,111 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4103 (0x1007)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=foobar
+ Validity
+ Not Before: May 10 15:50:18 2023 GMT
+ Not After : Feb 22 15:50:18 2297 GMT
+ Subject: CN=broker-localhost-SAN
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:de:d1:da:bb:91:b3:16:c4:b2:e8:89:30:9e:c1:
+ 5e:0b:cf:db:c4:c3:d9:b1:af:40:a5:0b:38:36:1b:
+ 14:fe:0f:22:9c:e6:59:6a:15:5b:db:f6:f7:f3:a5:
+ 02:29:94:7a:d2:0c:67:ad:aa:63:62:7e:fc:58:11:
+ 29:48:b8:3c:91:b2:73:7e:12:6b:f2:ea:36:77:0f:
+ 15:9b:46:95:ce:73:15:8d:c8:d9:97:57:03:90:33:
+ 2d:7d:f3:ee:e5:01:6d:d8:c6:da:ab:07:b9:dd:1c:
+ e0:4b:ce:6a:de:a8:d2:e3:c1:52:6d:83:3a:0a:f0:
+ ed:cf:f7:56:6a:87:0e:73:e3:12:82:2b:65:ab:d8:
+ a9:44:5b:4a:2f:a5:92:94:32:f1:a1:e4:af:18:0f:
+ 0f:18:60:cd:f7:d0:9d:03:9f:d7:e9:a8:60:54:bb:
+ 3b:9a:05:db:fd:38:04:3c:b4:23:41:16:6c:7c:3b:
+ d9:b6:e0:2f:bd:cb:62:55:1b:e8:d0:8f:43:76:ef:
+ 55:86:cf:25:c3:bc:ae:e3:46:50:89:f7:71:ad:06:
+ 5e:28:e6:f6:f0:76:27:ea:7e:1b:67:53:39:26:20:
+ 19:18:82:b1:11:5f:ea:91:c2:e3:d3:f6:5a:c7:fd:
+ 61:a2:92:de:7d:7c:da:6d:e8:bf:39:52:10:31:60:
+ 4b:e1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Server
+ Netscape Comment:
+ OpenSSL Generated Server Certificate
+ X509v3 Subject Key Identifier:
+ 17:07:3B:AA:85:83:B5:04:83:EC:B2:6C:1E:3A:F0:F5:59:AA:61:28
+ X509v3 Subject Alternative Name:
+ DNS:localhost, DNS:unresolvable-broker-address, IP Address:127.0.0.1
+ X509v3 Authority Key Identifier:
+ keyid:57:0B:E9:CB:23:E8:BF:47:3E:50:7A:3F:45:7E:A1:18:43:9D:15:27
+ DirName:/CN=foobar
+ serial:D7:E2:87:4F:A0:79:E2:0C
+
+ X509v3 Key Usage: critical
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ Signature Algorithm: sha256WithRSAEncryption
+ e4:27:61:e2:0f:b6:a0:ca:9f:ce:e3:53:0b:44:ab:86:a1:e2:
+ 4d:88:e1:7d:2e:b0:aa:32:96:2b:3d:da:60:70:6a:c3:62:c5:
+ 76:f2:8f:0d:16:31:f2:ad:e5:2f:43:f3:cb:e4:fa:95:6c:20:
+ 81:33:1a:c7:5a:55:57:c9:ab:ca:66:45:30:58:00:db:e8:51:
+ c9:2c:a9:72:c1:18:f5:01:87:9f:73:20:85:6c:e5:6c:3f:c9:
+ 67:b4:f0:20:e5:ed:e2:4a:08:0b:af:68:43:e5:a9:c7:e1:39:
+ e8:b5:49:cb:47:4a:6d:e5:16:ae:88:92:13:85:8e:42:1e:0a:
+ eb:59:ed:a7:c1:9b:bc:4b:7b:99:f8:1d:f0:d7:1d:90:c9:cf:
+ 86:6a:d3:10:d0:36:e4:f5:b9:33:79:c7:a2:68:31:f7:bb:8d:
+ 1e:d6:33:79:bd:e7:0e:4f:4d:e9:2e:15:04:4f:6b:4b:2e:93:
+ 28:72:d1:0e:aa:ee:e6:ef:68:be:58:2b:cc:56:01:27:16:f9:
+ 34:8e:66:86:27:0a:b0:fb:32:56:a9:8a:d9:6f:b1:86:bd:ba:
+ fd:50:6c:d5:b2:54:e7:4e:c6:2d:19:88:a9:89:2c:ef:be:08:
+ 0d:2b:49:91:0b:09:42:64:06:a3:9d:d7:94:ed:e8:74:74:48:
+ 43:57:41:6f:e5:06:98:46:1d:c5:60:9c:69:f8:fb:fe:a6:01:
+ 4a:35:be:21:36:c2:a3:44:c8:c4:2c:21:09:f4:28:9a:ad:a0:
+ 97:1e:00:29:cc:0f:26:fa:59:21:25:c0:9e:fa:22:53:67:6d:
+ ab:a6:56:08:fd:37:1d:69:fe:ef:6f:29:89:1a:66:7b:c7:ff:
+ b1:34:f1:d6:be:21:81:e3:bc:4f:13:02:a7:4b:9d:13:05:46:
+ 40:88:4a:aa:db:fb:64:f8:6b:fb:5d:a0:b1:0c:1a:b8:4c:ab:
+ 6f:69:fe:0b:55:4e:b3:38:1f:91:0b:71:77:1e:11:39:54:9a:
+ 62:51:ea:6d:a8:5e:0d:4a:91:fb:d8:be:5d:93:e8:43:f3:4a:
+ 11:fb:31:cf:14:1a:1c:8d:31:1b:99:31:e0:2b:81:01:91:6f:
+ da:ba:cb:1f:51:21:55:29:3f:4c:71:e3:d0:29:41:de:a0:00:
+ da:07:ed:5e:c9:af:32:61:6d:55:f8:f5:2d:46:03:34:33:fb:
+ 2e:1e:aa:7c:fe:d2:30:4d:40:cc:ed:76:ec:f6:bd:ed:35:c8:
+ d8:b3:46:56:aa:2c:53:84:56:45:b0:a3:f6:35:66:93:da:8c:
+ 17:39:c1:29:7c:99:c5:0b:73:c1:f9:16:d0:57:fc:57:59:06:
+ af:39:9f:a9:51:35:0b:c7
-----BEGIN CERTIFICATE-----
-MIIEkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyMjA4NTUzMloYDzIyOTIwNDA2MDg1NTMyWjAjMSEwHwYDVQQD
-DBhicm9rZXIucHVsc2FyLmFwYWNoZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDQouKhZah4hMCqmg4aS5RhQG/Y1gA+yP9DGF9mlw35tfhfWs63
-EvNjEK4L/ZWSEV45L/wc6YV14RmM6bJ0V/0vXo4xmISbqptND/2kRIspkLZQ5F0O
-OQXVicqZLOc6igZQhRg8ANDYdTJUTF65DqauX4OJt3YMhF2FSt7jQtlj06IQBa01
-+ARO9OotMJtBY+vIU5bV6JydfgkhQH9rIDI7AMeY5j02gGkJJrelfm+WoOsUez+X
-aqTN3/tF8+MBcFB3G04s1qc2CJPJM3YGxvxEtHqTGI14t9J8p5O7X9JHpcY8X00s
-bxa4FGbKgfDobbkJ+GgblWCkAcLN95sKTqtHAgMBAAGjgd0wgdowCQYDVR0TBAIw
-ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
-ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUaxFvJrkEGqk8azTA
-DyVyTyTbJAIwQQYDVR0jBDowOIAUVwvpyyPov0c+UHo/RX6hGEOdFSehFaQTMBEx
-DzANBgNVBAMMBmZvb2JhcoIJANfih0+geeIMMA4GA1UdDwEB/wQEAwIFoDATBgNV
-HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEA35QDGclHzQtHs3yQ
-ZzNOSKisg5srTiIoQgRzfHrXfkthNFCnBzhKjBxqk3EIasVtvyGuk0ThneC1ai3y
-ZK3BivnMZfm1SfyvieFoqWetsxohWfcpOSVkpvO37P6v/NmmaTIGkBN3gxKCx0QN
-zqApLQyNTM++X3wxetYH/afAGUrRmBGWZuJheQpB9yZ+FB6BRp8YuYIYBzANJyW9
-spvXW03TpqX2AIoRBoGMLzK72vbhAbLWiCIfEYREhbZVRkP+yvD338cWrILlOEur
-x/n8L/FTmbf7mXzHg4xaQ3zg/5+0OCPMDPUBE4xWDBAbZ82hgOcTqfVjwoPgo2V0
-fbbx6redq44J3Vn5d9Xhi59fkpqEjHpX4xebr5iMikZsNTJMeLh0h3uf7DstuO9d
-mfnF5j+yDXCKb9XzCsTSvGCN+spmUh6RfSrbkw8/LrRvBUpKVEM0GfKSnaFpOaSS
-efM4UEi72FRjszzHEkdvpiLhYvihINLJmDXszhc3fCi42be/DGmUhuhTZWynOPmp
-0N0V/8/sGT5gh4fGEtGzS/8xEvZwO9uDlccJiG8Pi+aO0/K9urB9nppd/xKWXv3C
-cib/QrW0Qow4TADWC1fnGYCpFzzaZ2esPL2MvzOYXnW4/AbEqmb6Weatluai64ZK
-3N2cGJWRyvpvvmbP2hKCa4eLgEc=
+MIIExzCCAq+gAwIBAgICEAcwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
+YmFyMCAXDTIzMDUxMDE1NTAxOFoYDzIyOTcwMjIyMTU1MDE4WjAfMR0wGwYDVQQD
+DBRicm9rZXItbG9jYWxob3N0LVNBTjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAN7R2ruRsxbEsuiJMJ7BXgvP28TD2bGvQKULODYbFP4PIpzmWWoVW9v2
+9/OlAimUetIMZ62qY2J+/FgRKUi4PJGyc34Sa/LqNncPFZtGlc5zFY3I2ZdXA5Az
+LX3z7uUBbdjG2qsHud0c4EvOat6o0uPBUm2DOgrw7c/3VmqHDnPjEoIrZavYqURb
+Si+lkpQy8aHkrxgPDxhgzffQnQOf1+moYFS7O5oF2/04BDy0I0EWbHw72bbgL73L
+YlUb6NCPQ3bvVYbPJcO8ruNGUIn3ca0GXijm9vB2J+p+G2dTOSYgGRiCsRFf6pHC
+49P2Wsf9YaKS3n182m3ovzlSEDFgS+ECAwEAAaOCARcwggETMAkGA1UdEwQCMAAw
+EQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVy
+YXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBcHO6qFg7UEg+yybB46
+8PVZqmEoMDcGA1UdEQQwMC6CCWxvY2FsaG9zdIIbdW5yZXNvbHZhYmxlLWJyb2tl
+ci1hZGRyZXNzhwR/AAABMEEGA1UdIwQ6MDiAFFcL6csj6L9HPlB6P0V+oRhDnRUn
+oRWkEzARMQ8wDQYDVQQDDAZmb29iYXKCCQDX4odPoHniDDAOBgNVHQ8BAf8EBAMC
+BaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggIBAOQnYeIP
+tqDKn87jUwtEq4ah4k2I4X0usKoylis92mBwasNixXbyjw0WMfKt5S9D88vk+pVs
+IIEzGsdaVVfJq8pmRTBYANvoUcksqXLBGPUBh59zIIVs5Ww/yWe08CDl7eJKCAuv
+aEPlqcfhOei1SctHSm3lFq6IkhOFjkIeCutZ7afBm7xLe5n4HfDXHZDJz4Zq0xDQ
+NuT1uTN5x6JoMfe7jR7WM3m95w5PTekuFQRPa0sukyhy0Q6q7ubvaL5YK8xWAScW
++TSOZoYnCrD7MlapitlvsYa9uv1QbNWyVOdOxi0ZiKmJLO++CA0rSZELCUJkBqOd
+15Tt6HR0SENXQW/lBphGHcVgnGn4+/6mAUo1viE2wqNEyMQsIQn0KJqtoJceACnM
+Dyb6WSElwJ76IlNnbaumVgj9Nx1p/u9vKYkaZnvH/7E08da+IYHjvE8TAqdLnRMF
+RkCISqrb+2T4a/tdoLEMGrhMq29p/gtVTrM4H5ELcXceETlUmmJR6m2oXg1KkfvY
+vl2T6EPzShH7Mc8UGhyNMRuZMeArgQGRb9q6yx9RIVUpP0xx49ApQd6gANoH7V7J
+rzJhbVX49S1GAzQz+y4eqnz+0jBNQMztduz2ve01yNizRlaqLFOEVkWwo/Y1ZpPa
+jBc5wSl8mcULc8H5FtBX/FdZBq85n6lRNQvH
-----END CERTIFICATE-----
diff --git a/tests/certificate-authority/server-keys/broker.csr.pem b/tests/certificate-authority/server-keys/broker.csr.pem
index d2342595eb2..9d28c52be79 100644
--- a/tests/certificate-authority/server-keys/broker.csr.pem
+++ b/tests/certificate-authority/server-keys/broker.csr.pem
@@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICaDCCAVACAQAwIzEhMB8GA1UEAwwYYnJva2VyLnB1bHNhci5hcGFjaGUub3Jn
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KLioWWoeITAqpoOGkuU
-YUBv2NYAPsj/QxhfZpcN+bX4X1rOtxLzYxCuC/2VkhFeOS/8HOmFdeEZjOmydFf9
-L16OMZiEm6qbTQ/9pESLKZC2UORdDjkF1YnKmSznOooGUIUYPADQ2HUyVExeuQ6m
-rl+Dibd2DIRdhUre40LZY9OiEAWtNfgETvTqLTCbQWPryFOW1eicnX4JIUB/ayAy
-OwDHmOY9NoBpCSa3pX5vlqDrFHs/l2qkzd/7RfPjAXBQdxtOLNanNgiTyTN2Bsb8
-RLR6kxiNeLfSfKeTu1/SR6XGPF9NLG8WuBRmyoHw6G25CfhoG5VgpAHCzfebCk6r
-RwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAHVVGKnfqBDmu+e5MWK9i0ja/JFv
-dhST705gdKDOPc7MXDVr+zJZKgvnDtzDrWTe7Zk0p7xQf3kc773eYCdlznX+J1Fw
-EfIHXQTBZRZxmHnYqc012i5tshvEOS0o61ZEgxz8hxGLwGlRaIcy+qt927fscpQ5
-7VEnlxzD4YeHwryIXH5hOr/J1OmlL58Fxwh2NJfso7ErRuHW44XK4qdwWCQs/nVN
-EQyV6RCbaiRq9Ks4j3FwtqmfgzMB1+T3L+CiuhPol2/rZwD3o5j7SP8ZGxC15Tzi
-wHG71H0wp1CY+tkAcvm2zmoHR9z1SD84raZLYJVRgUio7myW/DVBqPxCSvU=
+MIICZDCCAUwCAQAwHzEdMBsGA1UEAwwUYnJva2VyLWxvY2FsaG9zdC1TQU4wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDe0dq7kbMWxLLoiTCewV4Lz9vE
+w9mxr0ClCzg2GxT+DyKc5llqFVvb9vfzpQIplHrSDGetqmNifvxYESlIuDyRsnN+
+Emvy6jZ3DxWbRpXOcxWNyNmXVwOQMy198+7lAW3YxtqrB7ndHOBLzmreqNLjwVJt
+gzoK8O3P91Zqhw5z4xKCK2Wr2KlEW0ovpZKUMvGh5K8YDw8YYM330J0Dn9fpqGBU
+uzuaBdv9OAQ8tCNBFmx8O9m24C+9y2JVG+jQj0N271WGzyXDvK7jRlCJ93GtBl4o
+5vbwdifqfhtnUzkmIBkYgrERX+qRwuPT9lrH/WGikt59fNpt6L85UhAxYEvhAgMB
+AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAcLkzWe6zgkVpk4OUlCv1HUqmntiBHdmh
+24v3OKhQjyMs+m/srBe6r+lBdZLnbSH5fq7eToEwRMt/vNirsXCaxGGVOUnThStt
+Z/rR45bpJl1TomXwEG9xHq7yOaHVfxkNZgaHCu6BZ1ZjYgfqWffFf9hcqAJ3xZm0
+XMPfJs9i/TRHCsdUge1BHZrxD/fzriWM7k89XktY+0zSqGfdhOXE0FO30bnC4mJG
+vZXY5reyIuRlFBpnDUtuYBaSfbUYguaSUYIoHOUsQrmMSqPLJUyY1zNm1t5f1jIx
+ZaK8NEIq2AHHqEx7I/7+lVRRWa9IjdqWIT9KD5TraOML9oS74sto2w==
-----END CERTIFICATE REQUEST-----
diff --git a/tests/certificate-authority/server-keys/broker.key-pk8.pem b/tests/certificate-authority/server-keys/broker.key-pk8.pem
index 2b51d015b8a..dd9fa523e8e 100644
--- a/tests/certificate-authority/server-keys/broker.key-pk8.pem
+++ b/tests/certificate-authority/server-keys/broker.key-pk8.pem
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDQouKhZah4hMCq
-mg4aS5RhQG/Y1gA+yP9DGF9mlw35tfhfWs63EvNjEK4L/ZWSEV45L/wc6YV14RmM
-6bJ0V/0vXo4xmISbqptND/2kRIspkLZQ5F0OOQXVicqZLOc6igZQhRg8ANDYdTJU
-TF65DqauX4OJt3YMhF2FSt7jQtlj06IQBa01+ARO9OotMJtBY+vIU5bV6Jydfgkh
-QH9rIDI7AMeY5j02gGkJJrelfm+WoOsUez+XaqTN3/tF8+MBcFB3G04s1qc2CJPJ
-M3YGxvxEtHqTGI14t9J8p5O7X9JHpcY8X00sbxa4FGbKgfDobbkJ+GgblWCkAcLN
-95sKTqtHAgMBAAECggEBALE1eMtfnk3nbAI74bih84D7C0Ug14p8jJv/qqBnsx4j
-WrgbWDMVrJa7Rym2FQHBMMfgIwKnso0iSeJvaPz683j1lk833YKe0VQOPgD1m0IN
-wV1J6mQ3OOZcKDIcerY1IBHqSmBEzR7dxIbnaxlCAX9gb0hdBK6zCwA5TMG5OQ5Y
-3cGOmevK5i2PiejhpruA8h7E48P1ATaGHUZif9YD724oi6AcilQ8H/DlOjZTvlmK
-r4aJ30f72NwGM8Ecet5CE2wyflAGtY0k+nChYkPRfy54u64Z/T9B53AvneFaj8jv
-yFepZgRTs2cWhEl0KQGuBHQ4+IeOfMt2LebhvjWW8YkCgYEA7BXVsnqPHKRDd8wP
-eNkolY4Fjdq4wu9ad+DaFiZcJuv7ugr+Kplltq6e4aU36zEdBYdPp/6KM/HGE/Xj
-bo0CELNUKs/Ny9H/UJc8DDbVEmoF3XGiIbKKq1T8NTXTETFnwrGkBFD8nl7YTsOF
-M4FZmSok0MhhkpEULAqxBS6YpQsCgYEA4jxM1egTVSWjTreg2UdYo2507jKa7maP
-PRtoPsNJzWNbOpfj26l3/8pd6oYKWck6se6RxIUxUrk3ywhNJIIOvWEC7TaOH1c9
-T4NQNcweqBW9+A1x5gyzT14gDaBfl45gs82vI+kcpVv/w2N3HZOQZX3yAUqWpfw2
-yw1uQDXtgDUCgYEAiYPWbBXTkp1j5z3nrT7g0uxc89n5USLWkYlZvxktCEbg4+dP
-UUT06EoipdD1F3wOKZA9p98uZT9pX2sUxOpBz7SFTEKq3xQ9IZZWFc9CoW08aVat
-V++FsnLYTa5CeXtLsy6CGTmLTDx2xrpAtlWb+QmBVFPD8fmrxFOd9STFKS0CgYAt
-6ztVN3OlFqyc75yQPXD6SxMkvdTAisSMDKIOCylRrNb5f5baIP2gR3zkeyxiqPtm
-3htsHfSy67EtXpP50wQW4Dft2eLi7ZweJXMEWFfomfEjBeeWYAGNHHe5DFIauuVZ
-2WexDEGqNpAlIm0s7aSjVPrn1DHbouOkNyenlMqN+QKBgQDVYVhk9widShSnCmUA
-G30moXDgj3eRqCf5T7NEr9GXD1QBD/rQSPh5agnDV7IYLpV7/wkYLI7l9x7mDwu+
-I9mRXkyAmTVEctLTdXQHt0jdJa5SfUaVEDUzQbr0fUjkmythTvqZ809+d3ELPeLI
-5qJ7jxgksHWji4lYfL4r4J6Zaw==
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDe0dq7kbMWxLLo
+iTCewV4Lz9vEw9mxr0ClCzg2GxT+DyKc5llqFVvb9vfzpQIplHrSDGetqmNifvxY
+ESlIuDyRsnN+Emvy6jZ3DxWbRpXOcxWNyNmXVwOQMy198+7lAW3YxtqrB7ndHOBL
+zmreqNLjwVJtgzoK8O3P91Zqhw5z4xKCK2Wr2KlEW0ovpZKUMvGh5K8YDw8YYM33
+0J0Dn9fpqGBUuzuaBdv9OAQ8tCNBFmx8O9m24C+9y2JVG+jQj0N271WGzyXDvK7j
+RlCJ93GtBl4o5vbwdifqfhtnUzkmIBkYgrERX+qRwuPT9lrH/WGikt59fNpt6L85
+UhAxYEvhAgMBAAECggEAbQ4xDFTHXoFvPzjGPy1NJmLZoXhp9/lanmzbWj/vClnG
+Cx0C7lT93K8HtIwyfr9ZTa0coXcfpXmZcFEV762cl4LL3AyQIRhZB/SuEo19jMnu
+5rJDLTs9Vzp1LYxShGsqpErPg54IbhxP+0pQLCJc9XQNL+RmaCx7eKoJ9aGchULY
+BdbCRctYhHaq/AC2qNYZF41Ys9zdNN0/2NnRqfgaaAj9hUzu3LlaJX1TWHbgikLo
+QdmRNmTMMxfLl2kyoweDEC6MdSKCbcdDyM46Va3yY3KTuAdjP6x1ALzAarBDj6zb
+a0Vp7g80OcKjmLYt8rFImjwb7D9EanOy2GkK2CwhAQKBgQD8v4gOTeNYC4Xo6Rti
+psv+QCuH8hiLdee4KFdzqthlELDfhncDKXfwcZI3PME/aBWvvAn+rokl/UfCm5nQ
+fwXW3MYyNpmk0HJjWAQcexsdHCM9I0CgEp8uInn+8EFqlYVh2ltoQLhGuIwOqqPk
+3cQV8ImW+CmqmWYzbSZw97OqqQKBgQDhr7+oOf+sly0MVf5WixHTURJAU6p2VyTt
+aNsNiuLN/W3Vax9Ql9HEm3RPx2SxFEIxllPcwb1Vms/ONmvT1t3xWGp7TIOX/0/m
+uhNIG2/Bcr47NgWjhiV4zE/TfawkcP7/MujUxl2/zm7RHLrU2bmi8rV+PGqlVE0w
+v7iKj4bSeQKBgHkI34a6Fdzb58yZlNuxNI8U+8OmU8q1M7ok13w0nFwJminwop2J
+Bj7GpFZ/aauLlJcLXV3xBwyCNhMjoI0PxyQVpXP2Ya1jhOO+Cnn5GgrepqFoeFIv
+mLrnF7TWKP15jN5HSu6pz5VOWwPLA6Fd8cDv53O8c3eW7jJCWt5OQGPBAoGALwbI
+EO3E8NmvcVqZ3L6twDKscur8IhyWfUHUI0ZFbFbahBYGOGzqMOWTnuwVdzCZemuw
+nddg9G2Fz5pXbZTgOmIKDhcrdIimxZUQX34YE18tdHkVQ7W4KSuplpAhRpalC9g3
+295ZupXxUXGDHMchf2rDlsJQFpMyYm4Qrg6qMUECgYBhBG/iLvE6/Z1oh6eky6WU
+Dx7nL+FDDu3JbNAWs6RMDs9fE+7iDEj8MxZL0PUnVMsQvf43Ew1boyIGwlNtdRZ5
+dLaKFAgJ8YbqIptnFfGQ/8vKhK+x4FWzEd3kuRzQZPVRVV5Op6bRp1Kb8NMPCQXb
+72qifYUaI7uirULNSit9wg==
-----END PRIVATE KEY-----
diff --git a/tests/certificate-authority/server-keys/broker.key.pem b/tests/certificate-authority/server-keys/broker.key.pem
index dc22667ab47..5c20238c7b9 100644
--- a/tests/certificate-authority/server-keys/broker.key.pem
+++ b/tests/certificate-authority/server-keys/broker.key.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA0KLioWWoeITAqpoOGkuUYUBv2NYAPsj/QxhfZpcN+bX4X1rO
-txLzYxCuC/2VkhFeOS/8HOmFdeEZjOmydFf9L16OMZiEm6qbTQ/9pESLKZC2UORd
-DjkF1YnKmSznOooGUIUYPADQ2HUyVExeuQ6mrl+Dibd2DIRdhUre40LZY9OiEAWt
-NfgETvTqLTCbQWPryFOW1eicnX4JIUB/ayAyOwDHmOY9NoBpCSa3pX5vlqDrFHs/
-l2qkzd/7RfPjAXBQdxtOLNanNgiTyTN2Bsb8RLR6kxiNeLfSfKeTu1/SR6XGPF9N
-LG8WuBRmyoHw6G25CfhoG5VgpAHCzfebCk6rRwIDAQABAoIBAQCxNXjLX55N52wC
-O+G4ofOA+wtFINeKfIyb/6qgZ7MeI1q4G1gzFayWu0cpthUBwTDH4CMCp7KNIkni
-b2j8+vN49ZZPN92CntFUDj4A9ZtCDcFdSepkNzjmXCgyHHq2NSAR6kpgRM0e3cSG
-52sZQgF/YG9IXQSuswsAOUzBuTkOWN3BjpnryuYtj4no4aa7gPIexOPD9QE2hh1G
-Yn/WA+9uKIugHIpUPB/w5To2U75Ziq+Gid9H+9jcBjPBHHreQhNsMn5QBrWNJPpw
-oWJD0X8ueLuuGf0/QedwL53hWo/I78hXqWYEU7NnFoRJdCkBrgR0OPiHjnzLdi3m
-4b41lvGJAoGBAOwV1bJ6jxykQ3fMD3jZKJWOBY3auMLvWnfg2hYmXCbr+7oK/iqZ
-ZbaunuGlN+sxHQWHT6f+ijPxxhP1426NAhCzVCrPzcvR/1CXPAw21RJqBd1xoiGy
-iqtU/DU10xExZ8KxpARQ/J5e2E7DhTOBWZkqJNDIYZKRFCwKsQUumKULAoGBAOI8
-TNXoE1Ulo063oNlHWKNudO4ymu5mjz0baD7DSc1jWzqX49upd//KXeqGClnJOrHu
-kcSFMVK5N8sITSSCDr1hAu02jh9XPU+DUDXMHqgVvfgNceYMs09eIA2gX5eOYLPN
-ryPpHKVb/8Njdx2TkGV98gFKlqX8NssNbkA17YA1AoGBAImD1mwV05KdY+c9560+
-4NLsXPPZ+VEi1pGJWb8ZLQhG4OPnT1FE9OhKIqXQ9Rd8DimQPaffLmU/aV9rFMTq
-Qc+0hUxCqt8UPSGWVhXPQqFtPGlWrVfvhbJy2E2uQnl7S7Mughk5i0w8dsa6QLZV
-m/kJgVRTw/H5q8RTnfUkxSktAoGALes7VTdzpRasnO+ckD1w+ksTJL3UwIrEjAyi
-DgspUazW+X+W2iD9oEd85HssYqj7Zt4bbB30suuxLV6T+dMEFuA37dni4u2cHiVz
-BFhX6JnxIwXnlmABjRx3uQxSGrrlWdlnsQxBqjaQJSJtLO2ko1T659Qx26LjpDcn
-p5TKjfkCgYEA1WFYZPcInUoUpwplABt9JqFw4I93kagn+U+zRK/Rlw9UAQ/60Ej4
-eWoJw1eyGC6Ve/8JGCyO5fce5g8LviPZkV5MgJk1RHLS03V0B7dI3SWuUn1GlRA1
-M0G69H1I5JsrYU76mfNPfndxCz3iyOaie48YJLB1o4uJWHy+K+CemWs=
+MIIEogIBAAKCAQEA3tHau5GzFsSy6IkwnsFeC8/bxMPZsa9ApQs4NhsU/g8inOZZ
+ahVb2/b386UCKZR60gxnrapjYn78WBEpSLg8kbJzfhJr8uo2dw8Vm0aVznMVjcjZ
+l1cDkDMtffPu5QFt2Mbaqwe53RzgS85q3qjS48FSbYM6CvDtz/dWaocOc+MSgitl
+q9ipRFtKL6WSlDLxoeSvGA8PGGDN99CdA5/X6ahgVLs7mgXb/TgEPLQjQRZsfDvZ
+tuAvvctiVRvo0I9Ddu9Vhs8lw7yu40ZQifdxrQZeKOb28HYn6n4bZ1M5JiAZGIKx
+EV/qkcLj0/Zax/1hopLefXzabei/OVIQMWBL4QIDAQABAoIBAG0OMQxUx16Bbz84
+xj8tTSZi2aF4aff5Wp5s21o/7wpZxgsdAu5U/dyvB7SMMn6/WU2tHKF3H6V5mXBR
+Fe+tnJeCy9wMkCEYWQf0rhKNfYzJ7uayQy07PVc6dS2MUoRrKqRKz4OeCG4cT/tK
+UCwiXPV0DS/kZmgse3iqCfWhnIVC2AXWwkXLWIR2qvwAtqjWGReNWLPc3TTdP9jZ
+0an4GmgI/YVM7ty5WiV9U1h24IpC6EHZkTZkzDMXy5dpMqMHgxAujHUigm3HQ8jO
+OlWt8mNyk7gHYz+sdQC8wGqwQ4+s22tFae4PNDnCo5i2LfKxSJo8G+w/RGpzsthp
+CtgsIQECgYEA/L+IDk3jWAuF6OkbYqbL/kArh/IYi3XnuChXc6rYZRCw34Z3Ayl3
+8HGSNzzBP2gVr7wJ/q6JJf1HwpuZ0H8F1tzGMjaZpNByY1gEHHsbHRwjPSNAoBKf
+LiJ5/vBBapWFYdpbaEC4RriMDqqj5N3EFfCJlvgpqplmM20mcPezqqkCgYEA4a+/
+qDn/rJctDFX+VosR01ESQFOqdlck7WjbDYrizf1t1WsfUJfRxJt0T8dksRRCMZZT
+3MG9VZrPzjZr09bd8Vhqe0yDl/9P5roTSBtvwXK+OzYFo4YleMxP032sJHD+/zLo
+1MZdv85u0Ry61Nm5ovK1fjxqpVRNML+4io+G0nkCgYB5CN+GuhXc2+fMmZTbsTSP
+FPvDplPKtTO6JNd8NJxcCZop8KKdiQY+xqRWf2mri5SXC11d8QcMgjYTI6CND8ck
+FaVz9mGtY4Tjvgp5+RoK3qahaHhSL5i65xe01ij9eYzeR0ruqc+VTlsDywOhXfHA
+7+dzvHN3lu4yQlreTkBjwQKBgC8GyBDtxPDZr3Famdy+rcAyrHLq/CIcln1B1CNG
+RWxW2oQWBjhs6jDlk57sFXcwmXprsJ3XYPRthc+aV22U4DpiCg4XK3SIpsWVEF9+
+GBNfLXR5FUO1uCkrqZaQIUaWpQvYN9veWbqV8VFxgxzHIX9qw5bCUBaTMmJuEK4O
+qjFBAoGAYQRv4i7xOv2daIenpMullA8e5y/hQw7tyWzQFrOkTA7PXxPu4gxI/DMW
+S9D1J1TLEL3+NxMNW6MiBsJTbXUWeXS2ihQICfGG6iKbZxXxkP/LyoSvseBVsxHd
+5Lkc0GT1UVVeTqem0adSm/DTDwkF2+9qon2FGiO7oq1CzUorfcI=
-----END RSA PRIVATE KEY-----
diff --git a/tests/certificate-authority/server-keys/proxy.cert.pem b/tests/certificate-authority/server-keys/proxy.cert.pem
index 02caee58263..85687bdfd30 100644
--- a/tests/certificate-authority/server-keys/proxy.cert.pem
+++ b/tests/certificate-authority/server-keys/proxy.cert.pem
@@ -1,27 +1,110 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4104 (0x1008)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: CN=foobar
+ Validity
+ Not Before: May 10 15:50:19 2023 GMT
+ Not After : Feb 22 15:50:19 2297 GMT
+ Subject: CN=proxy-localhost-SAN
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cc:15:c9:85:06:43:47:bd:46:9f:4f:03:1a:e0:
+ 6e:94:13:4e:b0:30:ea:88:ca:3a:e4:39:92:12:c1:
+ 77:51:8c:0d:3c:b9:26:5c:2f:dc:fc:b1:5a:bf:0e:
+ 47:ff:09:60:30:79:8e:55:26:fe:d0:a1:ed:9f:6d:
+ 8a:6a:06:85:f0:d0:dc:94:a6:54:a1:a6:c9:3e:57:
+ d5:69:7d:e9:25:c1:ef:6b:77:e1:62:76:d8:e4:54:
+ 91:40:bc:0b:11:74:b8:30:bb:d4:02:77:d6:bd:d2:
+ d0:e7:ad:df:7d:98:96:74:42:ad:53:b3:88:c8:dc:
+ 1d:db:51:63:84:ee:7e:85:73:14:5e:d4:c8:f0:01:
+ 5f:67:52:ed:94:87:f7:d6:aa:28:8b:2c:84:98:8c:
+ b9:91:b5:38:99:80:5d:b3:d4:db:95:96:09:ef:1d:
+ a1:6f:86:c8:17:86:f7:0a:1e:72:3b:50:8c:53:e5:
+ ce:d4:8c:cf:cc:81:3d:46:55:ff:65:25:0b:36:31:
+ 31:a6:22:27:47:96:59:38:c1:cd:66:a6:9a:83:98:
+ dc:b8:2e:10:8d:ba:45:ae:aa:20:6e:e3:0b:bd:ec:
+ e6:63:b5:40:55:d4:fe:97:b1:f1:8d:9a:c0:a2:46:
+ 8e:a3:ed:a0:1b:ed:40:b0:00:a5:28:f9:da:03:bd:
+ c1:a9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Cert Type:
+ SSL Server
+ Netscape Comment:
+ OpenSSL Generated Server Certificate
+ X509v3 Subject Key Identifier:
+ C5:33:73:67:03:B7:51:08:F4:BD:D3:CD:4F:DC:CF:83:11:53:AD:39
+ X509v3 Subject Alternative Name:
+ DNS:localhost, IP Address:127.0.0.1
+ X509v3 Authority Key Identifier:
+ keyid:57:0B:E9:CB:23:E8:BF:47:3E:50:7A:3F:45:7E:A1:18:43:9D:15:27
+ DirName:/CN=foobar
+ serial:D7:E2:87:4F:A0:79:E2:0C
+
+ X509v3 Key Usage: critical
+ Digital Signature, Key Encipherment
+ X509v3 Extended Key Usage:
+ TLS Web Server Authentication
+ Signature Algorithm: sha256WithRSAEncryption
+ 43:ef:67:29:9a:0c:53:97:7c:fc:72:73:6c:8d:48:78:4e:ec:
+ e3:14:9d:d9:1e:83:4c:d6:f0:56:e9:c4:d8:de:f5:54:fb:a5:
+ 3b:ff:59:23:75:26:74:f0:86:90:d0:4d:41:25:03:87:e0:60:
+ a4:9b:33:3d:bd:1c:79:b8:db:86:1c:38:09:26:0d:80:3e:f9:
+ 1e:28:11:0d:3d:6b:1e:1a:7a:9a:fa:fc:18:22:7f:fd:46:55:
+ c2:2f:56:5c:5c:8a:45:f2:74:7a:e4:6c:d0:e0:ea:ec:74:b7:
+ 0d:a8:f3:ca:18:cf:a4:be:a0:e0:4a:32:ca:15:7e:5d:06:56:
+ b7:71:7c:e0:dc:19:fa:be:3e:94:84:20:be:96:34:61:0b:f0:
+ d1:d6:31:49:0b:b0:20:b8:f9:5c:49:08:13:9b:45:c0:6f:58:
+ 16:81:0b:0c:f8:66:38:58:83:d4:b0:bc:14:35:8d:e2:1d:d5:
+ 2d:ea:02:ae:42:e1:88:22:5a:b0:cf:e5:31:b1:cb:d3:e9:d2:
+ 5e:88:55:bd:62:ac:85:aa:4e:fc:18:6b:65:f9:9e:fc:93:27:
+ 0c:c6:29:aa:f0:64:6e:72:dc:d9:95:ae:38:ae:64:9e:c6:44:
+ 8a:0b:0f:0e:d4:69:7e:79:e0:46:d0:75:96:2a:1a:60:af:30:
+ 23:dc:d2:67:0d:08:2a:9d:58:29:09:1e:c8:08:d5:3a:88:2d:
+ 1a:dc:47:dc:5d:bd:0d:5c:54:f1:5d:5a:6d:0d:de:bc:18:67:
+ 2d:dd:1b:fe:8b:0e:03:19:b0:0f:f2:59:69:d0:7a:4f:a1:33:
+ 74:f7:22:ef:ff:90:e1:4b:8e:ac:13:00:6f:00:9b:55:83:d2:
+ 96:db:a8:81:c9:a9:8d:c6:a6:21:3d:14:d3:43:71:28:c6:ea:
+ 6d:2d:91:b9:58:bf:ec:18:75:c4:8c:10:43:88:60:08:c0:bb:
+ 9d:fb:90:80:1e:d5:a3:ea:e7:8a:16:f7:f4:d7:cb:35:93:03:
+ 55:e4:cc:58:31:1e:df:6e:e4:1b:6e:ad:3a:76:56:e5:8b:4e:
+ d9:71:af:11:92:a7:7a:e2:66:cc:d2:73:f3:ec:e8:3b:67:f0:
+ 6a:31:10:82:e8:c4:1e:ae:c3:54:a7:e2:42:86:fe:43:75:ad:
+ ef:83:d7:1c:2f:91:94:1c:57:9d:1c:43:94:b1:47:b2:6c:96:
+ fd:83:69:0f:6c:e2:18:9b:65:8e:71:08:01:b3:73:46:aa:3c:
+ 2e:07:14:cd:03:ae:dc:5a:51:da:c5:41:53:cc:f5:fc:c8:db:
+ 4e:76:27:99:9a:ec:40:68:07:d6:10:e1:f9:68:6b:5d:52:95:
+ 3d:01:f4:a7:40:11:61:0a
-----BEGIN CERTIFICATE-----
-MIIEjzCCAnegAwIBAgICEAYwDQYJKoZIhvcNAQENBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTIyMTAxODEwMTQwMVoYDzIyOTYwODAyMTAxNDAxWjAiMSAwHgYDVQQD
-DBdwcm94eS5wdWxzYXIuYXBhY2hlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAPPnBnkHqKvXuv7BKOoQ8nAa7gEVAjzRANhOx2Yk3/JpN1/Ash48
-UltPjHtop1kXLrnjM3DahQuolz1A/N5sN2RGoe+/Y/aI/FRDF25yGzEoM/kwZDjm
-ejQj2Hb6YsupI+YYtPr5ZDSeIBvvlVurXfXJkZf5CXYeEjqr1pEpLpNCZoWoOiiC
-73/0KBoOToR5+akw+Db2Qr5FSz7AuTQ9KUZ1HZNl4xZBuEha6avESdRykH2XQzDs
-qMBVruByHbzO1pg/op4iOhqQ6DFu67veKjWzMLxKR7x/A8UOd9f9D3+pabBoU72b
-NqgwbKCnERoo3Y0ge1B1x7GORR7GHrWSKlUCAwEAAaOB3TCB2jAJBgNVHRMEAjAA
-MBEGCWCGSAGG+EIBAQQEAwIGQDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5l
-cmF0ZWQgU2VydmVyIENlcnRpZmljYXRlMB0GA1UdDgQWBBQqVR7lwaEgKHsI8+D8
-nNxPmgWZ7TBBBgNVHSMEOjA4gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJ6EVpBMwETEP
-MA0GA1UEAwwGZm9vYmFyggkA1+KHT6B54gwwDgYDVR0PAQH/BAQDAgWgMBMGA1Ud
-JQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBDQUAA4ICAQBtoQTZ5u6NpDIKHo6V
-yZqkRrMcg9J61zRm0tbf4D/iIsfWNiJrAWSudK4OgkUrXj4LFWKvzzcZtPltuUr5
-yODXZgz8lnyLbw6GyrKFU4Gpbr8Be30Y1yF7dfTV0yp5ZoIXNILfKhU3not1yL41
-0owaO7N0PyDAzQ7erPbbB9UG7xhYM5qFfAnevwX1rde12JHJULfeE9Ushuv+DcK5
-JmNvkRE+nB/dljsST9pW+zjBDuhwTiDZMPtUPyM0tPn6+x5zwF0pWFKhCkO8lVhr
-TxCG/bMF3j/0MxjQvDvcijJFHaZqLHsw/FqgEM5SNgAsTuuY7wBohSNRddfvahV1
-xPdXUrALuDH/NmIzaYZW6hh6mOhl+R7lP2XXZbFTpTGVdoosdBTGkjbPGKMrT/L8
-hwLvFezXaHZzqj4hLnmqFbhu+dDH55EE1HT5RP7kxGCq1AMuwlsjOVxURS0FZi87
-Oaq19NKsyWfdf8igONsk0GBt5HeG+93fJkW/SxssTJdz1xc91KgGDlP3nAW3xBAz
-TRvgiKIeMzOh+SWkTyz/cJugyxD+wXaAEL7VYsgOwilV+rbWKTDPvnNORqrLO/md
-MHZqYWkFlld2kw8i4LYc6zXOsOWlOv0ZM7VcEs7ufBADQEiZPkDNvWlzM97oDabE
-n/htdqxnoZ3NHJ1HJnz03jKSfg==
+MIIEpzCCAo+gAwIBAgICEAgwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
+YmFyMCAXDTIzMDUxMDE1NTAxOVoYDzIyOTcwMjIyMTU1MDE5WjAeMRwwGgYDVQQD
+DBNwcm94eS1sb2NhbGhvc3QtU0FOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAzBXJhQZDR71Gn08DGuBulBNOsDDqiMo65DmSEsF3UYwNPLkmXC/c/LFa
+vw5H/wlgMHmOVSb+0KHtn22KagaF8NDclKZUoabJPlfVaX3pJcHva3fhYnbY5FSR
+QLwLEXS4MLvUAnfWvdLQ563ffZiWdEKtU7OIyNwd21FjhO5+hXMUXtTI8AFfZ1Lt
+lIf31qooiyyEmIy5kbU4mYBds9TblZYJ7x2hb4bIF4b3Ch5yO1CMU+XO1IzPzIE9
+RlX/ZSULNjExpiInR5ZZOMHNZqaag5jcuC4QjbpFrqogbuMLvezmY7VAVdT+l7Hx
+jZrAokaOo+2gG+1AsAClKPnaA73BqQIDAQABo4H5MIH2MAkGA1UdEwQCMAAwEQYJ
+YIZIAYb4QgEBBAQDAgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRl
+ZCBTZXJ2ZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFMUzc2cDt1EI9L3TzU/cz4MR
+U605MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATBBBgNVHSMEOjA4gBRXC+nL
+I+i/Rz5Qej9FfqEYQ50VJ6EVpBMwETEPMA0GA1UEAwwGZm9vYmFyggkA1+KHT6B5
+4gwwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3
+DQEBCwUAA4ICAQBD72cpmgxTl3z8cnNsjUh4TuzjFJ3ZHoNM1vBW6cTY3vVU+6U7
+/1kjdSZ08IaQ0E1BJQOH4GCkmzM9vRx5uNuGHDgJJg2APvkeKBENPWseGnqa+vwY
+In/9RlXCL1ZcXIpF8nR65GzQ4OrsdLcNqPPKGM+kvqDgSjLKFX5dBla3cXzg3Bn6
+vj6UhCC+ljRhC/DR1jFJC7AguPlcSQgTm0XAb1gWgQsM+GY4WIPUsLwUNY3iHdUt
+6gKuQuGIIlqwz+UxscvT6dJeiFW9YqyFqk78GGtl+Z78kycMximq8GRuctzZla44
+rmSexkSKCw8O1Gl+eeBG0HWWKhpgrzAj3NJnDQgqnVgpCR7ICNU6iC0a3EfcXb0N
+XFTxXVptDd68GGct3Rv+iw4DGbAP8llp0HpPoTN09yLv/5DhS46sEwBvAJtVg9KW
+26iByamNxqYhPRTTQ3EoxuptLZG5WL/sGHXEjBBDiGAIwLud+5CAHtWj6ueKFvf0
+18s1kwNV5MxYMR7fbuQbbq06dlbli07Zca8Rkqd64mbM0nPz7Og7Z/BqMRCC6MQe
+rsNUp+JChv5Dda3vg9ccL5GUHFedHEOUsUeybJb9g2kPbOIYm2WOcQgBs3NGqjwu
+BxTNA67cWlHaxUFTzPX8yNtOdieZmuxAaAfWEOH5aGtdUpU9AfSnQBFhCg==
-----END CERTIFICATE-----
diff --git a/tests/certificate-authority/server-keys/proxy.csr.pem b/tests/certificate-authority/server-keys/proxy.csr.pem
index 8dbf74bb819..6cebd3548a1 100644
--- a/tests/certificate-authority/server-keys/proxy.csr.pem
+++ b/tests/certificate-authority/server-keys/proxy.csr.pem
@@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIICZzCCAU8CAQAwIjEgMB4GA1UEAwwXcHJveHkucHVsc2FyLmFwYWNoZS5vcmcw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDz5wZ5B6ir17r+wSjqEPJw
-Gu4BFQI80QDYTsdmJN/yaTdfwLIePFJbT4x7aKdZFy654zNw2oULqJc9QPzebDdk
-RqHvv2P2iPxUQxduchsxKDP5MGQ45no0I9h2+mLLqSPmGLT6+WQ0niAb75Vbq131
-yZGX+Ql2HhI6q9aRKS6TQmaFqDoogu9/9CgaDk6EefmpMPg29kK+RUs+wLk0PSlG
-dR2TZeMWQbhIWumrxEnUcpB9l0Mw7KjAVa7gch28ztaYP6KeIjoakOgxbuu73io1
-szC8Ske8fwPFDnfX/Q9/qWmwaFO9mzaoMGygpxEaKN2NIHtQdcexjkUexh61kipV
-AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAMBYwlvpcPsZQQMwUbts7GsX35Hcn
-FAl8iWcKr9uw/9sSrZkstI9Aa8As+KYPeY3Z2p5TYY1TXokZa936NB00CWnY+gxY
-lfKXy31yPqEHSwir1pQDU+WTILwZfbptFpAFEBy0SCDWrBZJUbM1ngqcVDg9jlQi
-iZMDYbsnZ828Hn4e97P83bOubSBWIf1Rp6LcbIzJtwGCGVp+XPJYPMFXmpzAtwrT
-tSgzCnHXseYKwIbjr+ReW58jE8Z59UqBm3/VeidLg94VfITuN5et42yypWd9Z7DU
-C/qE8gjrqlvl49Xi6ye/RxKTMN+8TiQigU5ngEnYvNKbpKhU4veXHKjfrg==
+MIICYzCCAUsCAQAwHjEcMBoGA1UEAwwTcHJveHktbG9jYWxob3N0LVNBTjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwVyYUGQ0e9Rp9PAxrgbpQTTrAw
+6ojKOuQ5khLBd1GMDTy5Jlwv3PyxWr8OR/8JYDB5jlUm/tCh7Z9timoGhfDQ3JSm
+VKGmyT5X1Wl96SXB72t34WJ22ORUkUC8CxF0uDC71AJ31r3S0Oet332YlnRCrVOz
+iMjcHdtRY4TufoVzFF7UyPABX2dS7ZSH99aqKIsshJiMuZG1OJmAXbPU25WWCe8d
+oW+GyBeG9woecjtQjFPlztSMz8yBPUZV/2UlCzYxMaYiJ0eWWTjBzWammoOY3Lgu
+EI26Ra6qIG7jC73s5mO1QFXU/pex8Y2awKJGjqPtoBvtQLAApSj52gO9wakCAwEA
+AaAAMA0GCSqGSIb3DQEBCwUAA4IBAQCqq+WUWY5w8RHsMi/zeR0JjXhbgdYSlsfP
+J0fUTB88Jr/litM2u96/HFPC4K8MDlei7cKccyrRsLd+iEbG3ydNRB66WBCjq93o
+/5LSMYGCejMDAdeE8qWBDf53Xlg+hGhMlFbbmL4JGTKX0OjAKnF5xT5i7n9rh/dM
+FwoIU6ac+5btszD62IRGhyOmOHXSqL+KYArKhXKzGICFKvrOwfGrSC7Rt9zwV+lL
+UB6NRWR5viSgIkwYw/W4R9M1iQPQLjGm/ibjW/FXWzr98LNgs8kjqMoAIDs7z8YU
+FCT6YDb8zJlqiOBKnU7ReetKsHwPM2mAyWMS6z8R3LOSNdgrP70Y
-----END CERTIFICATE REQUEST-----
diff --git a/tests/certificate-authority/server-keys/proxy.key-pk8.pem b/tests/certificate-authority/server-keys/proxy.key-pk8.pem
index 114fe2fb04d..0dc72cde403 100644
--- a/tests/certificate-authority/server-keys/proxy.key-pk8.pem
+++ b/tests/certificate-authority/server-keys/proxy.key-pk8.pem
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDz5wZ5B6ir17r+
-wSjqEPJwGu4BFQI80QDYTsdmJN/yaTdfwLIePFJbT4x7aKdZFy654zNw2oULqJc9
-QPzebDdkRqHvv2P2iPxUQxduchsxKDP5MGQ45no0I9h2+mLLqSPmGLT6+WQ0niAb
-75Vbq131yZGX+Ql2HhI6q9aRKS6TQmaFqDoogu9/9CgaDk6EefmpMPg29kK+RUs+
-wLk0PSlGdR2TZeMWQbhIWumrxEnUcpB9l0Mw7KjAVa7gch28ztaYP6KeIjoakOgx
-buu73io1szC8Ske8fwPFDnfX/Q9/qWmwaFO9mzaoMGygpxEaKN2NIHtQdcexjkUe
-xh61kipVAgMBAAECggEBAJ/DuDC1fJ477OiNPLC+MyCN81NQIKwXt/b4+5KEGxHe
-LACT59j4aHYZkIsSDXTFQ71N/1cwPLBbWd4s4LcNqecMgWzbMK7AIpFLdWDKa9dy
-X0EemrfO+UOIK3YcI3UGsVY63un7TNFOtve1o19tzFmBFNa4saLmpcg64Y0qrbCV
-KcHslT1T07szp5s+weiMxgsD17foNSBEXLxP7+1F9NPlWuiHh+Rl2/t+K2tjrXeI
-EN9dtv29q4v9jCRU4yhIunAjLEvrMYCSGhXEGa+MRkgXkTPhhVN5nWX6M0uDyKgK
-aJJBv+/H6QVj4XetubYdLjII0L2q/vckoD5JsaYfz40CgYEA/7ID5OWbp/OOCjK1
-wbMByKwLUL5tHapZIoYdNg/w6zjjYl1TM9e18p1llOb+oPTEk+p8LigkkkDvPrEZ
-zAhAU3Z3nRWGkVOLNYycuSed283Up0Kml08vsRNGDa78bma4GaWnJpOuPx5fB1HN
-njjq9XhYzIEAHO4dT2dAQB003JMCgYEA9DFp0FnfsZsuAMLwBJJ08yHn4CjoYpMq
-TAg3JScEjnm1ELJBvqLYRHzqHVeSKUHTtVDwaAqMe43qEnQ3IuFS+dhJGfOX41Cf
-Yw7WDZvIeuPZER7WXUY27wmjGbjx6SdIuDYnYYA0P3RSGm3VcGZqaLoW7MvfDB0y
-pYpVSV6pFncCgYEAz5/dSaCoJFjAncdPj1mruSb6iTYXpF8OwdnlHmETX+1xtg3R
-4ebm93qXYbGwUUJv3SwqadBu4dOYcW+dYu/QS/WGaydvfdI41+K14CMrK7CXXLni
-TDsgnsjnuXS9xWfjVfANKmYAt4AR6f+i1zegknKGqIiXbuZrJm7Q3T7aDcECgYEA
-7tXBm6G7kzemt+Hx5VblgcOgyfLYz0kG7pR+cx0FbOCHAsyGVxFpGxtd09MJxsZ2
-bXm7mNbwbgvwa5o1Ly1Y/brYTMSewxrguX8SRv8eB2wAq6kQmuwI4KT5XDgyiwr8
-Kgf1XnyJHaMEhor0XlodK08PCw2fm3aXSafSIM+v66MCgYEAiGDfCy25tcI4UpAb
-v8WjI2Y7EXE2vJQ/mqMhKzmfME8HMzBvuzhwAERJgPHh1lNOIwH1LnF4lZS7jr75
-A78lgfTj6ZKNHpr5s5+5zdllvFwQ51SczCUnZv0flb/S5Qeciqh0a//pe9FQvL3+
-3cqpvX158ljL8FYfcPQOBuIUdjw=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMFcmFBkNHvUaf
+TwMa4G6UE06wMOqIyjrkOZISwXdRjA08uSZcL9z8sVq/Dkf/CWAweY5VJv7Qoe2f
+bYpqBoXw0NyUplShpsk+V9Vpfeklwe9rd+FidtjkVJFAvAsRdLgwu9QCd9a90tDn
+rd99mJZ0Qq1Ts4jI3B3bUWOE7n6FcxRe1MjwAV9nUu2Uh/fWqiiLLISYjLmRtTiZ
+gF2z1NuVlgnvHaFvhsgXhvcKHnI7UIxT5c7UjM/MgT1GVf9lJQs2MTGmIidHllk4
+wc1mppqDmNy4LhCNukWuqiBu4wu97OZjtUBV1P6XsfGNmsCiRo6j7aAb7UCwAKUo
++doDvcGpAgMBAAECggEAPTAXEFQVXe/ouaDV3HwHi0vSns67srF3QK/mFMt+e6uS
+2G7mimMrTXPbMkcU3OkxtrbrLqqXYXP7K36LLkiwZcgpKkRIQYMg+RkaehtvCIwB
+vWXe5Eefta2JMzBt3RjylGHsKaVGc/k9+whNZnmWOls3Xk4Ip7gfF39qaBOdSWLy
+gVJJ9qbM6nHejl3vdSew5nRGlqGu0qonB+OhbM2GGSLEjH4BBbDlvI1Gl/mdKMLK
+XMJf6WvO/d43+y+/EWmln2NF5lXHRwD+Gk84316mf+ANFy8V3yvp7BC9kDWqLeDH
+A6wK9fmwPzwEWZKgzurN/Euz8gv1hEVcxH54HUBgVQKBgQD/iprN8phLUeA1VwJg
+zm/AX6jM4GIEig0rXkYOOz1KI7wx6DunfnFINxSpDXf93cK7k6wtmLkxu0ONO9LE
+1q4bmaBPkObfGOzBFixSOEE9ecyH9+EiFQi4O1zBqZLPObIY7tJ5xVsAmvQmwrf9
+Agy6fKNGM1SFBWyHgmTUvtLrlwKBgQDMc4slLWyTZYZn7bpbuXslRBWSp3KROP8M
+R5wCGe0xmOz2A/UEfGMruAS3/2+GJQlMpW25ACi3GX+Wq0OAlVxHZfArw9vaJSXm
+Nj1rC0bkICKYHojS0kFckTHBGUEKOAaSdP1Ehm+eUaH0kVapfw9bSQ0+Yd5Z0XHS
+65QqcY9kvwKBgFD8emc+tSlZv3boJmbLxfrv1i1oB2hs4BOYgxdLivcOMDyY3x8M
+IZbDbhbNn/Oi7m5INM8WkcrDEHuYNAoSB4fTvky5HZIi8hWXk2BTV8nF6h5FXuJQ
+TD0nAxSVS2PFYz4noijZdSfR9AK8v1a96Y7IpW5AIk8uEuE3YAFUoL/tAoGAMGXh
+uIlKPJI6APw7s17zEd1OJgtRiaMubR++hJjSl30WCx7gr5EqgLztEQl8wwqdavF2
+SecJvF5i363nKtcwow40joes0bUdhaOtYlunCnW4+r2vsghnxJvyZT2vMdYVaDId
+ik0wuw+kARsuoq0bW4athejxE94Kzd1Kk8mSIk0CgYEAiBYxMU8c821HwRzHGUi4
+MEqrOV7D0WrQIeeunT9yBZvP1/OpH9VcHXM53JOQLX/1bF3gGzLevOxvzhSid9Kg
+7avc497uam9LfmIueIsc90yH6Qf83O2pwLc6x/Jx9cyVX4elMC9b+CpXPzC4RDla
+NGH4KgEBAySS0x7x6a31/yg=
-----END PRIVATE KEY-----
diff --git a/tests/certificate-authority/server-keys/proxy.key.pem b/tests/certificate-authority/server-keys/proxy.key.pem
index ec79e9ddf23..17c431ba9f5 100644
--- a/tests/certificate-authority/server-keys/proxy.key.pem
+++ b/tests/certificate-authority/server-keys/proxy.key.pem
@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIEpgIBAAKCAQEA8+cGeQeoq9e6/sEo6hDycBruARUCPNEA2E7HZiTf8mk3X8Cy
-HjxSW0+Me2inWRcuueMzcNqFC6iXPUD83mw3ZEah779j9oj8VEMXbnIbMSgz+TBk
-OOZ6NCPYdvpiy6kj5hi0+vlkNJ4gG++VW6td9cmRl/kJdh4SOqvWkSkuk0Jmhag6
-KILvf/QoGg5OhHn5qTD4NvZCvkVLPsC5ND0pRnUdk2XjFkG4SFrpq8RJ1HKQfZdD
-MOyowFWu4HIdvM7WmD+iniI6GpDoMW7ru94qNbMwvEpHvH8DxQ531/0Pf6lpsGhT
-vZs2qDBsoKcRGijdjSB7UHXHsY5FHsYetZIqVQIDAQABAoIBAQCfw7gwtXyeO+zo
-jTywvjMgjfNTUCCsF7f2+PuShBsR3iwAk+fY+Gh2GZCLEg10xUO9Tf9XMDywW1ne
-LOC3DannDIFs2zCuwCKRS3VgymvXcl9BHpq3zvlDiCt2HCN1BrFWOt7p+0zRTrb3
-taNfbcxZgRTWuLGi5qXIOuGNKq2wlSnB7JU9U9O7M6ebPsHojMYLA9e36DUgRFy8
-T+/tRfTT5Vroh4fkZdv7fitrY613iBDfXbb9vauL/YwkVOMoSLpwIyxL6zGAkhoV
-xBmvjEZIF5Ez4YVTeZ1l+jNLg8ioCmiSQb/vx+kFY+F3rbm2HS4yCNC9qv73JKA+
-SbGmH8+NAoGBAP+yA+Tlm6fzjgoytcGzAcisC1C+bR2qWSKGHTYP8Os442JdUzPX
-tfKdZZTm/qD0xJPqfC4oJJJA7z6xGcwIQFN2d50VhpFTizWMnLknndvN1KdCppdP
-L7ETRg2u/G5muBmlpyaTrj8eXwdRzZ446vV4WMyBABzuHU9nQEAdNNyTAoGBAPQx
-adBZ37GbLgDC8ASSdPMh5+Ao6GKTKkwINyUnBI55tRCyQb6i2ER86h1XkilB07VQ
-8GgKjHuN6hJ0NyLhUvnYSRnzl+NQn2MO1g2byHrj2REe1l1GNu8Joxm48eknSLg2
-J2GAND90Uhpt1XBmami6FuzL3wwdMqWKVUleqRZ3AoGBAM+f3UmgqCRYwJ3HT49Z
-q7km+ok2F6RfDsHZ5R5hE1/tcbYN0eHm5vd6l2GxsFFCb90sKmnQbuHTmHFvnWLv
-0Ev1hmsnb33SONfiteAjKyuwl1y54kw7IJ7I57l0vcVn41XwDSpmALeAEen/otc3
-oJJyhqiIl27mayZu0N0+2g3BAoGBAO7VwZuhu5M3prfh8eVW5YHDoMny2M9JBu6U
-fnMdBWzghwLMhlcRaRsbXdPTCcbGdm15u5jW8G4L8GuaNS8tWP262EzEnsMa4Ll/
-Ekb/HgdsAKupEJrsCOCk+Vw4MosK/CoH9V58iR2jBIaK9F5aHStPDwsNn5t2l0mn
-0iDPr+ujAoGBAIhg3wstubXCOFKQG7/FoyNmOxFxNryUP5qjISs5nzBPBzMwb7s4
-cABESYDx4dZTTiMB9S5xeJWUu46++QO/JYH04+mSjR6a+bOfuc3ZZbxcEOdUnMwl
-J2b9H5W/0uUHnIqodGv/6XvRULy9/t3Kqb19efJYy/BWH3D0DgbiFHY8
+MIIEowIBAAKCAQEAzBXJhQZDR71Gn08DGuBulBNOsDDqiMo65DmSEsF3UYwNPLkm
+XC/c/LFavw5H/wlgMHmOVSb+0KHtn22KagaF8NDclKZUoabJPlfVaX3pJcHva3fh
+YnbY5FSRQLwLEXS4MLvUAnfWvdLQ563ffZiWdEKtU7OIyNwd21FjhO5+hXMUXtTI
+8AFfZ1LtlIf31qooiyyEmIy5kbU4mYBds9TblZYJ7x2hb4bIF4b3Ch5yO1CMU+XO
+1IzPzIE9RlX/ZSULNjExpiInR5ZZOMHNZqaag5jcuC4QjbpFrqogbuMLvezmY7VA
+VdT+l7HxjZrAokaOo+2gG+1AsAClKPnaA73BqQIDAQABAoIBAD0wFxBUFV3v6Lmg
+1dx8B4tL0p7Ou7Kxd0Cv5hTLfnurkthu5opjK01z2zJHFNzpMba26y6ql2Fz+yt+
+iy5IsGXIKSpESEGDIPkZGnobbwiMAb1l3uRHn7WtiTMwbd0Y8pRh7CmlRnP5PfsI
+TWZ5ljpbN15OCKe4Hxd/amgTnUli8oFSSfamzOpx3o5d73UnsOZ0RpahrtKqJwfj
+oWzNhhkixIx+AQWw5byNRpf5nSjCylzCX+lrzv3eN/svvxFppZ9jReZVx0cA/hpP
+ON9epn/gDRcvFd8r6ewQvZA1qi3gxwOsCvX5sD88BFmSoM7qzfxLs/IL9YRFXMR+
+eB1AYFUCgYEA/4qazfKYS1HgNVcCYM5vwF+ozOBiBIoNK15GDjs9SiO8Meg7p35x
+SDcUqQ13/d3Cu5OsLZi5MbtDjTvSxNauG5mgT5Dm3xjswRYsUjhBPXnMh/fhIhUI
+uDtcwamSzzmyGO7SecVbAJr0JsK3/QIMunyjRjNUhQVsh4Jk1L7S65cCgYEAzHOL
+JS1sk2WGZ+26W7l7JUQVkqdykTj/DEecAhntMZjs9gP1BHxjK7gEt/9vhiUJTKVt
+uQAotxl/lqtDgJVcR2XwK8Pb2iUl5jY9awtG5CAimB6I0tJBXJExwRlBCjgGknT9
+RIZvnlGh9JFWqX8PW0kNPmHeWdFx0uuUKnGPZL8CgYBQ/HpnPrUpWb926CZmy8X6
+79YtaAdobOATmIMXS4r3DjA8mN8fDCGWw24WzZ/zou5uSDTPFpHKwxB7mDQKEgeH
+075MuR2SIvIVl5NgU1fJxeoeRV7iUEw9JwMUlUtjxWM+J6Io2XUn0fQCvL9WvemO
+yKVuQCJPLhLhN2ABVKC/7QKBgDBl4biJSjySOgD8O7Ne8xHdTiYLUYmjLm0fvoSY
+0pd9Fgse4K+RKoC87REJfMMKnWrxdknnCbxeYt+t5yrXMKMONI6HrNG1HYWjrWJb
+pwp1uPq9r7IIZ8Sb8mU9rzHWFWgyHYpNMLsPpAEbLqKtG1uGrYXo8RPeCs3dSpPJ
+kiJNAoGBAIgWMTFPHPNtR8EcxxlIuDBKqzlew9Fq0CHnrp0/cgWbz9fzqR/VXB1z
+OdyTkC1/9Wxd4Bsy3rzsb84UonfSoO2r3OPe7mpvS35iLniLHPdMh+kH/NztqcC3
+OsfycfXMlV+HpTAvW/gqVz8wuEQ5WjRh+CoBAQMkktMe8emt9f8o
-----END RSA PRIVATE KEY-----
(pulsar) 01/11: Revert "[fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21633)"
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit d83c7182a7728d66f12283438f9afeb8831038b3
Author: Lari Hotari <lh...@apache.org>
AuthorDate: Fri Jan 26 23:07:00 2024 +0200
Revert "[fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21633)"
This reverts commit 5aedbdb26878cdb3b67431f3e9a8fb444cb47773.
---
.../pulsar/broker/loadbalance/NoopLoadManager.java | 2 +-
.../loadbalance/extensions/BrokerRegistryImpl.java | 2 +-
.../loadbalance/impl/ModularLoadManagerImpl.java | 4 +-
.../loadbalance/impl/SimpleLoadManagerImpl.java | 4 +-
.../pulsar/broker/namespace/OwnershipCache.java | 6 +--
.../pulsar/broker/web/PulsarWebResource.java | 2 +-
.../loadbalance/SimpleLoadManagerImplTest.java | 58 ++--------------------
7 files changed, 15 insertions(+), 63 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
index 80f887d394d..0de2ae92db6 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
@@ -61,7 +61,7 @@ public class NoopLoadManager implements LoadManager {
localResourceUnit = new SimpleResourceUnit(String.format("http://%s", lookupServiceAddress),
new PulsarResourceDescription());
- LocalBrokerData localData = new LocalBrokerData(pulsar.getWebServiceAddress(),
+ LocalBrokerData localData = new LocalBrokerData(pulsar.getSafeWebServiceAddress(),
pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls(), pulsar.getAdvertisedListeners());
localData.setProtocols(pulsar.getProtocolDataToAdvertise());
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
index bfdaa078f19..921ce35b5c6 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
@@ -84,7 +84,7 @@ public class BrokerRegistryImpl implements BrokerRegistry {
this.listeners = new ArrayList<>();
this.brokerId = pulsar.getLookupServiceAddress();
this.brokerLookupData = new BrokerLookupData(
- pulsar.getWebServiceAddress(),
+ pulsar.getSafeWebServiceAddress(),
pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(),
pulsar.getBrokerServiceUrlTls(),
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
index 255d7aa77af..b664b1ca2ba 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
@@ -980,14 +980,14 @@ public class ModularLoadManagerImpl implements ModularLoadManager {
// At this point, the ports will be updated with the real port number that the server was assigned
Map<String, String> protocolData = pulsar.getProtocolDataToAdvertise();
- lastData = new LocalBrokerData(pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ lastData = new LocalBrokerData(pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls(), pulsar.getAdvertisedListeners());
lastData.setProtocols(protocolData);
// configure broker-topic mode
lastData.setPersistentTopicsEnabled(pulsar.getConfiguration().isEnablePersistentTopics());
lastData.setNonPersistentTopicsEnabled(pulsar.getConfiguration().isEnableNonPersistentTopics());
- localData = new LocalBrokerData(pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ localData = new LocalBrokerData(pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls(), pulsar.getAdvertisedListeners());
localData.setProtocols(protocolData);
localData.setBrokerVersionString(pulsar.getBrokerVersion());
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
index d54579a2861..5e994569711 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
@@ -234,7 +234,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
brokerHostUsage = new GenericBrokerHostUsageImpl(pulsar);
}
this.policies = new SimpleResourceAllocationPolicies(pulsar);
- lastLoadReport = new LoadReport(pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ lastLoadReport = new LoadReport(pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls());
lastLoadReport.setProtocols(pulsar.getProtocolDataToAdvertise());
lastLoadReport.setPersistentTopicsEnabled(pulsar.getConfiguration().isEnablePersistentTopics());
@@ -1072,7 +1072,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
private LoadReport generateLoadReportForcefully() throws Exception {
synchronized (bundleGainsCache) {
try {
- LoadReport loadReport = new LoadReport(pulsar.getWebServiceAddress(),
+ LoadReport loadReport = new LoadReport(pulsar.getSafeWebServiceAddress(),
pulsar.getWebServiceAddressTls(), pulsar.getBrokerServiceUrl(),
pulsar.getBrokerServiceUrlTls());
loadReport.setProtocols(pulsar.getProtocolDataToAdvertise());
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java
index 0033abf36c7..86003153714 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java
@@ -122,10 +122,10 @@ public class OwnershipCache {
this.ownerBrokerUrl = pulsar.getBrokerServiceUrl();
this.ownerBrokerUrlTls = pulsar.getBrokerServiceUrlTls();
this.selfOwnerInfo = new NamespaceEphemeralData(ownerBrokerUrl, ownerBrokerUrlTls,
- pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
false, pulsar.getAdvertisedListeners());
this.selfOwnerInfoDisabled = new NamespaceEphemeralData(ownerBrokerUrl, ownerBrokerUrlTls,
- pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
true, pulsar.getAdvertisedListeners());
this.lockManager = pulsar.getCoordinationService().getLockManager(NamespaceEphemeralData.class);
this.locallyAcquiredLocks = new ConcurrentHashMap<>();
@@ -336,7 +336,7 @@ public class OwnershipCache {
public synchronized boolean refreshSelfOwnerInfo() {
this.selfOwnerInfo = new NamespaceEphemeralData(pulsar.getBrokerServiceUrl(),
- pulsar.getBrokerServiceUrlTls(), pulsar.getWebServiceAddress(),
+ pulsar.getBrokerServiceUrlTls(), pulsar.getSafeWebServiceAddress(),
pulsar.getWebServiceAddressTls(), false, pulsar.getAdvertisedListeners());
return selfOwnerInfo.getNativeUrl() != null || selfOwnerInfo.getNativeUrlTls() != null;
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index de1296dbdd8..bdb052d7b9e 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
@@ -1205,7 +1205,7 @@ public abstract class PulsarWebResource {
protected void validateBrokerName(String broker) {
String brokerUrl = String.format("http://%s", broker);
String brokerUrlTls = String.format("https://%s", broker);
- if (!brokerUrl.equals(pulsar().getWebServiceAddress())
+ if (!brokerUrl.equals(pulsar().getSafeWebServiceAddress())
&& !brokerUrlTls.equals(pulsar().getWebServiceAddressTls())) {
String[] parts = broker.split(":");
checkArgument(parts.length == 2, String.format("Invalid broker url %s", broker));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
index cf932ce5b60..c4898786e3e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
@@ -24,7 +24,7 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNotEquals;
import static org.testng.Assert.assertNull;
import static org.testng.Assert.assertTrue;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -55,16 +55,12 @@ import org.apache.pulsar.broker.loadbalance.impl.SimpleLoadManagerImpl;
import org.apache.pulsar.broker.loadbalance.impl.SimpleResourceUnit;
import org.apache.pulsar.client.admin.BrokerStats;
import org.apache.pulsar.client.admin.PulsarAdmin;
-import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.common.naming.NamespaceBundle;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.policies.data.AutoFailoverPolicyData;
import org.apache.pulsar.common.policies.data.AutoFailoverPolicyType;
-import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.NamespaceIsolationData;
import org.apache.pulsar.common.policies.data.ResourceQuota;
-import org.apache.pulsar.common.policies.data.TenantInfoImpl;
-import org.apache.pulsar.common.policies.data.TopicStats;
import org.apache.pulsar.common.policies.impl.NamespaceIsolationPolicies;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.pulsar.metadata.api.MetadataStoreException.BadVersionException;
@@ -75,7 +71,6 @@ import org.apache.pulsar.policies.data.loadbalancer.ResourceUnitRanking;
import org.apache.pulsar.policies.data.loadbalancer.ResourceUsage;
import org.apache.pulsar.policies.data.loadbalancer.SystemResourceUsage;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
-import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
@@ -97,14 +92,8 @@ public class SimpleLoadManagerImplTest {
BrokerStats brokerStatsClient2;
String primaryHost;
-
- String primaryTlsHost;
-
String secondaryHost;
- private String defaultNamespace;
- private String defaultTenant;
-
ExecutorService executor = new ThreadPoolExecutor(5, 20, 30, TimeUnit.SECONDS, new LinkedBlockingQueue<>());
@BeforeMethod
@@ -118,7 +107,6 @@ public class SimpleLoadManagerImplTest {
ServiceConfiguration config1 = new ServiceConfiguration();
config1.setClusterName("use");
config1.setWebServicePort(Optional.of(0));
- config1.setWebServicePortTls(Optional.of(0));
config1.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config1.setBrokerShutdownTimeoutMs(0L);
config1.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
@@ -134,13 +122,11 @@ public class SimpleLoadManagerImplTest {
admin1 = PulsarAdmin.builder().serviceHttpUrl(url1.toString()).build();
brokerStatsClient1 = admin1.brokerStats();
primaryHost = pulsar1.getWebServiceAddress();
- primaryTlsHost = pulsar1.getWebServiceAddressTls();
// Start broker 2
ServiceConfiguration config2 = new ServiceConfiguration();
config2.setClusterName("use");
config2.setWebServicePort(Optional.of(0));
- config2.setWebServicePortTls(Optional.of(0));
config2.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config2.setBrokerShutdownTimeoutMs(0L);
config2.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
@@ -157,8 +143,6 @@ public class SimpleLoadManagerImplTest {
brokerStatsClient2 = admin2.brokerStats();
secondaryHost = pulsar2.getWebServiceAddress();
Thread.sleep(100);
-
- setupClusters();
}
@AfterMethod(alwaysRun = true)
@@ -270,9 +254,10 @@ public class SimpleLoadManagerImplTest {
sortedRankingsInstance.get().put(lr.getRank(rd), rus);
setObjectField(SimpleLoadManagerImpl.class, loadManager, "sortedRankings", sortedRankingsInstance);
- final Optional<ResourceUnit> leastLoaded = loadManager.getLeastLoaded(NamespaceName.get("pulsar/use/primary-ns.10"));
+ ResourceUnit found = loadManager
+ .getLeastLoaded(NamespaceName.get("pulsar/use/primary-ns.10")).get();
// broker is not active so found should be null
- assertFalse(leastLoaded.isPresent());
+ assertNotEquals(found, null, "did not find a broker when expected one to be found");
}
@@ -410,7 +395,7 @@ public class SimpleLoadManagerImplTest {
final SimpleLoadManagerImpl loadManager = (SimpleLoadManagerImpl) pulsar1.getLoadManager().get();
for (final NamespaceBundle bundle : bundles) {
- if (loadManager.getLeastLoaded(bundle).get().getResourceId().equals(getAddress(primaryTlsHost))) {
+ if (loadManager.getLeastLoaded(bundle).get().getResourceId().equals(primaryHost)) {
++numAssignedToPrimary;
} else {
++numAssignedToSecondary;
@@ -422,10 +407,6 @@ public class SimpleLoadManagerImplTest {
}
}
- private static String getAddress(String url) {
- return url.replaceAll("https", "http");
- }
-
@Test
public void testNamespaceBundleStats() {
NamespaceBundleStats nsb1 = new NamespaceBundleStats();
@@ -494,33 +475,4 @@ public class SimpleLoadManagerImplTest {
assertEquals(usage.getBandwidthIn().usage, usageLimit);
}
- @Test
- public void testGetWebSerUrl() throws PulsarAdminException {
- String webServiceUrl = admin1.brokerStats().getLoadReport().getWebServiceUrl();
- Assert.assertEquals(webServiceUrl, pulsar1.getWebServiceAddress());
-
- String webServiceUrl2 = admin2.brokerStats().getLoadReport().getWebServiceUrl();
- Assert.assertEquals(webServiceUrl2, pulsar2.getWebServiceAddress());
- }
-
- @Test
- public void testRedirectOwner() throws PulsarAdminException {
- final String topicName = "persistent://" + defaultNamespace + "/" + "test-topic";
- admin1.topics().createNonPartitionedTopic(topicName);
- TopicStats stats = admin1.topics().getStats(topicName);
- Assert.assertNotNull(stats);
-
- TopicStats stats2 = admin2.topics().getStats(topicName);
- Assert.assertNotNull(stats2);
- }
-
- private void setupClusters() throws PulsarAdminException {
- admin1.clusters().createCluster("use", ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress()).build());
- TenantInfoImpl tenantInfo = new TenantInfoImpl(Set.of("role1", "role2"), Set.of("use"));
- defaultTenant = "prop-xyz";
- admin1.tenants().createTenant(defaultTenant, tenantInfo);
- defaultNamespace = defaultTenant + "/ns1";
- admin1.namespaces().createNamespace(defaultNamespace, Set.of("use"));
- }
-
}
(pulsar) 10/11: [fix][broker] Fix leader broker cannot be determined when the advertised address and advertised listeners are configured (#21894)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 7d28dbf4be180a0f9eacac0867bcd3b764af92b3
Author: Lari Hotari <lh...@users.noreply.github.com>
AuthorDate: Thu Jan 18 22:38:27 2024 -0800
[fix][broker] Fix leader broker cannot be determined when the advertised address and advertised listeners are configured (#21894)
(cherry picked from commit 3158fd3550f9e3a0b2c0316c92265318b209f4f5)
---
.../org/apache/pulsar/broker/PulsarService.java | 23 +-
.../pulsar/broker/admin/impl/BrokersBase.java | 12 +-
.../pulsar/broker/admin/impl/NamespacesBase.java | 11 +-
.../pulsar/broker/loadbalance/LeaderBroker.java | 18 ++
.../broker/loadbalance/LeaderElectionService.java | 12 +-
.../pulsar/broker/loadbalance/NoopLoadManager.java | 14 +-
.../pulsar/broker/loadbalance/ResourceUnit.java | 2 -
.../loadbalance/extensions/BrokerRegistryImpl.java | 2 +-
.../extensions/ExtensibleLoadManagerImpl.java | 15 +-
.../channel/ServiceUnitStateChannelImpl.java | 38 +--
.../policies/IsolationPoliciesHelper.java | 8 +-
.../reporter/BrokerLoadDataReporter.java | 14 +-
.../reporter/TopBundleLoadDataReporter.java | 14 +-
.../broker/loadbalance/impl/LoadManagerShared.java | 99 +++----
.../loadbalance/impl/ModularLoadManagerImpl.java | 15 +-
.../impl/ModularLoadManagerWrapper.java | 21 +-
.../loadbalance/impl/SimpleLoadManagerImpl.java | 42 ++-
.../pulsar/broker/namespace/NamespaceService.java | 76 ++---
.../pulsar/broker/service/BrokerService.java | 2 +-
.../service/nonpersistent/NonPersistentTopic.java | 2 +-
.../broker/service/persistent/PersistentTopic.java | 2 +-
.../pulsar/broker/web/PulsarWebResource.java | 54 ++--
.../apache/pulsar/broker/SLAMonitoringTest.java | 16 +-
.../broker/admin/AdminApiMultiBrokersTest.java | 5 +-
.../apache/pulsar/broker/admin/AdminApiTest.java | 22 +-
.../org/apache/pulsar/broker/admin/AdminTest.java | 3 +-
.../pulsar/broker/admin/v1/V1_AdminApiTest.java | 2 +-
...isedListenersMultiBrokerLeaderElectionTest.java | 42 +++
.../loadbalance/LeaderElectionServiceTest.java | 3 +-
.../broker/loadbalance/LoadBalancerTest.java | 8 +-
.../loadbalance/MultiBrokerLeaderElectionTest.java | 94 +++++--
.../loadbalance/SimpleLoadManagerImplTest.java | 34 +--
.../loadbalance/extensions/BrokerRegistryTest.java | 4 +-
.../extensions/ExtensibleLoadManagerImplTest.java | 48 ++--
.../channel/ServiceUnitStateChannelTest.java | 312 ++++++++++-----------
.../filter/BrokerIsolationPoliciesFilterTest.java | 64 ++---
.../extensions/scheduler/TransferShedderTest.java | 296 +++++++++----------
.../impl/ModularLoadManagerImplTest.java | 128 ++++-----
.../broker/namespace/NamespaceServiceTest.java | 39 ++-
.../pulsar/broker/service/BrokerServiceTest.java | 10 +-
.../broker/service/InactiveTopicDeleteTest.java | 4 +-
.../systopic/PartitionedSystemTopicTest.java | 12 +-
.../broker/testcontext/PulsarTestContext.java | 45 ++-
.../pulsar/client/api/BrokerServiceLookupTest.java | 10 +-
.../apache/pulsar/compaction/CompactionTest.java | 4 +-
.../pulsar/common/policies/data/BrokerInfo.java | 2 +
.../common/policies/data/impl/BrokerInfoImpl.java | 9 +-
47 files changed, 937 insertions(+), 775 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
index f1f630316a1..9e9ec448355 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
@@ -271,6 +271,7 @@ public class PulsarService implements AutoCloseable, ShutdownService {
private TransactionPendingAckStoreProvider transactionPendingAckStoreProvider;
private final ExecutorProvider transactionExecutorProvider;
+ private String brokerId;
public enum State {
Init, Started, Closing, Closed
@@ -305,6 +306,7 @@ public class PulsarService implements AutoCloseable, ShutdownService {
// Validate correctness of configuration
PulsarConfigurationLoader.isComplete(config);
TransactionBatchedWriteValidator.validate(config);
+ this.config = config;
// validate `advertisedAddress`, `advertisedListeners`, `internalListenerName`
this.advertisedListeners = MultipleListenerValidator.validateAndAnalysisAdvertisedListener(config);
@@ -315,7 +317,6 @@ public class PulsarService implements AutoCloseable, ShutdownService {
// use `internalListenerName` listener as `advertisedAddress`
this.bindAddress = ServiceConfigurationUtils.getDefaultOrConfiguredAddress(config.getBindAddress());
this.brokerVersion = PulsarVersion.getVersion();
- this.config = config;
this.processTerminator = processTerminator;
this.loadManagerExecutor = Executors
.newSingleThreadScheduledExecutor(new ExecutorProvider.ExtendedThreadFactory("pulsar-load-manager"));
@@ -820,6 +821,12 @@ public class PulsarService implements AutoCloseable, ShutdownService {
this.brokerServiceUrl = brokerUrl(config);
this.brokerServiceUrlTls = brokerUrlTls(config);
+ // the broker id is used in the load manager to identify the broker
+ this.brokerId =
+ String.format("%s:%s", advertisedAddress, config.getWebServicePortTls().isPresent()
+ ? config.getWebServicePortTls().get()
+ : config.getWebServicePort().orElseThrow());
+
if (null != this.webSocketService) {
ClusterDataImpl clusterData = ClusterDataImpl.builder()
@@ -1083,7 +1090,7 @@ public class PulsarService implements AutoCloseable, ShutdownService {
}
private void handleDeleteCluster(Notification notification) {
- if (ClusterResources.pathRepresentsClusterName(notification.getPath())
+ if (isRunning() && ClusterResources.pathRepresentsClusterName(notification.getPath())
&& notification.getType() == NotificationType.Deleted) {
final String clusterName = ClusterResources.clusterNameFromPath(notification.getPath());
getBrokerService().closeAndRemoveReplicationClient(clusterName);
@@ -1121,7 +1128,8 @@ public class PulsarService implements AutoCloseable, ShutdownService {
LOG.info("The load manager extension is enabled. Skipping PulsarService LeaderElectionService.");
return;
}
- this.leaderElectionService = new LeaderElectionService(coordinationService, getSafeWebServiceAddress(),
+ this.leaderElectionService =
+ new LeaderElectionService(coordinationService, getBrokerId(), getSafeWebServiceAddress(),
state -> {
if (state == LeaderElectionState.Leading) {
LOG.info("This broker was elected leader");
@@ -1169,7 +1177,7 @@ public class PulsarService implements AutoCloseable, ShutdownService {
protected void acquireSLANamespace() {
try {
// Namespace not created hence no need to unload it
- NamespaceName nsName = NamespaceService.getSLAMonitorNamespace(getLookupServiceAddress(), config);
+ NamespaceName nsName = NamespaceService.getSLAMonitorNamespace(getBrokerId(), config);
if (!this.pulsarResources.getNamespaceResources().namespaceExists(nsName)) {
LOG.info("SLA Namespace = {} doesn't exist.", nsName);
return;
@@ -1742,10 +1750,9 @@ public class PulsarService implements AutoCloseable, ShutdownService {
return brokerServiceUrlTls != null ? brokerServiceUrlTls : brokerServiceUrl;
}
- public String getLookupServiceAddress() {
- return String.format("%s:%s", advertisedAddress, config.getWebServicePortTls().isPresent()
- ? config.getWebServicePortTls().get()
- : config.getWebServicePort().orElseThrow());
+ public String getBrokerId() {
+ return Objects.requireNonNull(brokerId,
+ "brokerId is not initialized before start has been called");
}
public TopicPoliciesService getTopicPoliciesService() {
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
index d37a9eda1ab..31abeee54be 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
@@ -142,7 +142,9 @@ public class BrokersBase extends AdminResource {
validateSuperUserAccessAsync().thenAccept(__ -> {
LeaderBroker leaderBroker = pulsar().getLeaderElectionService().getCurrentLeader()
.orElseThrow(() -> new RestException(Status.NOT_FOUND, "Couldn't find leader broker"));
- BrokerInfo brokerInfo = BrokerInfo.builder().serviceUrl(leaderBroker.getServiceUrl()).build();
+ BrokerInfo brokerInfo = BrokerInfo.builder()
+ .serviceUrl(leaderBroker.getServiceUrl())
+ .brokerId(leaderBroker.getBrokerId()).build();
LOG.info("[{}] Successfully to get the information of the leader broker.", clientAppId());
asyncResponse.resume(brokerInfo);
})
@@ -165,7 +167,7 @@ public class BrokersBase extends AdminResource {
@PathParam("clusterName") String cluster,
@PathParam("broker-webserviceurl") String broker) {
validateSuperUserAccessAsync()
- .thenAccept(__ -> validateBrokerName(broker))
+ .thenCompose(__ -> maybeRedirectToBroker(broker))
.thenCompose(__ -> validateClusterOwnershipAsync(cluster))
.thenCompose(__ -> pulsar().getNamespaceService().getOwnedNameSpacesStatusAsync())
.thenAccept(asyncResponse::resume)
@@ -397,10 +399,10 @@ public class BrokersBase extends AdminResource {
private CompletableFuture<Void> internalRunHealthCheck(TopicVersion topicVersion) {
- String lookupServiceAddress = pulsar().getLookupServiceAddress();
+ String brokerId = pulsar().getBrokerId();
NamespaceName namespaceName = (topicVersion == TopicVersion.V2)
- ? NamespaceService.getHeartbeatNamespaceV2(lookupServiceAddress, pulsar().getConfiguration())
- : NamespaceService.getHeartbeatNamespace(lookupServiceAddress, pulsar().getConfiguration());
+ ? NamespaceService.getHeartbeatNamespaceV2(brokerId, pulsar().getConfiguration())
+ : NamespaceService.getHeartbeatNamespace(brokerId, pulsar().getConfiguration());
final String topicName = String.format("persistent://%s/%s", namespaceName, HEALTH_CHECK_TOPIC_SUFFIX);
LOG.info("[{}] Running healthCheck with topic={}", clientAppId(), topicName);
final String messageStr = UUID.randomUUID().toString();
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java
index e790720f4ba..46b1712e7dd 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java
@@ -946,9 +946,9 @@ public abstract class NamespacesBase extends AdminResource {
return FutureUtil.failedFuture(new RestException(Response.Status.PRECONDITION_FAILED, errorStr));
}
LeaderBroker leaderBroker = pulsar().getLeaderElectionService().getCurrentLeader().get();
- String leaderBrokerUrl = leaderBroker.getServiceUrl();
+ String leaderBrokerId = leaderBroker.getBrokerId();
return pulsar().getNamespaceService()
- .createLookupResult(leaderBrokerUrl, false, null)
+ .createLookupResult(leaderBrokerId, false, null)
.thenCompose(lookupResult -> {
String redirectUrl = isRequestHttps() ? lookupResult.getLookupData().getHttpUrlTls()
: lookupResult.getLookupData().getHttpUrl();
@@ -971,7 +971,7 @@ public abstract class NamespacesBase extends AdminResource {
return FutureUtil.failedFuture((
new WebApplicationException(Response.temporaryRedirect(redirect).build())));
} catch (MalformedURLException exception) {
- log.error("The leader broker url is malformed - {}", leaderBrokerUrl);
+ log.error("The redirect url is malformed - {}", redirectUrl);
return FutureUtil.failedFuture(new RestException(exception));
}
});
@@ -1007,8 +1007,11 @@ public abstract class NamespacesBase extends AdminResource {
}
public CompletableFuture<Void> internalUnloadNamespaceBundleAsync(String bundleRange,
- String destinationBroker,
+ String destinationBrokerParam,
boolean authoritative) {
+ String destinationBroker = StringUtils.isBlank(destinationBrokerParam) ? null :
+ // ensure backward compatibility: strip the possible http:// or https:// prefix
+ destinationBrokerParam.replaceFirst("http[s]?://", "");
return validateSuperUserAccessAsync()
.thenCompose(__ -> setNamespaceBundleAffinityAsync(bundleRange, destinationBroker))
.thenAccept(__ -> {
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderBroker.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderBroker.java
index acd34e151ed..d7c21de5ea1 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderBroker.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderBroker.java
@@ -30,5 +30,23 @@ import lombok.NoArgsConstructor;
@AllArgsConstructor
@NoArgsConstructor
public class LeaderBroker {
+ private String brokerId;
private String serviceUrl;
+
+ public String getBrokerId() {
+ if (brokerId != null) {
+ return brokerId;
+ } else {
+ // for backward compatibility at runtime with older versions of Pulsar
+ return parseHostAndPort(serviceUrl);
+ }
+ }
+
+ private static String parseHostAndPort(String serviceUrl) {
+ int uriSeparatorPos = serviceUrl.indexOf("://");
+ if (uriSeparatorPos == -1) {
+ throw new IllegalArgumentException("'" + serviceUrl + "' isn't an URI.");
+ }
+ return serviceUrl.substring(uriSeparatorPos + 3);
+ }
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderElectionService.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderElectionService.java
index 05fe4353f3e..2e53b54e98f 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderElectionService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/LeaderElectionService.java
@@ -35,17 +35,17 @@ public class LeaderElectionService implements AutoCloseable {
private final LeaderElection<LeaderBroker> leaderElection;
private final LeaderBroker localValue;
- public LeaderElectionService(CoordinationService cs, String localWebServiceAddress,
- Consumer<LeaderElectionState> listener) {
- this(cs, localWebServiceAddress, ELECTION_ROOT, listener);
+ public LeaderElectionService(CoordinationService cs, String brokerId,
+ String serviceUrl, Consumer<LeaderElectionState> listener) {
+ this(cs, brokerId, serviceUrl, ELECTION_ROOT, listener);
}
public LeaderElectionService(CoordinationService cs,
- String localWebServiceAddress,
- String electionRoot,
+ String brokerId,
+ String serviceUrl, String electionRoot,
Consumer<LeaderElectionState> listener) {
this.leaderElection = cs.getLeaderElection(LeaderBroker.class, electionRoot, listener);
- this.localValue = new LeaderBroker(localWebServiceAddress);
+ this.localValue = new LeaderBroker(brokerId, serviceUrl);
}
public void start() {
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
index 80f887d394d..f9f36b705d4 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
@@ -43,7 +43,7 @@ import org.apache.pulsar.policies.data.loadbalancer.LocalBrokerData;
public class NoopLoadManager implements LoadManager {
private PulsarService pulsar;
- private String lookupServiceAddress;
+ private String brokerId;
private ResourceUnit localResourceUnit;
private LockManager<LocalBrokerData> lockManager;
private Map<String, String> bundleBrokerAffinityMap;
@@ -57,16 +57,15 @@ public class NoopLoadManager implements LoadManager {
@Override
public void start() throws PulsarServerException {
- lookupServiceAddress = pulsar.getLookupServiceAddress();
- localResourceUnit = new SimpleResourceUnit(String.format("http://%s", lookupServiceAddress),
- new PulsarResourceDescription());
+ brokerId = pulsar.getBrokerId();
+ localResourceUnit = new SimpleResourceUnit(brokerId, new PulsarResourceDescription());
LocalBrokerData localData = new LocalBrokerData(pulsar.getWebServiceAddress(),
pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls(), pulsar.getAdvertisedListeners());
localData.setProtocols(pulsar.getProtocolDataToAdvertise());
localData.setLoadManagerClassName(this.pulsar.getConfig().getLoadManagerClassName());
- String brokerReportPath = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + lookupServiceAddress;
+ String brokerReportPath = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + brokerId;
try {
log.info("Acquiring broker resource lock on {}", brokerReportPath);
@@ -129,12 +128,12 @@ public class NoopLoadManager implements LoadManager {
@Override
public Set<String> getAvailableBrokers() throws Exception {
- return Collections.singleton(lookupServiceAddress);
+ return Collections.singleton(brokerId);
}
@Override
public CompletableFuture<Set<String>> getAvailableBrokersAsync() {
- return CompletableFuture.completedFuture(Collections.singleton(lookupServiceAddress));
+ return CompletableFuture.completedFuture(Collections.singleton(brokerId));
}
@Override
@@ -153,7 +152,6 @@ public class NoopLoadManager implements LoadManager {
if (StringUtils.isBlank(broker)) {
return this.bundleBrokerAffinityMap.remove(bundle);
}
- broker = broker.replaceFirst("http[s]?://", "");
return this.bundleBrokerAffinityMap.put(bundle, broker);
}
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/ResourceUnit.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/ResourceUnit.java
index ef4dd2a97b2..c28a8be4c0d 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/ResourceUnit.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/ResourceUnit.java
@@ -23,8 +23,6 @@ package org.apache.pulsar.broker.loadbalance;
*/
public interface ResourceUnit extends Comparable<ResourceUnit> {
- String PROPERTY_KEY_BROKER_ZNODE_NAME = "__advertised_addr";
-
String getResourceId();
ResourceDescription getAvailableResource();
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
index bfdaa078f19..18e30ddf922 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
@@ -82,7 +82,7 @@ public class BrokerRegistryImpl implements BrokerRegistry {
this.brokerLookupDataLockManager = pulsar.getCoordinationService().getLockManager(BrokerLookupData.class);
this.scheduler = pulsar.getLoadManagerExecutor();
this.listeners = new ArrayList<>();
- this.brokerId = pulsar.getLookupServiceAddress();
+ this.brokerId = pulsar.getBrokerId();
this.brokerLookupData = new BrokerLookupData(
pulsar.getWebServiceAddress(),
pulsar.getWebServiceAddressTls(),
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImpl.java
index f717286fe5d..5fd675d7df8 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImpl.java
@@ -299,7 +299,8 @@ public class ExtensibleLoadManagerImpl implements ExtensibleLoadManager {
try {
this.brokerRegistry = new BrokerRegistryImpl(pulsar);
this.leaderElectionService = new LeaderElectionService(
- pulsar.getCoordinationService(), pulsar.getSafeWebServiceAddress(), ELECTION_ROOT,
+ pulsar.getCoordinationService(), pulsar.getBrokerId(),
+ pulsar.getSafeWebServiceAddress(), ELECTION_ROOT,
state -> {
pulsar.getLoadManagerExecutor().execute(() -> {
if (state == LeaderElectionState.Leading) {
@@ -741,7 +742,7 @@ public class ExtensibleLoadManagerImpl implements ExtensibleLoadManager {
@VisibleForTesting
void playLeader() {
log.info("This broker:{} is setting the role from {} to {}",
- pulsar.getLookupServiceAddress(), role, Leader);
+ pulsar.getBrokerId(), role, Leader);
int retry = 0;
while (!Thread.currentThread().isInterrupted()) {
try {
@@ -758,7 +759,7 @@ public class ExtensibleLoadManagerImpl implements ExtensibleLoadManager {
break;
} catch (Throwable e) {
log.error("The broker:{} failed to set the role. Retrying {} th ...",
- pulsar.getLookupServiceAddress(), ++retry, e);
+ pulsar.getBrokerId(), ++retry, e);
try {
Thread.sleep(Math.min(retry * 10, MAX_ROLE_CHANGE_RETRY_DELAY_IN_MILLIS));
} catch (InterruptedException ex) {
@@ -769,7 +770,7 @@ public class ExtensibleLoadManagerImpl implements ExtensibleLoadManager {
}
}
role = Leader;
- log.info("This broker:{} plays the leader now.", pulsar.getLookupServiceAddress());
+ log.info("This broker:{} plays the leader now.", pulsar.getBrokerId());
// flush the load data when the leader is elected.
brokerLoadDataReporter.reportAsync(true);
@@ -779,7 +780,7 @@ public class ExtensibleLoadManagerImpl implements ExtensibleLoadManager {
@VisibleForTesting
void playFollower() {
log.info("This broker:{} is setting the role from {} to {}",
- pulsar.getLookupServiceAddress(), role, Follower);
+ pulsar.getBrokerId(), role, Follower);
int retry = 0;
while (!Thread.currentThread().isInterrupted()) {
try {
@@ -792,7 +793,7 @@ public class ExtensibleLoadManagerImpl implements ExtensibleLoadManager {
break;
} catch (Throwable e) {
log.error("The broker:{} failed to set the role. Retrying {} th ...",
- pulsar.getLookupServiceAddress(), ++retry, e);
+ pulsar.getBrokerId(), ++retry, e);
try {
Thread.sleep(Math.min(retry * 10, MAX_ROLE_CHANGE_RETRY_DELAY_IN_MILLIS));
} catch (InterruptedException ex) {
@@ -803,7 +804,7 @@ public class ExtensibleLoadManagerImpl implements ExtensibleLoadManager {
}
}
role = Follower;
- log.info("This broker:{} plays a follower now.", pulsar.getLookupServiceAddress());
+ log.info("This broker:{} plays a follower now.", pulsar.getBrokerId());
// flush the load data when the leader is elected.
brokerLoadDataReporter.reportAsync(true);
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelImpl.java
index c9f305a6be3..8efa4e2e21a 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelImpl.java
@@ -73,6 +73,7 @@ import org.apache.pulsar.PulsarClusterMetadataSetup;
import org.apache.pulsar.broker.PulsarServerException;
import org.apache.pulsar.broker.PulsarService;
import org.apache.pulsar.broker.ServiceConfiguration;
+import org.apache.pulsar.broker.loadbalance.LeaderBroker;
import org.apache.pulsar.broker.loadbalance.LeaderElectionService;
import org.apache.pulsar.broker.loadbalance.extensions.BrokerRegistry;
import org.apache.pulsar.broker.loadbalance.extensions.ExtensibleLoadManagerImpl;
@@ -127,7 +128,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
private final ServiceConfiguration config;
private final Schema<ServiceUnitStateData> schema;
private final Map<String, CompletableFuture<String>> getOwnerRequests;
- private final String lookupServiceAddress;
+ private final String brokerId;
private final Map<String, CompletableFuture<Void>> cleanupJobs;
private final StateChangeListeners stateChangeListeners;
private ExtensibleLoadManagerImpl loadManager;
@@ -214,7 +215,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
long ownershipMonitorDelayTimeInSecs) {
this.pulsar = pulsar;
this.config = pulsar.getConfig();
- this.lookupServiceAddress = pulsar.getLookupServiceAddress();
+ this.brokerId = pulsar.getBrokerId();
this.schema = Schema.JSON(ServiceUnitStateData.class);
this.getOwnerRequests = new ConcurrentHashMap<>();
this.cleanupJobs = new ConcurrentHashMap<>();
@@ -260,7 +261,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
},
0, ownershipMonitorDelayTimeInSecs, SECONDS);
log.info("This leader broker:{} started the ownership monitor.",
- lookupServiceAddress);
+ brokerId);
}
}
@@ -269,13 +270,13 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
monitorTask.cancel(false);
monitorTask = null;
log.info("This previous leader broker:{} stopped the ownership monitor.",
- lookupServiceAddress);
+ brokerId);
}
}
@Override
public void cleanOwnerships() {
- doCleanup(lookupServiceAddress);
+ doCleanup(brokerId);
}
public synchronized void start() throws PulsarServerException {
@@ -441,19 +442,8 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
new IllegalStateException("Invalid channel state:" + channelState.name()));
}
- return leaderElectionService.readCurrentLeader().thenApply(leader -> {
- //expecting http://broker-xyz:port
- // TODO: discard this protocol prefix removal
- // by a util func that returns lookupServiceAddress(serviceUrl)
- if (leader.isPresent()) {
- String broker = leader.get().getServiceUrl();
- broker = broker.substring(broker.lastIndexOf('/') + 1);
- return Optional.of(broker);
- } else {
- return Optional.empty();
- }
- }
- );
+ return leaderElectionService.readCurrentLeader()
+ .thenApply(leader -> leader.map(LeaderBroker::getBrokerId));
}
public CompletableFuture<Boolean> isChannelOwnerAsync() {
@@ -495,7 +485,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
}
public boolean isOwner(String serviceUnit) {
- return isOwner(serviceUnit, lookupServiceAddress);
+ return isOwner(serviceUnit, brokerId);
}
private CompletableFuture<Optional<String>> getActiveOwnerAsync(
@@ -648,7 +638,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
long totalHandledRequests = getHandlerTotalCounter(data).incrementAndGet();
if (debug()) {
log.info("{} received a handle request for serviceUnit:{}, data:{}. totalHandledRequests:{}",
- lookupServiceAddress, serviceUnit, data, totalHandledRequests);
+ brokerId, serviceUnit, data, totalHandledRequests);
}
ServiceUnitState state = state(data);
@@ -712,7 +702,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
long handlerFailureCount = getHandlerFailureCounter(data).get();
log.info("{} handled {} event for serviceUnit:{}, cur:{}, next:{}, "
+ "totalHandledRequests:{}, totalFailedRequests:{}",
- lookupServiceAddress, getLogEventTag(data), serviceUnit,
+ brokerId, getLogEventTag(data), serviceUnit,
data == null ? "" : data,
next == null ? "" : next,
handlerTotalCount, handlerFailureCount
@@ -723,7 +713,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
long handlerFailureCount = getHandlerFailureCounter(data).incrementAndGet();
log.error("{} failed to handle {} event for serviceUnit:{}, cur:{}, next:{}, "
+ "totalHandledRequests:{}, totalFailedRequests:{}",
- lookupServiceAddress, getLogEventTag(data), serviceUnit,
+ brokerId, getLogEventTag(data), serviceUnit,
data == null ? "" : data,
next == null ? "" : next,
handlerTotalCount, handlerFailureCount,
@@ -854,7 +844,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
if (broker == null) {
return false;
}
- return broker.equals(lookupServiceAddress);
+ return broker.equals(brokerId);
}
private CompletableFuture<String> deferGetOwnerRequest(String serviceUnit) {
@@ -1256,7 +1246,7 @@ public class ServiceUnitStateChannelImpl implements ServiceUnitStateChannel {
MILLISECONDS.sleep(OWNERSHIP_CLEAN_UP_WAIT_RETRY_DELAY_IN_MILLIS);
} catch (InterruptedException e) {
log.warn("Interrupted while delaying the next service unit clean-up. Cleaning broker:{}",
- lookupServiceAddress);
+ brokerId);
}
}
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/policies/IsolationPoliciesHelper.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/policies/IsolationPoliciesHelper.java
index 468552db541..56238d6528e 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/policies/IsolationPoliciesHelper.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/policies/IsolationPoliciesHelper.java
@@ -42,14 +42,14 @@ public class IsolationPoliciesHelper {
return LoadManagerShared.applyNamespacePoliciesAsync(serviceUnit, policies,
availableBrokers.keySet(), new LoadManagerShared.BrokerTopicLoadingPredicate() {
@Override
- public boolean isEnablePersistentTopics(String brokerUrl) {
- BrokerLookupData lookupData = availableBrokers.get(brokerUrl.replace("http://", ""));
+ public boolean isEnablePersistentTopics(String brokerId) {
+ BrokerLookupData lookupData = availableBrokers.get(brokerId);
return lookupData != null && lookupData.persistentTopicsEnabled();
}
@Override
- public boolean isEnableNonPersistentTopics(String brokerUrl) {
- BrokerLookupData lookupData = availableBrokers.get(brokerUrl.replace("http://", ""));
+ public boolean isEnableNonPersistentTopics(String brokerId) {
+ BrokerLookupData lookupData = availableBrokers.get(brokerId);
return lookupData != null && lookupData.nonPersistentTopicsEnabled();
}
});
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/BrokerLoadDataReporter.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/BrokerLoadDataReporter.java
index b07acfda7f7..3061969120b 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/BrokerLoadDataReporter.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/BrokerLoadDataReporter.java
@@ -55,7 +55,7 @@ public class BrokerLoadDataReporter implements LoadDataReporter<BrokerLoadData>,
private final BrokerHostUsage brokerHostUsage;
- private final String lookupServiceAddress;
+ private final String brokerId;
@Getter
private final BrokerLoadData localData;
@@ -67,10 +67,10 @@ public class BrokerLoadDataReporter implements LoadDataReporter<BrokerLoadData>,
private long tombstoneDelayInMillis;
public BrokerLoadDataReporter(PulsarService pulsar,
- String lookupServiceAddress,
+ String brokerId,
LoadDataStore<BrokerLoadData> brokerLoadDataStore) {
this.brokerLoadDataStore = brokerLoadDataStore;
- this.lookupServiceAddress = lookupServiceAddress;
+ this.brokerId = brokerId;
this.pulsar = pulsar;
this.conf = this.pulsar.getConfiguration();
if (SystemUtils.IS_OS_LINUX) {
@@ -111,7 +111,7 @@ public class BrokerLoadDataReporter implements LoadDataReporter<BrokerLoadData>,
log.info("publishing load report:{}", localData.toString(conf));
}
CompletableFuture<Void> future =
- this.brokerLoadDataStore.pushAsync(this.lookupServiceAddress, newLoadData);
+ this.brokerLoadDataStore.pushAsync(this.brokerId, newLoadData);
future.whenComplete((__, ex) -> {
if (ex == null) {
localData.setReportedAt(System.currentTimeMillis());
@@ -185,7 +185,7 @@ public class BrokerLoadDataReporter implements LoadDataReporter<BrokerLoadData>,
}
var lastSuccessfulTombstonedAt = lastTombstonedAt;
lastTombstonedAt = now; // dedup first
- brokerLoadDataStore.removeAsync(lookupServiceAddress)
+ brokerLoadDataStore.removeAsync(brokerId)
.whenComplete((__, e) -> {
if (e != null) {
log.error("Failed to clean broker load data.", e);
@@ -209,13 +209,13 @@ public class BrokerLoadDataReporter implements LoadDataReporter<BrokerLoadData>,
ServiceUnitState state = ServiceUnitStateData.state(data);
switch (state) {
case Releasing, Splitting -> {
- if (StringUtils.equals(data.sourceBroker(), lookupServiceAddress)) {
+ if (StringUtils.equals(data.sourceBroker(), brokerId)) {
localData.clear();
tombstone();
}
}
case Owned -> {
- if (StringUtils.equals(data.dstBroker(), lookupServiceAddress)) {
+ if (StringUtils.equals(data.dstBroker(), brokerId)) {
localData.clear();
tombstone();
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/TopBundleLoadDataReporter.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/TopBundleLoadDataReporter.java
index 0fa37d3687c..43e05ad1ac9 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/TopBundleLoadDataReporter.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/reporter/TopBundleLoadDataReporter.java
@@ -41,7 +41,7 @@ public class TopBundleLoadDataReporter implements LoadDataReporter<TopBundlesLoa
private final PulsarService pulsar;
- private final String lookupServiceAddress;
+ private final String brokerId;
private final LoadDataStore<TopBundlesLoadData> bundleLoadDataStore;
@@ -53,10 +53,10 @@ public class TopBundleLoadDataReporter implements LoadDataReporter<TopBundlesLoa
private long tombstoneDelayInMillis;
public TopBundleLoadDataReporter(PulsarService pulsar,
- String lookupServiceAddress,
+ String brokerId,
LoadDataStore<TopBundlesLoadData> bundleLoadDataStore) {
this.pulsar = pulsar;
- this.lookupServiceAddress = lookupServiceAddress;
+ this.brokerId = brokerId;
this.bundleLoadDataStore = bundleLoadDataStore;
this.lastBundleStatsUpdatedAt = 0;
this.topKBundles = new TopKBundles(pulsar);
@@ -88,7 +88,7 @@ public class TopBundleLoadDataReporter implements LoadDataReporter<TopBundlesLoa
if (ExtensibleLoadManagerImpl.debug(pulsar.getConfiguration(), log)) {
log.info("Reporting TopBundlesLoadData:{}", topKBundles.getLoadData());
}
- return this.bundleLoadDataStore.pushAsync(lookupServiceAddress, topKBundles.getLoadData())
+ return this.bundleLoadDataStore.pushAsync(brokerId, topKBundles.getLoadData())
.exceptionally(e -> {
log.error("Failed to report top-bundles load data.", e);
return null;
@@ -106,7 +106,7 @@ public class TopBundleLoadDataReporter implements LoadDataReporter<TopBundlesLoa
}
var lastSuccessfulTombstonedAt = lastTombstonedAt;
lastTombstonedAt = now; // dedup first
- bundleLoadDataStore.removeAsync(lookupServiceAddress)
+ bundleLoadDataStore.removeAsync(brokerId)
.whenComplete((__, e) -> {
if (e != null) {
log.error("Failed to clean broker load data.", e);
@@ -129,12 +129,12 @@ public class TopBundleLoadDataReporter implements LoadDataReporter<TopBundlesLoa
ServiceUnitState state = ServiceUnitStateData.state(data);
switch (state) {
case Releasing, Splitting -> {
- if (StringUtils.equals(data.sourceBroker(), lookupServiceAddress)) {
+ if (StringUtils.equals(data.sourceBroker(), brokerId)) {
tombstone();
}
}
case Owned -> {
- if (StringUtils.equals(data.dstBroker(), lookupServiceAddress)) {
+ if (StringUtils.equals(data.dstBroker(), brokerId)) {
tombstone();
}
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/LoadManagerShared.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/LoadManagerShared.java
index 5f2e4b1f25d..3d627db6cfa 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/LoadManagerShared.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/LoadManagerShared.java
@@ -21,8 +21,6 @@ package org.apache.pulsar.broker.loadbalance.impl;
import static com.google.common.base.Preconditions.checkArgument;
import static org.apache.pulsar.common.stats.JvmMetrics.getJvmDirectMemoryUsed;
import io.netty.util.concurrent.FastThreadLocal;
-import java.net.MalformedURLException;
-import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -106,59 +104,56 @@ public class LoadManagerShared {
if (isIsolationPoliciesPresent) {
LOG.debug("Isolation Policies Present for namespace - [{}]", namespace.toString());
}
- for (final String broker : availableBrokers) {
- final String brokerUrlString = String.format("http://%s", broker);
- URL brokerUrl;
+ for (final String brokerId : availableBrokers) {
+ String brokerHost;
try {
- brokerUrl = new URL(brokerUrlString);
- } catch (MalformedURLException e) {
- LOG.error("Unable to parse brokerUrl from ResourceUnitId", e);
+ brokerHost = parseBrokerHost(brokerId);
+ } catch (IllegalArgumentException e) {
+ LOG.error("Unable to parse host from {}", brokerId, e);
continue;
}
// todo: in future check if the resource unit has resources to take the namespace
if (isIsolationPoliciesPresent) {
// note: serviceUnitID is namespace name and ResourceID is brokerName
- if (policies.isPrimaryBroker(namespace, brokerUrl.getHost())) {
- primariesCache.add(broker);
+ if (policies.isPrimaryBroker(namespace, brokerHost)) {
+ primariesCache.add(brokerId);
if (LOG.isDebugEnabled()) {
LOG.debug("Added Primary Broker - [{}] as possible Candidates for"
- + " namespace - [{}] with policies", brokerUrl.getHost(), namespace.toString());
+ + " namespace - [{}] with policies", brokerHost, namespace.toString());
}
- } else if (policies.isSecondaryBroker(namespace, brokerUrl.getHost())) {
- secondaryCache.add(broker);
+ } else if (policies.isSecondaryBroker(namespace, brokerHost)) {
+ secondaryCache.add(brokerId);
if (LOG.isDebugEnabled()) {
LOG.debug(
"Added Shared Broker - [{}] as possible "
+ "Candidates for namespace - [{}] with policies",
- brokerUrl.getHost(), namespace.toString());
+ brokerHost, namespace.toString());
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Skipping Broker - [{}] not primary broker and not shared" + " for namespace - [{}] ",
- brokerUrl.getHost(), namespace.toString());
+ brokerHost, namespace.toString());
}
}
} else {
// non-persistent topic can be assigned to only those brokers that enabled for non-persistent topic
- if (isNonPersistentTopic
- && !brokerTopicLoadingPredicate.isEnableNonPersistentTopics(brokerUrlString)) {
+ if (isNonPersistentTopic && !brokerTopicLoadingPredicate.isEnableNonPersistentTopics(brokerId)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Filter broker- [{}] because it doesn't support non-persistent namespace - [{}]",
- brokerUrl.getHost(), namespace.toString());
+ brokerHost, namespace.toString());
}
- } else if (!isNonPersistentTopic
- && !brokerTopicLoadingPredicate.isEnablePersistentTopics(brokerUrlString)) {
+ } else if (!isNonPersistentTopic && !brokerTopicLoadingPredicate.isEnablePersistentTopics(brokerId)) {
// persistent topic can be assigned to only brokers that enabled for persistent-topic
if (LOG.isDebugEnabled()) {
LOG.debug("Filter broker- [{}] because broker only supports non-persistent namespace - [{}]",
- brokerUrl.getHost(), namespace.toString());
+ brokerHost, namespace.toString());
}
- } else if (policies.isSharedBroker(brokerUrl.getHost())) {
- secondaryCache.add(broker);
+ } else if (policies.isSharedBroker(brokerHost)) {
+ secondaryCache.add(brokerId);
if (LOG.isDebugEnabled()) {
LOG.debug("Added Shared Broker - [{}] as possible Candidates for namespace - [{}]",
- brokerUrl.getHost(), namespace.toString());
+ brokerHost, namespace.toString());
}
}
}
@@ -181,6 +176,16 @@ public class LoadManagerShared {
}
}
+ private static String parseBrokerHost(String brokerId) {
+ // use last index to support ipv6 addresses
+ int lastIdx = brokerId.lastIndexOf(':');
+ if (lastIdx > -1) {
+ return brokerId.substring(0, lastIdx);
+ } else {
+ throw new IllegalArgumentException("Invalid brokerId: " + brokerId);
+ }
+ }
+
public static CompletableFuture<Set<String>> applyNamespacePoliciesAsync(
final ServiceUnitId serviceUnit, final SimpleResourceAllocationPolicies policies,
final Set<String> availableBrokers, final BrokerTopicLoadingPredicate brokerTopicLoadingPredicate) {
@@ -199,59 +204,57 @@ public class LoadManagerShared {
LOG.debug("Isolation Policies Present for namespace - [{}]", namespace.toString());
}
}
- for (final String broker : availableBrokers) {
- final String brokerUrlString = String.format("http://%s", broker);
- URL brokerUrl;
+ for (final String brokerId : availableBrokers) {
+ String brokerHost;
try {
- brokerUrl = new URL(brokerUrlString);
- } catch (MalformedURLException e) {
- LOG.error("Unable to parse brokerUrl from ResourceUnitId", e);
+ brokerHost = parseBrokerHost(brokerId);
+ } catch (IllegalArgumentException e) {
+ LOG.error("Unable to parse host from {}", brokerId, e);
continue;
}
// todo: in future check if the resource unit has resources to take the namespace
if (isIsolationPoliciesPresent) {
// note: serviceUnitID is namespace name and ResourceID is brokerName
- if (policies.isPrimaryBroker(namespace, brokerUrl.getHost())) {
- primariesCache.add(broker);
+ if (policies.isPrimaryBroker(namespace, brokerHost)) {
+ primariesCache.add(brokerId);
if (LOG.isDebugEnabled()) {
LOG.debug("Added Primary Broker - [{}] as possible Candidates for"
- + " namespace - [{}] with policies", brokerUrl.getHost(), namespace.toString());
+ + " namespace - [{}] with policies", brokerHost, namespace.toString());
}
- } else if (policies.isSecondaryBroker(namespace, brokerUrl.getHost())) {
- secondaryCache.add(broker);
+ } else if (policies.isSecondaryBroker(namespace, brokerHost)) {
+ secondaryCache.add(brokerId);
if (LOG.isDebugEnabled()) {
LOG.debug(
"Added Shared Broker - [{}] as possible "
+ "Candidates for namespace - [{}] with policies",
- brokerUrl.getHost(), namespace.toString());
+ brokerHost, namespace.toString());
}
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("Skipping Broker - [{}] not primary broker and not shared"
- + " for namespace - [{}] ", brokerUrl.getHost(), namespace.toString());
+ + " for namespace - [{}] ", brokerHost, namespace.toString());
}
}
} else {
// non-persistent topic can be assigned to only those brokers that enabled for non-persistent topic
- if (isNonPersistentTopic
- && !brokerTopicLoadingPredicate.isEnableNonPersistentTopics(brokerUrlString)) {
+ if (isNonPersistentTopic && !brokerTopicLoadingPredicate.isEnableNonPersistentTopics(brokerId)) {
if (LOG.isDebugEnabled()) {
LOG.debug("Filter broker- [{}] because it doesn't support non-persistent namespace - [{}]",
- brokerUrl.getHost(), namespace.toString());
+ brokerId, namespace.toString());
}
- } else if (!isNonPersistentTopic
- && !brokerTopicLoadingPredicate.isEnablePersistentTopics(brokerUrlString)) {
+ } else if (!isNonPersistentTopic && !brokerTopicLoadingPredicate
+ .isEnablePersistentTopics(brokerId)) {
// persistent topic can be assigned to only brokers that enabled for persistent-topic
if (LOG.isDebugEnabled()) {
LOG.debug("Filter broker- [{}] because broker only supports non-persistent "
- + "namespace - [{}]", brokerUrl.getHost(), namespace.toString());
+ + "namespace - [{}]", brokerId, namespace.toString());
}
- } else if (policies.isSharedBroker(brokerUrl.getHost())) {
- secondaryCache.add(broker);
+ } else if (policies.isSharedBroker(brokerHost)) {
+ secondaryCache.add(brokerId);
if (LOG.isDebugEnabled()) {
LOG.debug("Added Shared Broker - [{}] as possible Candidates for namespace - [{}]",
- brokerUrl.getHost(), namespace.toString());
+ brokerHost, namespace.toString());
}
}
}
@@ -762,9 +765,9 @@ public class LoadManagerShared {
}
public interface BrokerTopicLoadingPredicate {
- boolean isEnablePersistentTopics(String brokerUrl);
+ boolean isEnablePersistentTopics(String brokerId);
- boolean isEnableNonPersistentTopics(String brokerUrl);
+ boolean isEnableNonPersistentTopics(String brokerId);
}
/**
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
index 255d7aa77af..3317ed4cb62 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
@@ -219,15 +219,15 @@ public class ModularLoadManagerImpl implements ModularLoadManager {
this.bundleBrokerAffinityMap = new ConcurrentHashMap<>();
this.brokerTopicLoadingPredicate = new BrokerTopicLoadingPredicate() {
@Override
- public boolean isEnablePersistentTopics(String brokerUrl) {
- final BrokerData brokerData = loadData.getBrokerData().get(brokerUrl.replace("http://", ""));
+ public boolean isEnablePersistentTopics(String brokerId) {
+ final BrokerData brokerData = loadData.getBrokerData().get(brokerId);
return brokerData != null && brokerData.getLocalData() != null
&& brokerData.getLocalData().isPersistentTopicsEnabled();
}
@Override
- public boolean isEnableNonPersistentTopics(String brokerUrl) {
- final BrokerData brokerData = loadData.getBrokerData().get(brokerUrl.replace("http://", ""));
+ public boolean isEnableNonPersistentTopics(String brokerId) {
+ final BrokerData brokerData = loadData.getBrokerData().get(brokerId);
return brokerData != null && brokerData.getLocalData() != null
&& brokerData.getLocalData().isNonPersistentTopicsEnabled();
}
@@ -996,9 +996,9 @@ public class ModularLoadManagerImpl implements ModularLoadManager {
localData.setNonPersistentTopicsEnabled(pulsar.getConfiguration().isEnableNonPersistentTopics());
localData.setLoadManagerClassName(conf.getLoadManagerClassName());
- String lookupServiceAddress = pulsar.getLookupServiceAddress();
- brokerZnodePath = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + lookupServiceAddress;
- final String timeAverageZPath = TIME_AVERAGE_BROKER_ZPATH + "/" + lookupServiceAddress;
+ String brokerId = pulsar.getBrokerId();
+ brokerZnodePath = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + brokerId;
+ final String timeAverageZPath = TIME_AVERAGE_BROKER_ZPATH + "/" + brokerId;
updateLocalBrokerData();
brokerDataLock = brokersData.acquireLock(brokerZnodePath, localData).join();
@@ -1232,7 +1232,6 @@ public class ModularLoadManagerImpl implements ModularLoadManager {
if (StringUtils.isBlank(broker)) {
return this.bundleBrokerAffinityMap.remove(bundle);
}
- broker = broker.replaceFirst("http[s]?://", "");
return this.bundleBrokerAffinityMap.put(bundle, broker);
}
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java
index 63bc7ab07fe..c8d81bda1bc 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java
@@ -19,7 +19,6 @@
package org.apache.pulsar.broker.loadbalance.impl;
import java.util.List;
-import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
@@ -32,7 +31,6 @@ import org.apache.pulsar.broker.loadbalance.ResourceUnit;
import org.apache.pulsar.common.naming.ServiceUnitId;
import org.apache.pulsar.common.stats.Metrics;
import org.apache.pulsar.policies.data.loadbalancer.LoadManagerReport;
-import org.apache.pulsar.policies.data.loadbalancer.LocalBrokerData;
/**
* Wrapper class allowing classes of instance ModularLoadManager to be compatible with the interface LoadManager.
@@ -75,20 +73,6 @@ public class ModularLoadManagerWrapper implements LoadManager {
return leastLoadedBroker.map(this::buildBrokerResourceUnit);
}
- private String getBrokerWebServiceUrl(String broker) {
- LocalBrokerData localData = (loadManager).getBrokerLocalData(broker);
- if (localData != null) {
- return localData.getWebServiceUrlTls() != null ? localData.getWebServiceUrlTls()
- : localData.getWebServiceUrl();
- }
- return String.format("http://%s", broker);
- }
-
- private String getBrokerZnodeName(String broker, String webServiceUrl) {
- String scheme = webServiceUrl.substring(0, webServiceUrl.indexOf("://"));
- return String.format("%s://%s", scheme, broker);
- }
-
@Override
public List<Metrics> getLoadBalancingMetrics() {
return loadManager.getLoadBalancingMetrics();
@@ -149,10 +133,7 @@ public class ModularLoadManagerWrapper implements LoadManager {
}
private SimpleResourceUnit buildBrokerResourceUnit (String broker) {
- String webServiceUrl = getBrokerWebServiceUrl(broker);
- String brokerZnodeName = getBrokerZnodeName(broker, webServiceUrl);
- return new SimpleResourceUnit(webServiceUrl,
- new PulsarResourceDescription(), Map.of(ResourceUnit.PROPERTY_KEY_BROKER_ZNODE_NAME, brokerZnodeName));
+ return new SimpleResourceUnit(broker, new PulsarResourceDescription());
}
@Override
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
index d54579a2861..8bb27e52298 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
@@ -211,15 +211,15 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
.build();
this.brokerTopicLoadingPredicate = new BrokerTopicLoadingPredicate() {
@Override
- public boolean isEnablePersistentTopics(String brokerUrl) {
- ResourceUnit ru = new SimpleResourceUnit(brokerUrl, new PulsarResourceDescription());
+ public boolean isEnablePersistentTopics(String brokerId) {
+ ResourceUnit ru = new SimpleResourceUnit(brokerId, new PulsarResourceDescription());
LoadReport loadReport = currentLoadReports.get(ru);
return loadReport != null && loadReport.isPersistentTopicsEnabled();
}
@Override
- public boolean isEnableNonPersistentTopics(String brokerUrl) {
- ResourceUnit ru = new SimpleResourceUnit(brokerUrl, new PulsarResourceDescription());
+ public boolean isEnableNonPersistentTopics(String brokerId) {
+ ResourceUnit ru = new SimpleResourceUnit(brokerId, new PulsarResourceDescription());
LoadReport loadReport = currentLoadReports.get(ru);
return loadReport != null && loadReport.isNonPersistentTopicsEnabled();
}
@@ -266,8 +266,8 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
@Override
public void start() throws PulsarServerException {
// Register the brokers in metadata store
- String lookupServiceAddress = pulsar.getLookupServiceAddress();
- String brokerLockPath = LOADBALANCE_BROKERS_ROOT + "/" + lookupServiceAddress;
+ String brokerId = pulsar.getBrokerId();
+ String brokerLockPath = LOADBALANCE_BROKERS_ROOT + "/" + brokerId;
try {
LoadReport loadReport = null;
@@ -653,7 +653,6 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
*/
private synchronized void doLoadRanking() {
ResourceUnitRanking.setCpuUsageByMsgRate(this.realtimeCpuLoadFactor);
- String hostname = pulsar.getAdvertisedAddress();
String strategy = this.getLoadBalancerPlacementStrategy();
log.info("doLoadRanking - load balancing strategy: {}", strategy);
if (!currentLoadReports.isEmpty()) {
@@ -702,8 +701,8 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
}
// update metrics
- if (resourceUnit.getResourceId().contains(hostname)) {
- updateLoadBalancingMetrics(hostname, finalRank, ranking);
+ if (resourceUnit.getResourceId().equals(pulsar.getBrokerId())) {
+ updateLoadBalancingMetrics(pulsar.getAdvertisedAddress(), finalRank, ranking);
}
}
updateBrokerToNamespaceToBundle();
@@ -711,7 +710,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
this.resourceUnitRankings = newResourceUnitRankings;
} else {
log.info("Leader broker[{}] No ResourceUnits to rank this run, Using Old Ranking",
- pulsar.getSafeWebServiceAddress());
+ pulsar.getBrokerId());
}
}
@@ -855,7 +854,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
// Add preallocated bundle range so incoming bundles from the same namespace are not assigned to the
// same broker.
brokerToNamespaceToBundleRange
- .computeIfAbsent(selectedRU.getResourceId().replace("http://", ""),
+ .computeIfAbsent(selectedRU.getResourceId(),
k -> ConcurrentOpenHashMap.<String,
ConcurrentOpenHashSet<String>>newBuilder()
.build())
@@ -876,7 +875,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
availableBrokersCache.clear();
for (final Set<ResourceUnit> resourceUnits : availableBrokers.values()) {
for (final ResourceUnit resourceUnit : resourceUnits) {
- availableBrokersCache.add(resourceUnit.getResourceId().replace("http://", ""));
+ availableBrokersCache.add(resourceUnit.getResourceId());
}
}
brokerCandidateCache.clear();
@@ -899,7 +898,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
final Long rank = entry.getKey();
final Set<ResourceUnit> resourceUnits = entry.getValue();
for (final ResourceUnit resourceUnit : resourceUnits) {
- if (brokerCandidateCache.contains(resourceUnit.getResourceId().replace("http://", ""))) {
+ if (brokerCandidateCache.contains(resourceUnit.getResourceId())) {
result.put(rank, resourceUnit);
}
}
@@ -928,8 +927,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
availableBrokers = new HashMap<>();
for (String broker : activeBrokers) {
- ResourceUnit resourceUnit = new SimpleResourceUnit(String.format("http://%s", broker),
- new PulsarResourceDescription());
+ ResourceUnit resourceUnit = new SimpleResourceUnit(broker, new PulsarResourceDescription());
availableBrokers.computeIfAbsent(0L, key -> new TreeSet<>()).add(resourceUnit);
}
log.info("Choosing at random from broker list: [{}]", availableBrokers.values());
@@ -956,7 +954,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
Iterator<Map.Entry<Long, ResourceUnit>> candidateIterator = finalCandidates.entries().iterator();
while (candidateIterator.hasNext()) {
Map.Entry<Long, ResourceUnit> candidate = candidateIterator.next();
- String candidateBrokerName = candidate.getValue().getResourceId().replace("http://", "");
+ String candidateBrokerName = candidate.getValue().getResourceId();
if (!activeBrokers.contains(candidateBrokerName)) {
candidateIterator.remove(); // Current candidate points to an inactive broker, so remove it
}
@@ -1005,8 +1003,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
try {
String key = String.format("%s/%s", LOADBALANCE_BROKERS_ROOT, broker);
LoadReport lr = loadReports.readLock(key).join().get();
- ResourceUnit ru = new SimpleResourceUnit(String.format("http://%s", lr.getName()),
- fromLoadReport(lr));
+ ResourceUnit ru = new SimpleResourceUnit(lr.getName(), fromLoadReport(lr));
this.currentLoadReports.put(ru, lr);
} catch (Exception e) {
log.warn("Error reading load report from Cache for broker - [{}], [{}]", broker, e);
@@ -1078,7 +1075,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
loadReport.setProtocols(pulsar.getProtocolDataToAdvertise());
loadReport.setNonPersistentTopicsEnabled(pulsar.getConfiguration().isEnableNonPersistentTopics());
loadReport.setPersistentTopicsEnabled(pulsar.getConfiguration().isEnablePersistentTopics());
- loadReport.setName(pulsar.getLookupServiceAddress());
+ loadReport.setName(pulsar.getBrokerId());
loadReport.setBrokerVersionString(pulsar.getBrokerVersion());
SystemResourceUsage systemResourceUsage = this.getSystemResourceUsage();
@@ -1121,8 +1118,8 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
loadReport.setAllocatedMsgRateIn(allocatedQuota.getMsgRateIn());
loadReport.setAllocatedMsgRateOut(allocatedQuota.getMsgRateOut());
- final ResourceUnit resourceUnit = new SimpleResourceUnit(
- String.format("http://%s", loadReport.getName()), fromLoadReport(loadReport));
+ final ResourceUnit resourceUnit =
+ new SimpleResourceUnit(loadReport.getName(), fromLoadReport(loadReport));
Set<String> preAllocatedBundles;
if (resourceUnitRankings.containsKey(resourceUnit)) {
preAllocatedBundles = resourceUnitRankings.get(resourceUnit).getPreAllocatedBundles();
@@ -1277,7 +1274,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
final Set<String> preallocatedBundles = resourceUnitRankings.get(resourceUnit).getPreAllocatedBundles();
final ConcurrentOpenHashMap<String, ConcurrentOpenHashSet<String>> namespaceToBundleRange =
brokerToNamespaceToBundleRange
- .computeIfAbsent(broker.replace("http://", ""),
+ .computeIfAbsent(broker,
k -> ConcurrentOpenHashMap.<String,
ConcurrentOpenHashSet<String>>newBuilder()
.build());
@@ -1455,7 +1452,6 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
if (StringUtils.isBlank(broker)) {
return this.bundleBrokerAffinityMap.remove(bundle);
}
- broker = broker.replaceFirst("http[s]?://", "");
return this.bundleBrokerAffinityMap.put(bundle, broker);
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/NamespaceService.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/NamespaceService.java
index 4c2b4211747..3be14a9d09a 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/NamespaceService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/NamespaceService.java
@@ -186,7 +186,7 @@ public class NamespaceService implements AutoCloseable {
return findRedirectLookupResultAsync(bundle).thenCompose(optResult -> {
if (optResult.isPresent()) {
LOG.info("[{}] Redirect lookup request to {} for topic {}",
- pulsar.getSafeWebServiceAddress(), optResult.get(), topic);
+ pulsar.getBrokerId(), optResult.get(), topic);
return CompletableFuture.completedFuture(optResult);
}
if (ExtensibleLoadManagerImpl.isLoadManagerExtensionEnabled(config)) {
@@ -293,7 +293,7 @@ public class NamespaceService implements AutoCloseable {
return findRedirectLookupResultAsync(bundle).thenCompose(optResult -> {
if (optResult.isPresent()) {
LOG.info("[{}] Redirect lookup request to {} for topic {}",
- pulsar.getSafeWebServiceAddress(), optResult.get(), topic);
+ pulsar.getBrokerId(), optResult.get(), topic);
try {
LookupData lookupData = optResult.get().getLookupData();
final String redirectUrl = options.isRequestHttps()
@@ -333,17 +333,17 @@ public class NamespaceService implements AutoCloseable {
* @throws PulsarServerException
*/
public void registerBootstrapNamespaces() throws PulsarServerException {
- String lookupServiceAddress = pulsar.getLookupServiceAddress();
+ String brokerId = pulsar.getBrokerId();
// ensure that we own the heartbeat namespace
- if (registerNamespace(getHeartbeatNamespace(lookupServiceAddress, config), true)) {
+ if (registerNamespace(getHeartbeatNamespace(brokerId, config), true)) {
LOG.info("added heartbeat namespace name in local cache: ns={}",
- getHeartbeatNamespace(lookupServiceAddress, config));
+ getHeartbeatNamespace(brokerId, config));
}
// ensure that we own the heartbeat namespace
- if (registerNamespace(getHeartbeatNamespaceV2(lookupServiceAddress, config), true)) {
+ if (registerNamespace(getHeartbeatNamespaceV2(brokerId, config), true)) {
LOG.info("added heartbeat namespace name in local cache: ns={}",
- getHeartbeatNamespaceV2(lookupServiceAddress, config));
+ getHeartbeatNamespaceV2(brokerId, config));
}
// we may not need strict ownership checking for bootstrap names for now
@@ -506,7 +506,6 @@ public class NamespaceService implements AutoCloseable {
return;
}
String candidateBroker = null;
- String candidateBrokerAdvertisedAddr = null;
LeaderElectionService les = pulsar.getLeaderElectionService();
if (les == null) {
@@ -541,14 +540,14 @@ public class NamespaceService implements AutoCloseable {
if (options.isAuthoritative()) {
// leader broker already assigned the current broker as owner
- candidateBroker = pulsar.getSafeWebServiceAddress();
+ candidateBroker = pulsar.getBrokerId();
} else {
LoadManager loadManager = this.loadManager.get();
boolean makeLoadManagerDecisionOnThisBroker = !loadManager.isCentralized() || les.isLeader();
if (!makeLoadManagerDecisionOnThisBroker) {
// If leader is not active, fallback to pick the least loaded from current broker loadmanager
boolean leaderBrokerActive = currentLeader.isPresent()
- && isBrokerActive(currentLeader.get().getServiceUrl());
+ && isBrokerActive(currentLeader.get().getBrokerId());
if (!leaderBrokerActive) {
makeLoadManagerDecisionOnThisBroker = true;
if (!currentLeader.isPresent()) {
@@ -567,7 +566,7 @@ public class NamespaceService implements AutoCloseable {
}
}
if (makeLoadManagerDecisionOnThisBroker) {
- Optional<Pair<String, String>> availableBroker = getLeastLoadedFromLoadManager(bundle);
+ Optional<String> availableBroker = getLeastLoadedFromLoadManager(bundle);
if (!availableBroker.isPresent()) {
LOG.warn("Load manager didn't return any available broker. "
+ "Returning empty result to lookup. NamespaceBundle[{}]",
@@ -575,12 +574,11 @@ public class NamespaceService implements AutoCloseable {
lookupFuture.complete(Optional.empty());
return;
}
- candidateBroker = availableBroker.get().getLeft();
- candidateBrokerAdvertisedAddr = availableBroker.get().getRight();
+ candidateBroker = availableBroker.get();
authoritativeRedirect = true;
} else {
// forward to leader broker to make assignment
- candidateBroker = currentLeader.get().getServiceUrl();
+ candidateBroker = currentLeader.get().getBrokerId();
}
}
}
@@ -593,7 +591,7 @@ public class NamespaceService implements AutoCloseable {
try {
Objects.requireNonNull(candidateBroker);
- if (candidateBroker.equals(pulsar.getSafeWebServiceAddress())) {
+ if (candidateBroker.equals(pulsar.getBrokerId())) {
// Load manager decided that the local broker should try to become the owner
ownershipCache.tryAcquiringOwnership(bundle).thenAccept(ownerInfo -> {
if (ownerInfo.isDisabled()) {
@@ -647,8 +645,7 @@ public class NamespaceService implements AutoCloseable {
}
// Now setting the redirect url
- createLookupResult(candidateBrokerAdvertisedAddr == null ? candidateBroker
- : candidateBrokerAdvertisedAddr, authoritativeRedirect, options.getAdvertisedListenerName())
+ createLookupResult(candidateBroker, authoritativeRedirect, options.getAdvertisedListenerName())
.thenAccept(lookupResult -> lookupFuture.complete(Optional.of(lookupResult)))
.exceptionally(ex -> {
lookupFuture.completeExceptionally(ex);
@@ -668,7 +665,7 @@ public class NamespaceService implements AutoCloseable {
CompletableFuture<LookupResult> lookupFuture = new CompletableFuture<>();
try {
checkArgument(StringUtils.isNotBlank(candidateBroker), "Lookup broker can't be null %s", candidateBroker);
- String path = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + parseHostAndPort(candidateBroker);
+ String path = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + candidateBroker;
localBrokerDataCache.get(path).thenAccept(reportData -> {
if (reportData.isPresent()) {
@@ -705,30 +702,19 @@ public class NamespaceService implements AutoCloseable {
}
public boolean isBrokerActive(String candidateBroker) {
- String candidateBrokerHostAndPort = parseHostAndPort(candidateBroker);
Set<String> availableBrokers = getAvailableBrokers();
- if (availableBrokers.contains(candidateBrokerHostAndPort)) {
+ if (availableBrokers.contains(candidateBroker)) {
if (LOG.isDebugEnabled()) {
- LOG.debug("Broker {} ({}) is available for.", candidateBroker, candidateBrokerHostAndPort);
+ LOG.debug("Broker {} is available for.", candidateBroker);
}
return true;
} else {
- LOG.warn("Broker {} ({}) couldn't be found in available brokers {}",
- candidateBroker, candidateBrokerHostAndPort,
- availableBrokers.stream().collect(Collectors.joining(",")));
+ LOG.warn("Broker {} couldn't be found in available brokers {}",
+ candidateBroker, String.join(",", availableBrokers));
return false;
}
}
- private static String parseHostAndPort(String candidateBroker) {
- int uriSeparatorPos = candidateBroker.indexOf("://");
- if (uriSeparatorPos == -1) {
- throw new IllegalArgumentException("'" + candidateBroker + "' isn't an URI.");
- }
- String candidateBrokerHostAndPort = candidateBroker.substring(uriSeparatorPos + 3);
- return candidateBrokerHostAndPort;
- }
-
private Set<String> getAvailableBrokers() {
try {
return loadManager.get().getAvailableBrokers();
@@ -743,7 +729,7 @@ public class NamespaceService implements AutoCloseable {
* @return
* @throws Exception
*/
- private Optional<Pair<String, String>> getLeastLoadedFromLoadManager(ServiceUnitId serviceUnit) throws Exception {
+ private Optional<String> getLeastLoadedFromLoadManager(ServiceUnitId serviceUnit) throws Exception {
Optional<ResourceUnit> leastLoadedBroker = loadManager.get().getLeastLoaded(serviceUnit);
if (!leastLoadedBroker.isPresent()) {
LOG.warn("No broker is available for {}", serviceUnit);
@@ -751,15 +737,13 @@ public class NamespaceService implements AutoCloseable {
}
String lookupAddress = leastLoadedBroker.get().getResourceId();
- String advertisedAddr = (String) leastLoadedBroker.get()
- .getProperty(ResourceUnit.PROPERTY_KEY_BROKER_ZNODE_NAME);
if (LOG.isDebugEnabled()) {
LOG.debug("{} : redirecting to the least loaded broker, lookup address={}",
- pulsar.getSafeWebServiceAddress(),
+ pulsar.getBrokerId(),
lookupAddress);
}
- return Optional.of(Pair.of(lookupAddress, advertisedAddr));
+ return Optional.of(lookupAddress);
}
public CompletableFuture<Void> unloadNamespaceBundle(NamespaceBundle bundle) {
@@ -1552,7 +1536,7 @@ public class NamespaceService implements AutoCloseable {
}
public void unloadSLANamespace() throws Exception {
- NamespaceName namespaceName = getSLAMonitorNamespace(pulsar.getLookupServiceAddress(), config);
+ NamespaceName namespaceName = getSLAMonitorNamespace(pulsar.getBrokerId(), config);
LOG.info("Checking owner for SLA namespace {}", namespaceName);
@@ -1585,7 +1569,7 @@ public class NamespaceService implements AutoCloseable {
Matcher m = HEARTBEAT_NAMESPACE_PATTERN.matcher(ns.getNamespaceObject().toString());
if (m.matches()) {
LOG.debug("Heartbeat namespace matched the lookup namespace {}", ns.getNamespaceObject().toString());
- return String.format("http://%s", m.group(1));
+ return m.group(1);
} else {
return null;
}
@@ -1595,7 +1579,7 @@ public class NamespaceService implements AutoCloseable {
Matcher m = HEARTBEAT_NAMESPACE_PATTERN_V2.matcher(ns.getNamespaceObject().toString());
if (m.matches()) {
LOG.debug("Heartbeat namespace v2 matched the lookup namespace {}", ns.getNamespaceObject().toString());
- return String.format("http://%s", m.group(1));
+ return m.group(1);
} else {
return null;
}
@@ -1604,7 +1588,7 @@ public class NamespaceService implements AutoCloseable {
public static String getSLAMonitorBrokerName(ServiceUnitId ns) {
Matcher m = SLA_NAMESPACE_PATTERN.matcher(ns.getNamespaceObject().toString());
if (m.matches()) {
- return String.format("http://%s", m.group(1));
+ return m.group(1);
} else {
return null;
}
@@ -1635,16 +1619,16 @@ public class NamespaceService implements AutoCloseable {
}
public boolean registerSLANamespace() throws PulsarServerException {
- String lookupServiceAddress = pulsar.getLookupServiceAddress();
- boolean isNameSpaceRegistered = registerNamespace(getSLAMonitorNamespace(lookupServiceAddress, config), false);
+ String brokerId = pulsar.getBrokerId();
+ boolean isNameSpaceRegistered = registerNamespace(getSLAMonitorNamespace(brokerId, config), false);
if (isNameSpaceRegistered) {
if (LOG.isDebugEnabled()) {
LOG.debug("Added SLA Monitoring namespace name in local cache: ns={}",
- getSLAMonitorNamespace(lookupServiceAddress, config));
+ getSLAMonitorNamespace(brokerId, config));
}
} else if (LOG.isDebugEnabled()) {
LOG.debug("SLA Monitoring not owned by the broker: ns={}",
- getSLAMonitorNamespace(lookupServiceAddress, config));
+ getSLAMonitorNamespace(brokerId, config));
}
return isNameSpaceRegistered;
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
index 38ffd4d2475..ceaec96b2a6 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java
@@ -2208,7 +2208,7 @@ public class BrokerService implements Closeable {
} else {
String msg = String.format("Namespace bundle for topic (%s) not served by this instance:%s. "
+ "Please redo the lookup. Request is denied: namespace=%s",
- topic, pulsar.getLookupServiceAddress(), topicName.getNamespace());
+ topic, pulsar.getBrokerId(), topicName.getNamespace());
log.warn(msg);
return FutureUtil.failedFuture(new ServiceUnitNotReadyException(msg));
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/nonpersistent/NonPersistentTopic.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/nonpersistent/NonPersistentTopic.java
index 17b6bd8f350..4efaee2a1fa 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/nonpersistent/NonPersistentTopic.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/nonpersistent/NonPersistentTopic.java
@@ -924,7 +924,7 @@ public class NonPersistentTopic extends AbstractTopic implements Topic, TopicPol
});
stats.topicEpoch = topicEpoch.orElse(null);
- stats.ownerBroker = brokerService.pulsar().getLookupServiceAddress();
+ stats.ownerBroker = brokerService.pulsar().getBrokerId();
future.complete(stats);
return future;
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/persistent/PersistentTopic.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/persistent/PersistentTopic.java
index fda80957554..3f75c02d48d 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/persistent/PersistentTopic.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/persistent/PersistentTopic.java
@@ -2323,7 +2323,7 @@ public class PersistentTopic extends AbstractTopic implements Topic, AddEntryCal
stats.backlogSize = ledger.getEstimatedBacklogSize();
stats.deduplicationStatus = messageDeduplication.getStatus().toString();
stats.topicEpoch = topicEpoch.orElse(null);
- stats.ownerBroker = brokerService.pulsar().getLookupServiceAddress();
+ stats.ownerBroker = brokerService.pulsar().getBrokerId();
stats.offloadedStorageSize = ledger.getOffloadedSize();
stats.lastOffloadLedgerId = ledger.getLastOffloadedLedgerId();
stats.lastOffloadSuccessTimeStamp = ledger.getLastOffloadedSuccessTimestamp();
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index de1296dbdd8..c2ac73d39f5 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
@@ -56,7 +56,9 @@ import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.authentication.AuthenticationDataSource;
import org.apache.pulsar.broker.authentication.AuthenticationParameters;
import org.apache.pulsar.broker.authorization.AuthorizationService;
+import org.apache.pulsar.broker.loadbalance.LoadManager;
import org.apache.pulsar.broker.loadbalance.extensions.ExtensibleLoadManagerImpl;
+import org.apache.pulsar.broker.loadbalance.extensions.data.BrokerLookupData;
import org.apache.pulsar.broker.namespace.LookupOptions;
import org.apache.pulsar.broker.namespace.NamespaceService;
import org.apache.pulsar.broker.resources.BookieResources;
@@ -92,6 +94,7 @@ import org.apache.pulsar.common.policies.data.TopicOperation;
import org.apache.pulsar.common.policies.path.PolicyPath;
import org.apache.pulsar.common.util.FutureUtil;
import org.apache.pulsar.metadata.api.MetadataStoreException;
+import org.apache.pulsar.metadata.api.coordination.LockManager;
import org.checkerframework.checker.nullness.qual.NonNull;
import org.checkerframework.checker.nullness.qual.Nullable;
import org.slf4j.Logger;
@@ -1199,24 +1202,43 @@ public abstract class PulsarWebResource {
/**
* Redirect the call to the specified broker.
*
- * @param broker
- * Broker name
+ * @param brokerId broker's id (lookup service address)
*/
- protected void validateBrokerName(String broker) {
- String brokerUrl = String.format("http://%s", broker);
- String brokerUrlTls = String.format("https://%s", broker);
- if (!brokerUrl.equals(pulsar().getWebServiceAddress())
- && !brokerUrlTls.equals(pulsar().getWebServiceAddressTls())) {
- String[] parts = broker.split(":");
- checkArgument(parts.length == 2, String.format("Invalid broker url %s", broker));
- String host = parts[0];
- int port = Integer.parseInt(parts[1]);
-
- URI redirect = UriBuilder.fromUri(uri.getRequestUri()).host(host).port(port).build();
- log.debug("[{}] Redirecting the rest call to {}: broker={}", clientAppId(), redirect, broker);
- throw new WebApplicationException(Response.temporaryRedirect(redirect).build());
-
+ protected CompletableFuture<Void> maybeRedirectToBroker(String brokerId) {
+ // backwards compatibility
+ String cleanedBrokerId = brokerId.replaceFirst("http[s]?://", "");
+ if (pulsar.getBrokerId().equals(cleanedBrokerId)
+ // backwards compatibility
+ || ("http://" + cleanedBrokerId).equals(pulsar().getWebServiceAddress())
+ || ("https://" + cleanedBrokerId).equals(pulsar().getWebServiceAddressTls())) {
+ // no need to redirect, the current broker matches the given broker id
+ return CompletableFuture.completedFuture(null);
}
+ LockManager<BrokerLookupData> brokerLookupDataLockManager =
+ pulsar().getCoordinationService().getLockManager(BrokerLookupData.class);
+ return brokerLookupDataLockManager.readLock(LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + cleanedBrokerId)
+ .thenAccept(brokerLookupDataOptional -> {
+ if (brokerLookupDataOptional.isEmpty()) {
+ throw new RestException(Status.NOT_FOUND,
+ "Broker id '" + brokerId + "' not found in available brokers.");
+ }
+ brokerLookupDataOptional.ifPresent(brokerLookupData -> {
+ URI targetBrokerUri;
+ if ((isRequestHttps() || StringUtils.isBlank(brokerLookupData.getWebServiceUrl()))
+ && StringUtils.isNotBlank(brokerLookupData.getWebServiceUrlTls())) {
+ targetBrokerUri = URI.create(brokerLookupData.getWebServiceUrlTls());
+ } else {
+ targetBrokerUri = URI.create(brokerLookupData.getWebServiceUrl());
+ }
+ URI redirect = UriBuilder.fromUri(uri.getRequestUri())
+ .scheme(targetBrokerUri.getScheme())
+ .host(targetBrokerUri.getHost())
+ .port(targetBrokerUri.getPort()).build();
+ log.debug("[{}] Redirecting the rest call to {}: broker={}", clientAppId(), redirect,
+ cleanedBrokerId);
+ throw new WebApplicationException(Response.temporaryRedirect(redirect).build());
+ });
+ });
}
public void validateTopicPolicyOperation(TopicName topicName, PolicyName policy, PolicyOperation operation) {
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/SLAMonitoringTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/SLAMonitoringTest.java
index 47949d7312b..4a6524bf245 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/SLAMonitoringTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/SLAMonitoringTest.java
@@ -102,9 +102,9 @@ public class SLAMonitoringTest {
createTenant(pulsarAdmins[BROKER_COUNT - 1]);
for (int i = 0; i < BROKER_COUNT; i++) {
- String topic = String.format("%s/%s/%s:%s", NamespaceService.SLA_NAMESPACE_PROPERTY, "my-cluster",
- pulsarServices[i].getAdvertisedAddress(), brokerWebServicePorts[i]);
- pulsarAdmins[0].namespaces().createNamespace(topic);
+ var namespaceName = NamespaceService.getSLAMonitorNamespace(pulsarServices[i].getBrokerId(),
+ pulsarServices[i].getConfig());
+ pulsarAdmins[0].namespaces().createNamespace(namespaceName.toString());
}
}
@@ -173,9 +173,9 @@ public class SLAMonitoringTest {
public void testOwnershipViaAdminAfterSetup() {
for (int i = 0; i < BROKER_COUNT; i++) {
try {
- String topic = String.format("persistent://%s/%s/%s:%s/%s",
- NamespaceService.SLA_NAMESPACE_PROPERTY, "my-cluster", pulsarServices[i].getAdvertisedAddress(),
- brokerWebServicePorts[i], "my-topic");
+ String topic = String.format("persistent://%s/%s/%s/%s",
+ NamespaceService.SLA_NAMESPACE_PROPERTY, "my-cluster",
+ pulsarServices[i].getBrokerId(), "my-topic");
assertEquals(pulsarAdmins[0].lookups().lookupTopic(topic),
"pulsar://" + pulsarServices[i].getAdvertisedAddress() + ":" + brokerNativeBrokerPorts[i]);
} catch (Exception e) {
@@ -199,8 +199,8 @@ public class SLAMonitoringTest {
fail("Should be a able to close the broker index " + crashIndex + " Exception: " + e);
}
- String topic = String.format("persistent://%s/%s/%s:%s/%s", NamespaceService.SLA_NAMESPACE_PROPERTY,
- "my-cluster", pulsarServices[crashIndex].getAdvertisedAddress(), brokerWebServicePorts[crashIndex],
+ String topic = String.format("persistent://%s/%s/%s/%s", NamespaceService.SLA_NAMESPACE_PROPERTY,
+ "my-cluster", pulsarServices[crashIndex].getBrokerId(),
"my-topic");
log.info("Lookup for namespace {}", topic);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiMultiBrokersTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiMultiBrokersTest.java
index 13cac6b5905..b0f611317f8 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiMultiBrokersTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiMultiBrokersTest.java
@@ -81,9 +81,8 @@ public class AdminApiMultiBrokersTest extends MultiBrokerBaseTest {
assertTrue(leaderBroker.isPresent());
log.info("Leader broker is {}", leaderBroker);
for (PulsarAdmin admin : getAllAdmins()) {
- String serviceUrl = admin.brokers().getLeaderBroker().getServiceUrl();
- log.info("Pulsar admin get leader broker is {}", serviceUrl);
- assertEquals(leaderBroker.get().getServiceUrl(), serviceUrl);
+ String brokerId = admin.brokers().getLeaderBroker().getBrokerId();
+ assertEquals(leaderBroker.get().getBrokerId(), brokerId);
}
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
index b72f1b697f7..5b1dba54d77 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
@@ -329,10 +329,12 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
} catch (PulsarAdminException e) {
assertTrue(e instanceof PreconditionFailedException);
}
+
+ restartBroker();
}
@Test
- public void clusterNamespaceIsolationPolicies() throws PulsarAdminException {
+ public void clusterNamespaceIsolationPolicies() throws Exception {
try {
// create
String policyName1 = "policy-1";
@@ -508,6 +510,7 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
// Ok
}
+ restartBroker();
}
@Test
@@ -525,7 +528,8 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
Assert.assertEquals(list2.size(), 1);
BrokerInfo leaderBroker = admin.brokers().getLeaderBroker();
- Assert.assertEquals(leaderBroker.getServiceUrl(), pulsar.getLeaderElectionService().getCurrentLeader().map(LeaderBroker::getServiceUrl).get());
+ Assert.assertEquals(leaderBroker.getBrokerId(),
+ pulsar.getLeaderElectionService().getCurrentLeader().map(LeaderBroker::getBrokerId).get());
Map<String, NamespaceOwnershipStatus> nsMap = admin.brokers().getOwnedNamespaces("test", list.get(0));
// since sla-monitor ns is not created nsMap.size() == 1 (for HeartBeat Namespace)
@@ -533,7 +537,7 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
for (String ns : nsMap.keySet()) {
NamespaceOwnershipStatus nsStatus = nsMap.get(ns);
if (ns.equals(
- NamespaceService.getHeartbeatNamespace(pulsar.getLookupServiceAddress(), pulsar.getConfiguration())
+ NamespaceService.getHeartbeatNamespace(pulsar.getBrokerId(), pulsar.getConfiguration())
+ "/0x00000000_0xffffffff")) {
assertEquals(nsStatus.broker_assignment, BrokerAssignment.shared);
assertFalse(nsStatus.is_controlled);
@@ -699,6 +703,10 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
Awaitility.await().until(() -> pulsar.getConfiguration().getBrokerShutdownTimeoutMs() == newValue);
// verify value is updated
assertEquals(pulsar.getConfiguration().getBrokerShutdownTimeoutMs(), newValue);
+ // reset config
+ pulsar.getConfiguration().setBrokerShutdownTimeoutMs(0L);
+ // restart broker
+ restartBroker();
}
/**
@@ -797,6 +805,8 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
TenantInfoImpl tenantInfo = new TenantInfoImpl(Set.of("role1", "role2"),
Set.of("test", "usw"));
admin.tenants().updateTenant("prop-xyz", tenantInfo);
+ Awaitility.await().untilAsserted(() ->
+ assertEquals(admin.tenants().getTenantInfo("prop-xyz").getAllowedClusters(), Set.of("test", "usw")));
assertEquals(admin.namespaces().getPolicies("prop-xyz/ns1").bundles, PoliciesUtil.defaultBundle());
@@ -3104,6 +3114,9 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
TenantInfoImpl tenantInfo = new TenantInfoImpl(Set.of("role1", "role2"),
Set.of("test", "usw"));
admin.tenants().updateTenant("prop-xyz", tenantInfo);
+ Awaitility.await().untilAsserted(() ->
+ assertEquals(admin.tenants().getTenantInfo("prop-xyz").getAllowedClusters(),
+ tenantInfo.getAllowedClusters()));
admin.namespaces().createNamespace("prop-xyz/getBundleNs", 100);
assertEquals(admin.namespaces().getPolicies("prop-xyz/getBundleNs").bundles.getNumBundles(), 100);
@@ -3297,6 +3310,9 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
TenantInfoImpl tenantInfo = new TenantInfoImpl(Set.of("role1", "role2"),
Set.of("test", "usw"));
admin.tenants().updateTenant("prop-xyz", tenantInfo);
+ Awaitility.await().untilAsserted(() ->
+ assertEquals(admin.tenants().getTenantInfo("prop-xyz").getAllowedClusters(),
+ tenantInfo.getAllowedClusters()));
String ns = BrokerTestUtil.newUniqueName("prop-xyz/ns");
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java
index 046f2b4cf14..e9352503822 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminTest.java
@@ -726,7 +726,8 @@ public class AdminTest extends MockedPulsarServiceBaseTest {
Object leaderBrokerRes = asyncRequests(ctx -> brokers.getLeaderBroker(ctx));
assertTrue(leaderBrokerRes instanceof BrokerInfo);
BrokerInfo leaderBroker = (BrokerInfo)leaderBrokerRes;
- assertEquals(leaderBroker.getServiceUrl(), pulsar.getLeaderElectionService().getCurrentLeader().map(LeaderBroker::getServiceUrl).get());
+ assertEquals(leaderBroker.getBrokerId(),
+ pulsar.getLeaderElectionService().getCurrentLeader().map(LeaderBroker::getBrokerId).get());
}
@Test
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
index 63210231fd9..75ce99cba59 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
@@ -449,7 +449,7 @@ public class V1_AdminApiTest extends MockedPulsarServiceBaseTest {
for (String ns : nsMap.keySet()) {
NamespaceOwnershipStatus nsStatus = nsMap.get(ns);
if (ns.equals(
- NamespaceService.getHeartbeatNamespace(pulsar.getLookupServiceAddress(), pulsar.getConfiguration())
+ NamespaceService.getHeartbeatNamespace(pulsar.getBrokerId(), pulsar.getConfiguration())
+ "/0x00000000_0xffffffff")) {
assertEquals(nsStatus.broker_assignment, BrokerAssignment.shared);
assertFalse(nsStatus.is_controlled);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersMultiBrokerLeaderElectionTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersMultiBrokerLeaderElectionTest.java
new file mode 100644
index 00000000000..5adc78b2c52
--- /dev/null
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersMultiBrokerLeaderElectionTest.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.broker.loadbalance;
+
+import java.util.Optional;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.pulsar.broker.ServiceConfiguration;
+import org.apache.pulsar.broker.testcontext.PulsarTestContext;
+import org.testng.annotations.Test;
+
+@Slf4j
+@Test(groups = "broker")
+public class AdvertisedListenersMultiBrokerLeaderElectionTest extends MultiBrokerLeaderElectionTest {
+ @Override
+ protected PulsarTestContext.Builder createPulsarTestContextBuilder(ServiceConfiguration conf) {
+ conf.setWebServicePortTls(Optional.of(0));
+ return super.createPulsarTestContextBuilder(conf).preallocatePorts(true).configOverride(config -> {
+ // use advertised address that is different than the name used in the advertised listeners
+ config.setAdvertisedAddress("localhost");
+ config.setAdvertisedListeners(
+ "public_pulsar:pulsar://127.0.0.1:" + config.getBrokerServicePort().get()
+ + ",public_http:http://127.0.0.1:" + config.getWebServicePort().get()
+ + ",public_https:https://127.0.0.1:" + config.getWebServicePortTls().get());
+ });
+ }
+}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LeaderElectionServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LeaderElectionServiceTest.java
index 008897136f8..ded4ee8e58d 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LeaderElectionServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LeaderElectionServiceTest.java
@@ -115,7 +115,8 @@ public class LeaderElectionServiceTest {
checkLookupException(tenant, namespace, client);
// broker, webService and leaderElectionService is started, and elect is done;
- leaderBrokerReference.set(new LeaderBroker(pulsar.getWebServiceAddress()));
+ leaderBrokerReference.set(
+ new LeaderBroker(pulsar.getBrokerId(), pulsar.getSafeWebServiceAddress()));
Producer<byte[]> producer = client.newProducer()
.topic("persistent://" + tenant + "/" + namespace + "/1p")
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
index 7cc4499df97..e350004a739 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
@@ -138,7 +138,7 @@ public class LoadBalancerTest {
brokerNativeBrokerPorts[i] = pulsarServices[i].getBrokerListenPort().get();
brokerUrls[i] = new URL("http://127.0.0.1" + ":" + brokerWebServicePorts[i]);
- lookupAddresses[i] = pulsarServices[i].getAdvertisedAddress() + ":" + pulsarServices[i].getListenPortHTTP().get();
+ lookupAddresses[i] = pulsarServices[i].getBrokerId();
pulsarAdmins[i] = PulsarAdmin.builder().serviceHttpUrl(brokerUrls[i].toString()).build();
}
@@ -409,7 +409,7 @@ public class LoadBalancerTest {
double expectedMaxVariation = 10.0;
for (int i = 0; i < BROKER_COUNT; i++) {
long actualValue = 0;
- String resourceId = "http://" + lookupAddresses[i];
+ String resourceId = lookupAddresses[i];
if (namespaceOwner.containsKey(resourceId)) {
actualValue = namespaceOwner.get(resourceId);
}
@@ -695,7 +695,7 @@ public class LoadBalancerTest {
}
}
// Make sure all brokers see the same leader
- log.info("Old leader is : {}", oldLeader.getServiceUrl());
+ log.info("Old leader is : {}", oldLeader.getBrokerId());
for (PulsarService pulsar : activePulsar) {
log.info("Current leader for {} is : {}", pulsar.getWebServiceAddress(), pulsar.getLeaderElectionService().getCurrentLeader());
assertEquals(pulsar.getLeaderElectionService().readCurrentLeader().join(), Optional.of(oldLeader));
@@ -705,7 +705,7 @@ public class LoadBalancerTest {
leaderPulsar.close();
loopUntilLeaderChangesForAllBroker(followerPulsar, oldLeader);
LeaderBroker newLeader = followerPulsar.get(0).getLeaderElectionService().readCurrentLeader().join().get();
- log.info("New leader is : {}", newLeader.getServiceUrl());
+ log.info("New leader is : {}", newLeader.getBrokerId());
Assert.assertNotEquals(newLeader, oldLeader);
}
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/MultiBrokerLeaderElectionTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/MultiBrokerLeaderElectionTest.java
index 5c840129dd8..103983506a6 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/MultiBrokerLeaderElectionTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/MultiBrokerLeaderElectionTest.java
@@ -20,6 +20,7 @@ package org.apache.pulsar.broker.loadbalance;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertTrue;
+import java.net.InetSocketAddress;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
@@ -36,14 +37,24 @@ import lombok.Cleanup;
import lombok.extern.slf4j.Slf4j;
import org.apache.pulsar.broker.MultiBrokerTestZKBaseTest;
import org.apache.pulsar.broker.PulsarService;
+import org.apache.pulsar.client.admin.Lookup;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminException;
+import org.apache.pulsar.client.api.PulsarClient;
+import org.apache.pulsar.client.impl.LookupService;
+import org.apache.pulsar.client.impl.PulsarClientImpl;
+import org.apache.pulsar.common.naming.TopicName;
import org.awaitility.Awaitility;
import org.testng.annotations.Test;
@Slf4j
@Test(groups = "broker")
public class MultiBrokerLeaderElectionTest extends MultiBrokerTestZKBaseTest {
+ public MultiBrokerLeaderElectionTest() {
+ super();
+ this.isTcpLookup = true;
+ }
+
@Override
protected int numberOfAdditionalBrokers() {
return 9;
@@ -88,39 +99,80 @@ public class MultiBrokerLeaderElectionTest extends MultiBrokerTestZKBaseTest {
});
}
- @Test
- public void shouldProvideConsistentAnswerToTopicLookups()
+ @Test(timeOut = 60000L)
+ public void shouldProvideConsistentAnswerToTopicLookupsUsingAdminApi()
throws PulsarAdminException, ExecutionException, InterruptedException {
- String topicNameBase = "persistent://public/default/lookuptest" + UUID.randomUUID() + "-";
+ String namespace = "public/ns" + UUID.randomUUID();
+ admin.namespaces().createNamespace(namespace, 256);
+ String topicNameBase = "persistent://" + namespace + "/lookuptest-";
List<String> topicNames = IntStream.range(0, 500).mapToObj(i -> topicNameBase + i)
.collect(Collectors.toList());
List<PulsarAdmin> allAdmins = getAllAdmins();
@Cleanup("shutdown")
ExecutorService executorService = Executors.newFixedThreadPool(allAdmins.size());
List<Future<List<String>>> resultFutures = new ArrayList<>();
- String leaderBrokerUrl = admin.brokers().getLeaderBroker().getServiceUrl();
- log.info("LEADER is {}", leaderBrokerUrl);
// use Phaser to increase the chances of a race condition by triggering all threads once
- // they are waiting just before the lookupTopic call
+ // they are waiting just before each lookupTopic call
final Phaser phaser = new Phaser(1);
for (PulsarAdmin brokerAdmin : allAdmins) {
- if (!leaderBrokerUrl.equals(brokerAdmin.getServiceUrl())) {
- phaser.register();
- log.info("Doing lookup to broker {}", brokerAdmin.getServiceUrl());
- resultFutures.add(executorService.submit(() -> {
- phaser.arriveAndAwaitAdvance();
- return topicNames.stream().map(topicName -> {
- try {
- return brokerAdmin.lookups().lookupTopic(topicName);
- } catch (PulsarAdminException e) {
- log.error("Error looking up topic {} in {}", topicName, brokerAdmin.getServiceUrl());
- throw new RuntimeException(e);
- }
- }).collect(Collectors.toList());
- }));
+ phaser.register();
+ Lookup lookups = brokerAdmin.lookups();
+ log.info("Doing lookup to broker {}", brokerAdmin.getServiceUrl());
+ resultFutures.add(executorService.submit(() -> topicNames.stream().map(topicName -> {
+ phaser.arriveAndAwaitAdvance();
+ try {
+ return lookups.lookupTopic(topicName);
+ } catch (PulsarAdminException e) {
+ log.error("Error looking up topic {} in {}", topicName, brokerAdmin.getServiceUrl());
+ throw new RuntimeException(e);
+ }
+ }).collect(Collectors.toList())));
+ }
+ phaser.arriveAndDeregister();
+ List<String> firstResult = null;
+ for (Future<List<String>> resultFuture : resultFutures) {
+ List<String> result = resultFuture.get();
+ if (firstResult == null) {
+ firstResult = result;
+ } else {
+ assertEquals(result, firstResult, "The lookup results weren't consistent.");
}
}
- phaser.arriveAndAwaitAdvance();
+ }
+
+ @Test(timeOut = 60000L)
+ public void shouldProvideConsistentAnswerToTopicLookupsUsingClient()
+ throws PulsarAdminException, ExecutionException, InterruptedException {
+ String namespace = "public/ns" + UUID.randomUUID();
+ admin.namespaces().createNamespace(namespace, 256);
+ String topicNameBase = "persistent://" + namespace + "/lookuptest-";
+ List<String> topicNames = IntStream.range(0, 500).mapToObj(i -> topicNameBase + i)
+ .collect(Collectors.toList());
+ List<PulsarClient> allClients = getAllClients();
+ @Cleanup("shutdown")
+ ExecutorService executorService = Executors.newFixedThreadPool(allClients.size());
+ List<Future<List<String>>> resultFutures = new ArrayList<>();
+ // use Phaser to increase the chances of a race condition by triggering all threads once
+ // they are waiting just before each lookupTopic call
+ final Phaser phaser = new Phaser(1);
+ for (PulsarClient brokerClient : allClients) {
+ phaser.register();
+ String serviceUrl = ((PulsarClientImpl) brokerClient).getConfiguration().getServiceUrl();
+ LookupService lookupService = ((PulsarClientImpl) brokerClient).getLookup();
+ log.info("Doing lookup to broker {}", serviceUrl);
+ resultFutures.add(executorService.submit(() -> topicNames.stream().map(topicName -> {
+ phaser.arriveAndAwaitAdvance();
+ try {
+ InetSocketAddress logicalAddress =
+ lookupService.getBroker(TopicName.get(topicName)).get().getLeft();
+ return logicalAddress.getHostString() + ":" + logicalAddress.getPort();
+ } catch (InterruptedException | ExecutionException e) {
+ log.error("Error looking up topic {} in {}", topicName, serviceUrl);
+ throw new RuntimeException(e);
+ }
+ }).collect(Collectors.toList())));
+ }
+ phaser.arriveAndDeregister();
List<String> firstResult = null;
for (Future<List<String>> resultFuture : resultFutures) {
List<String> result = resultFuture.get();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
index 820d966f62d..f92faa3e4bd 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
@@ -24,7 +24,7 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNotEquals;
import static org.testng.Assert.assertNull;
import static org.testng.Assert.assertTrue;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -211,7 +211,7 @@ public class SimpleLoadManagerImplTest {
rd.put("bandwidthIn", new ResourceUsage(250 * 1024, 1024 * 1024));
rd.put("bandwidthOut", new ResourceUsage(550 * 1024, 1024 * 1024));
- ResourceUnit ru1 = new SimpleResourceUnit("http://prod2-broker7.messaging.usw.example.com:8080", rd);
+ ResourceUnit ru1 = new SimpleResourceUnit("prod2-broker7.messaging.usw.example.com:8080", rd);
Set<ResourceUnit> rus = new HashSet<>();
rus.add(ru1);
LoadRanker lr = new ResourceAvailabilityRanker();
@@ -246,15 +246,15 @@ public class SimpleLoadManagerImplTest {
rd.put("bandwidthIn", new ResourceUsage(250 * 1024, 1024 * 1024));
rd.put("bandwidthOut", new ResourceUsage(550 * 1024, 1024 * 1024));
- ResourceUnit ru1 = new SimpleResourceUnit(
- "http://" + pulsar1.getAdvertisedAddress() + ":" + pulsar1.getConfiguration().getWebServicePort().get(), rd);
+ ResourceUnit ru1 = new SimpleResourceUnit(pulsar1.getBrokerId(), rd);
Set<ResourceUnit> rus = new HashSet<>();
rus.add(ru1);
LoadRanker lr = new ResourceAvailabilityRanker();
// inject the load report and rankings
Map<ResourceUnit, org.apache.pulsar.policies.data.loadbalancer.LoadReport> loadReports = new HashMap<>();
- org.apache.pulsar.policies.data.loadbalancer.LoadReport loadReport = new org.apache.pulsar.policies.data.loadbalancer.LoadReport();
+ org.apache.pulsar.policies.data.loadbalancer.LoadReport loadReport =
+ new org.apache.pulsar.policies.data.loadbalancer.LoadReport();
loadReport.setSystemResourceUsage(new SystemResourceUsage());
loadReports.put(ru1, loadReport);
setObjectField(SimpleLoadManagerImpl.class, loadManager, "currentLoadReports", loadReports);
@@ -269,10 +269,9 @@ public class SimpleLoadManagerImplTest {
sortedRankingsInstance.get().put(lr.getRank(rd), rus);
setObjectField(SimpleLoadManagerImpl.class, loadManager, "sortedRankings", sortedRankingsInstance);
- final Optional<ResourceUnit> leastLoaded = loadManager.getLeastLoaded(NamespaceName.get("pulsar/use/primary-ns.10"));
- // broker is not active so found should be null
- assertFalse(leastLoaded.isPresent());
-
+ ResourceUnit found = loadManager.getLeastLoaded(NamespaceName.get("pulsar/use/primary-ns.10")).get();
+ // TODO: this test doesn't make sense. This was the original assertion.
+ assertNotEquals(found, null, "did not find a broker when expected one to be found");
}
@Test(enabled = false)
@@ -286,7 +285,7 @@ public class SimpleLoadManagerImplTest {
rd.put("bandwidthIn", new ResourceUsage(250 * 1024, 1024 * 1024));
rd.put("bandwidthOut", new ResourceUsage(550 * 1024, 1024 * 1024));
- ResourceUnit ru1 = new SimpleResourceUnit("http://prod2-broker7.messaging.usw.example.com:8080", rd);
+ ResourceUnit ru1 = new SimpleResourceUnit("prod2-broker7.messaging.usw.example.com:8080", rd);
Set<ResourceUnit> rus = new HashSet<>();
rus.add(ru1);
LoadRanker lr = new ResourceAvailabilityRanker();
@@ -355,8 +354,8 @@ public class SimpleLoadManagerImplTest {
rd.put("bandwidthIn", new ResourceUsage(250 * 1024, 1024 * 1024));
rd.put("bandwidthOut", new ResourceUsage(550 * 1024, 1024 * 1024));
- ResourceUnit ru1 = new SimpleResourceUnit("http://pulsar-broker1.com:8080", rd);
- ResourceUnit ru2 = new SimpleResourceUnit("http://pulsar-broker2.com:8080", rd);
+ ResourceUnit ru1 = new SimpleResourceUnit("pulsar-broker1.com:8080", rd);
+ ResourceUnit ru2 = new SimpleResourceUnit("pulsar-broker2.com:8080", rd);
Set<ResourceUnit> rus = new HashSet<>();
rus.add(ru1);
rus.add(ru2);
@@ -409,22 +408,18 @@ public class SimpleLoadManagerImplTest {
final SimpleLoadManagerImpl loadManager = (SimpleLoadManagerImpl) pulsar1.getLoadManager().get();
for (final NamespaceBundle bundle : bundles) {
- if (loadManager.getLeastLoaded(bundle).get().getResourceId().equals(getAddress(primaryTlsHost))) {
+ if (loadManager.getLeastLoaded(bundle).get().getResourceId().equals(pulsar1.getBrokerId())) {
++numAssignedToPrimary;
} else {
++numAssignedToSecondary;
}
// Check that number of assigned bundles are equivalent when an even number have been assigned.
if ((numAssignedToPrimary + numAssignedToSecondary) % 2 == 0) {
- assert (numAssignedToPrimary == numAssignedToSecondary);
+ assertEquals(numAssignedToPrimary, numAssignedToSecondary);
}
}
}
- private static String getAddress(String url) {
- return url.replaceAll("https", "http");
- }
-
@Test
public void testNamespaceBundleStats() {
NamespaceBundleStats nsb1 = new NamespaceBundleStats();
@@ -514,7 +509,8 @@ public class SimpleLoadManagerImplTest {
}
private void setupClusters() throws PulsarAdminException {
- admin1.clusters().createCluster("use", ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress()).build());
+ admin1.clusters().createCluster("use", ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress())
+ .brokerServiceUrl(pulsar1.getBrokerServiceUrl()).build());
TenantInfoImpl tenantInfo = new TenantInfoImpl(Set.of("role1", "role2"), Set.of("use"));
defaultTenant = "prop-xyz";
admin1.tenants().createTenant(defaultTenant, tenantInfo);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryTest.java
index 26986a494f0..e199e695cf7 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryTest.java
@@ -76,7 +76,7 @@ public class BrokerRegistryTest {
private LocalBookkeeperEnsemble bkEnsemble;
- // Make sure the load manager don't register itself to `/loadbalance/brokers/{lookupServiceAddress}`
+ // Make sure the load manager don't register itself to `/loadbalance/brokers/{brokerId}`.
public static class MockLoadManager implements LoadManager {
@Override
@@ -292,7 +292,7 @@ public class BrokerRegistryTest {
pulsar1.start();
pulsar2.start();
- doReturn(pulsar1.getLookupServiceAddress()).when(pulsar2).getLookupServiceAddress();
+ doReturn(pulsar1.getBrokerId()).when(pulsar2).getBrokerId();
BrokerRegistryImpl brokerRegistry1 = createBrokerRegistryImpl(pulsar1);
BrokerRegistryImpl brokerRegistry2 = createBrokerRegistryImpl(pulsar2);
brokerRegistry1.start();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImplTest.java
index 05a6e4e8762..4ec884a624e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/ExtensibleLoadManagerImplTest.java
@@ -286,7 +286,7 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
public CompletableFuture<Map<String, BrokerLookupData>> filterAsync(Map<String, BrokerLookupData> brokers,
ServiceUnitId serviceUnit,
LoadManagerContext context) {
- brokers.remove(pulsar1.getLookupServiceAddress());
+ brokers.remove(pulsar1.getBrokerId());
return CompletableFuture.completedFuture(brokers);
}
@@ -370,10 +370,10 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
});
- String dstBrokerUrl = pulsar1.getLookupServiceAddress();
+ String dstBrokerUrl = pulsar1.getBrokerId();
String dstBrokerServiceUrl;
if (broker.equals(pulsar1.getBrokerServiceUrl())) {
- dstBrokerUrl = pulsar2.getLookupServiceAddress();
+ dstBrokerUrl = pulsar2.getBrokerId();
dstBrokerServiceUrl = pulsar2.getBrokerServiceUrl();
} else {
dstBrokerServiceUrl = pulsar1.getBrokerServiceUrl();
@@ -526,13 +526,13 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
TopicName topicName = TopicName.get(defaultTestNamespace + "/test-filter-has-exception");
NamespaceBundle bundle = getBundleAsync(pulsar1, topicName).get();
- String lookupServiceAddress1 = pulsar1.getLookupServiceAddress();
+ String brokerId1 = pulsar1.getBrokerId();
doReturn(List.of(new MockBrokerFilter() {
@Override
public CompletableFuture<Map<String, BrokerLookupData>> filterAsync(Map<String, BrokerLookupData> brokers,
ServiceUnitId serviceUnit,
LoadManagerContext context) {
- brokers.remove(lookupServiceAddress1);
+ brokers.remove(brokerId1);
return CompletableFuture.completedFuture(brokers);
}
},new MockBrokerFilter() {
@@ -605,12 +605,12 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
// Test lookup heartbeat namespace's topic
for (PulsarService pulsar : pulsarServices) {
assertLookupHeartbeatOwner(pulsarService,
- pulsar.getLookupServiceAddress(), pulsar.getBrokerServiceUrl());
+ pulsar.getBrokerId(), pulsar.getBrokerServiceUrl());
}
// Test lookup SLA namespace's topic
for (PulsarService pulsar : pulsarServices) {
assertLookupSLANamespaceOwner(pulsarService,
- pulsar.getLookupServiceAddress(), pulsar.getBrokerServiceUrl());
+ pulsar.getBrokerId(), pulsar.getBrokerServiceUrl());
}
}
@@ -667,12 +667,12 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
// Test lookup heartbeat namespace's topic
for (PulsarService pulsar : pulsarServices) {
assertLookupHeartbeatOwner(pulsarService,
- pulsar.getLookupServiceAddress(), pulsar.getBrokerServiceUrl());
+ pulsar.getBrokerId(), pulsar.getBrokerServiceUrl());
}
// Test lookup SLA namespace's topic
for (PulsarService pulsar : pulsarServices) {
assertLookupSLANamespaceOwner(pulsarService,
- pulsar.getLookupServiceAddress(), pulsar.getBrokerServiceUrl());
+ pulsar.getBrokerId(), pulsar.getBrokerServiceUrl());
}
}
}
@@ -682,25 +682,25 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
}
private void assertLookupHeartbeatOwner(PulsarService pulsar,
- String lookupServiceAddress,
+ String brokerId,
String expectedBrokerServiceUrl) throws Exception {
NamespaceName heartbeatNamespaceV1 =
- getHeartbeatNamespace(lookupServiceAddress, pulsar.getConfiguration());
+ getHeartbeatNamespace(brokerId, pulsar.getConfiguration());
String heartbeatV1Topic = heartbeatNamespaceV1.getPersistentTopicName("test");
assertEquals(pulsar.getAdminClient().lookups().lookupTopic(heartbeatV1Topic), expectedBrokerServiceUrl);
NamespaceName heartbeatNamespaceV2 =
- getHeartbeatNamespaceV2(lookupServiceAddress, pulsar.getConfiguration());
+ getHeartbeatNamespaceV2(brokerId, pulsar.getConfiguration());
String heartbeatV2Topic = heartbeatNamespaceV2.getPersistentTopicName("test");
assertEquals(pulsar.getAdminClient().lookups().lookupTopic(heartbeatV2Topic), expectedBrokerServiceUrl);
}
private void assertLookupSLANamespaceOwner(PulsarService pulsar,
- String lookupServiceAddress,
+ String brokerId,
String expectedBrokerServiceUrl) throws Exception {
- NamespaceName slaMonitorNamespace = getSLAMonitorNamespace(lookupServiceAddress, pulsar.getConfiguration());
+ NamespaceName slaMonitorNamespace = getSLAMonitorNamespace(brokerId, pulsar.getConfiguration());
String slaMonitorTopic = slaMonitorNamespace.getPersistentTopicName("test");
String result = pulsar.getAdminClient().lookups().lookupTopic(slaMonitorTopic);
log.info("Topic {} Lookup result: {}", slaMonitorTopic, result);
@@ -1041,7 +1041,7 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
NamespaceBundle bundle = getBundleAsync(pulsar1, topicName).get();
if (!pulsar3.getBrokerServiceUrl().equals(lookupResult1)) {
admin.namespaces().unloadNamespaceBundle(topicName.getNamespace(), bundle.getBundleRange(),
- pulsar3.getLookupServiceAddress());
+ pulsar3.getBrokerId());
lookupResult1 = pulsar2.getAdminClient().lookups().lookupTopic(topic);
}
String lookupResult2 = pulsar1.getAdminClient().lookups().lookupTopic(topic);
@@ -1108,20 +1108,20 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
@Test(timeOut = 30 * 1000, priority = -1)
public void testGetOwnedServiceUnitsAndGetOwnedNamespaceStatus() throws Exception {
NamespaceName heartbeatNamespacePulsar1V1 =
- getHeartbeatNamespace(pulsar1.getLookupServiceAddress(), pulsar1.getConfiguration());
+ getHeartbeatNamespace(pulsar1.getBrokerId(), pulsar1.getConfiguration());
NamespaceName heartbeatNamespacePulsar1V2 =
- NamespaceService.getHeartbeatNamespaceV2(pulsar1.getLookupServiceAddress(), pulsar1.getConfiguration());
+ NamespaceService.getHeartbeatNamespaceV2(pulsar1.getBrokerId(), pulsar1.getConfiguration());
NamespaceName heartbeatNamespacePulsar2V1 =
- getHeartbeatNamespace(pulsar2.getLookupServiceAddress(), pulsar2.getConfiguration());
+ getHeartbeatNamespace(pulsar2.getBrokerId(), pulsar2.getConfiguration());
NamespaceName heartbeatNamespacePulsar2V2 =
- NamespaceService.getHeartbeatNamespaceV2(pulsar2.getLookupServiceAddress(), pulsar2.getConfiguration());
+ NamespaceService.getHeartbeatNamespaceV2(pulsar2.getBrokerId(), pulsar2.getConfiguration());
NamespaceName slaMonitorNamespacePulsar1 =
- getSLAMonitorNamespace(pulsar1.getLookupServiceAddress(), pulsar1.getConfiguration());
+ getSLAMonitorNamespace(pulsar1.getBrokerId(), pulsar1.getConfiguration());
NamespaceName slaMonitorNamespacePulsar2 =
- getSLAMonitorNamespace(pulsar2.getLookupServiceAddress(), pulsar2.getConfiguration());
+ getSLAMonitorNamespace(pulsar2.getBrokerId(), pulsar2.getConfiguration());
NamespaceBundle bundle1 = pulsar1.getNamespaceService().getNamespaceBundleFactory()
.getFullBundle(heartbeatNamespacePulsar1V1);
@@ -1151,9 +1151,9 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
assertTrue(ownedServiceUnitsByPulsar2.contains(bundle4));
assertTrue(ownedServiceUnitsByPulsar2.contains(slaBundle2));
Map<String, NamespaceOwnershipStatus> ownedNamespacesByPulsar1 =
- admin.brokers().getOwnedNamespaces(conf.getClusterName(), pulsar1.getLookupServiceAddress());
+ admin.brokers().getOwnedNamespaces(conf.getClusterName(), pulsar1.getBrokerId());
Map<String, NamespaceOwnershipStatus> ownedNamespacesByPulsar2 =
- admin.brokers().getOwnedNamespaces(conf.getClusterName(), pulsar2.getLookupServiceAddress());
+ admin.brokers().getOwnedNamespaces(conf.getClusterName(), pulsar2.getBrokerId());
assertTrue(ownedNamespacesByPulsar1.containsKey(bundle1.toString()));
assertTrue(ownedNamespacesByPulsar1.containsKey(bundle2.toString()));
assertTrue(ownedNamespacesByPulsar1.containsKey(slaBundle1.toString()));
@@ -1185,7 +1185,7 @@ public class ExtensibleLoadManagerImplTest extends MockedPulsarServiceBaseTest {
assertTrue(ownedBundles.contains(bundle));
});
Map<String, NamespaceOwnershipStatus> ownedNamespaces =
- admin.brokers().getOwnedNamespaces(conf.getClusterName(), pulsar.getLookupServiceAddress());
+ admin.brokers().getOwnedNamespaces(conf.getClusterName(), pulsar.getBrokerId());
assertTrue(ownedNamespaces.containsKey(bundle.toString()));
NamespaceOwnershipStatus status = ownedNamespaces.get(bundle.toString());
assertTrue(status.is_active);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelTest.java
index 842c85a3650..158b91fd277 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/channel/ServiceUnitStateChannelTest.java
@@ -107,8 +107,8 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
private PulsarService pulsar2;
private ServiceUnitStateChannel channel1;
private ServiceUnitStateChannel channel2;
- private String lookupServiceAddress1;
- private String lookupServiceAddress2;
+ private String brokerId1;
+ private String brokerId2;
private String bundle;
private String bundle1;
private String bundle2;
@@ -156,10 +156,10 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
channel2 = createChannel(pulsar2);
channel2.start();
- lookupServiceAddress1 = (String)
- FieldUtils.readDeclaredField(channel1, "lookupServiceAddress", true);
- lookupServiceAddress2 = (String)
- FieldUtils.readDeclaredField(channel2, "lookupServiceAddress", true);
+ brokerId1 = (String)
+ FieldUtils.readDeclaredField(channel1, "brokerId", true);
+ brokerId2 = (String)
+ FieldUtils.readDeclaredField(channel2, "brokerId", true);
bundle = "public/default/0x00000000_0xffffffff";
bundle1 = "public/default/0x00000000_0xfffffff0";
@@ -219,7 +219,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertEquals(newChannelOwner1, newChannelOwner2);
assertNotEquals(channelOwner1, newChannelOwner1);
- if (newChannelOwner1.equals(Optional.of(lookupServiceAddress1))) {
+ if (newChannelOwner1.equals(Optional.of(brokerId1))) {
assertTrue(channel1.isChannelOwnerAsync().get(2, TimeUnit.SECONDS));
assertFalse(channel2.isChannelOwnerAsync().get(2, TimeUnit.SECONDS));
} else {
@@ -303,7 +303,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
}
}
try {
- channel.publishAssignEventAsync(bundle, lookupServiceAddress1).get(2, TimeUnit.SECONDS);
+ channel.publishAssignEventAsync(bundle, brokerId1).get(2, TimeUnit.SECONDS);
} catch (ExecutionException e) {
if (e.getCause() instanceof IllegalStateException) {
errorCnt++;
@@ -311,7 +311,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
}
try {
channel.publishUnloadEventAsync(
- new Unload(lookupServiceAddress1, bundle, Optional.of(lookupServiceAddress2)))
+ new Unload(brokerId1, bundle, Optional.of(brokerId2)))
.get(2, TimeUnit.SECONDS);
} catch (ExecutionException e) {
if (e.getCause() instanceof IllegalStateException) {
@@ -319,7 +319,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
}
}
try {
- Split split = new Split(bundle, lookupServiceAddress1, Map.of(
+ Split split = new Split(bundle, brokerId1, Map.of(
childBundle1Range, Optional.empty(), childBundle2Range, Optional.empty()));
channel.publishSplitEventAsync(split)
.get(2, TimeUnit.SECONDS);
@@ -360,8 +360,8 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertTrue(owner1.get().isEmpty());
assertTrue(owner2.get().isEmpty());
- var assigned1 = channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
- var assigned2 = channel2.publishAssignEventAsync(bundle, lookupServiceAddress2);
+ var assigned1 = channel1.publishAssignEventAsync(bundle, brokerId1);
+ var assigned2 = channel2.publishAssignEventAsync(bundle, brokerId2);
assertNotNull(assigned1);
assertNotNull(assigned2);
waitUntilOwnerChanges(channel1, bundle, null);
@@ -370,8 +370,8 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
String assignedAddr2 = assigned2.get(5, TimeUnit.SECONDS);
assertEquals(assignedAddr1, assignedAddr2);
- assertTrue(assignedAddr1.equals(lookupServiceAddress1)
- || assignedAddr1.equals(lookupServiceAddress2), assignedAddr1);
+ assertTrue(assignedAddr1.equals(brokerId1)
+ || assignedAddr1.equals(brokerId2), assignedAddr1);
var ownerAddr1 = channel1.getOwnerAsync(bundle).get();
var ownerAddr2 = channel2.getOwnerAsync(bundle).get();
@@ -412,13 +412,13 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertTrue(owner1.get().isEmpty());
assertTrue(owner2.get().isEmpty());
- var owner3 = channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
- var owner4 = channel2.publishAssignEventAsync(bundle, lookupServiceAddress2);
+ var owner3 = channel1.publishAssignEventAsync(bundle, brokerId1);
+ var owner4 = channel2.publishAssignEventAsync(bundle, brokerId2);
assertTrue(owner3.isCompletedExceptionally());
assertNotNull(owner4);
String ownerAddrOpt2 = owner4.get(5, TimeUnit.SECONDS);
- assertEquals(ownerAddrOpt2, lookupServiceAddress2);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress2);
+ assertEquals(ownerAddrOpt2, brokerId2);
+ waitUntilNewOwner(channel1, bundle, brokerId2);
assertEquals(0, getOwnerRequests1.size());
assertEquals(0, getOwnerRequests2.size());
@@ -436,25 +436,25 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertTrue(owner2.get().isEmpty());
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle, brokerId1);
+ waitUntilNewOwner(channel1, bundle, brokerId1);
+ waitUntilNewOwner(channel2, bundle, brokerId1);
var ownerAddr1 = channel1.getOwnerAsync(bundle).get();
var ownerAddr2 = channel2.getOwnerAsync(bundle).get();
assertEquals(ownerAddr1, ownerAddr2);
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress1));
+ assertEquals(ownerAddr1, Optional.of(brokerId1));
- Unload unload = new Unload(lookupServiceAddress1, bundle, Optional.of(lookupServiceAddress2));
+ Unload unload = new Unload(brokerId1, bundle, Optional.of(brokerId2));
channel1.publishUnloadEventAsync(unload);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress2);
+ waitUntilNewOwner(channel1, bundle, brokerId2);
+ waitUntilNewOwner(channel2, bundle, brokerId2);
ownerAddr1 = channel1.getOwnerAsync(bundle).get(5, TimeUnit.SECONDS);
ownerAddr2 = channel2.getOwnerAsync(bundle).get(5, TimeUnit.SECONDS);
assertEquals(ownerAddr1, ownerAddr2);
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress2));
+ assertEquals(ownerAddr1, Optional.of(brokerId2));
validateHandlerCounters(channel1, 2, 0, 2, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0);
validateHandlerCounters(channel2, 2, 0, 2, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0);
@@ -471,14 +471,14 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertEquals(0, getOwnerRequests1.size());
assertEquals(0, getOwnerRequests2.size());
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle, brokerId1);
+ waitUntilNewOwner(channel1, bundle, brokerId1);
+ waitUntilNewOwner(channel2, bundle, brokerId1);
var ownerAddr1 = channel1.getOwnerAsync(bundle).get();
var ownerAddr2 = channel2.getOwnerAsync(bundle).get();
assertEquals(ownerAddr1, ownerAddr2);
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress1));
+ assertEquals(ownerAddr1, Optional.of(brokerId1));
var producer = (Producer<ServiceUnitStateData>) FieldUtils.readDeclaredField(channel1,
"producer", true);
@@ -494,7 +494,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
"inFlightStateWaitingTimeInMillis", 3 * 1000, true);
FieldUtils.writeDeclaredField(channel2,
"inFlightStateWaitingTimeInMillis", 3 * 1000, true);
- Unload unload = new Unload(lookupServiceAddress1, bundle, Optional.of(lookupServiceAddress2));
+ Unload unload = new Unload(brokerId1, bundle, Optional.of(brokerId2));
channel1.publishUnloadEventAsync(unload);
// channel1 is broken. the ownership transfer won't be complete.
waitUntilState(channel1, bundle);
@@ -518,7 +518,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertEquals(0, getOwnerRequests2.size());
// recovered, check the monitor update state : Assigned -> Owned
- doReturn(CompletableFuture.completedFuture(Optional.of(lookupServiceAddress1)))
+ doReturn(CompletableFuture.completedFuture(Optional.of(brokerId1)))
.when(loadManager).selectAsync(any(), any());
FieldUtils.writeDeclaredField(channel2, "producer", producer, true);
FieldUtils.writeDeclaredField(channel1,
@@ -527,18 +527,18 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
"inFlightStateWaitingTimeInMillis", 1 , true);
((ServiceUnitStateChannelImpl) channel1).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
((ServiceUnitStateChannelImpl) channel2).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress1);
+ waitUntilNewOwner(channel1, bundle, brokerId1);
+ waitUntilNewOwner(channel2, bundle, brokerId1);
ownerAddr1 = channel1.getOwnerAsync(bundle).get();
ownerAddr2 = channel2.getOwnerAsync(bundle).get();
assertEquals(ownerAddr1, ownerAddr2);
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress1));
+ assertEquals(ownerAddr1, Optional.of(brokerId1));
var leader = channel1.isChannelOwnerAsync().get() ? channel1 : channel2;
validateMonitorCounters(leader,
@@ -559,13 +559,13 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
@Test(priority = 6)
public void splitAndRetryTest() throws Exception {
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle, brokerId1);
+ waitUntilNewOwner(channel1, bundle, brokerId1);
+ waitUntilNewOwner(channel2, bundle, brokerId1);
var ownerAddr1 = channel1.getOwnerAsync(bundle).get();
var ownerAddr2 = channel2.getOwnerAsync(bundle).get();
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress1));
- assertEquals(ownerAddr2, Optional.of(lookupServiceAddress1));
+ assertEquals(ownerAddr1, Optional.of(brokerId1));
+ assertEquals(ownerAddr2, Optional.of(brokerId1));
assertTrue(ownerAddr1.isPresent());
NamespaceService namespaceService = spy(pulsar1.getNamespaceService());
@@ -606,14 +606,14 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
- waitUntilNewOwner(channel1, childBundle11, lookupServiceAddress1);
- waitUntilNewOwner(channel1, childBundle12, lookupServiceAddress1);
- waitUntilNewOwner(channel2, childBundle11, lookupServiceAddress1);
- waitUntilNewOwner(channel2, childBundle12, lookupServiceAddress1);
- assertEquals(Optional.of(lookupServiceAddress1), channel1.getOwnerAsync(childBundle11).get());
- assertEquals(Optional.of(lookupServiceAddress1), channel1.getOwnerAsync(childBundle12).get());
- assertEquals(Optional.of(lookupServiceAddress1), channel2.getOwnerAsync(childBundle11).get());
- assertEquals(Optional.of(lookupServiceAddress1), channel2.getOwnerAsync(childBundle12).get());
+ waitUntilNewOwner(channel1, childBundle11, brokerId1);
+ waitUntilNewOwner(channel1, childBundle12, brokerId1);
+ waitUntilNewOwner(channel2, childBundle11, brokerId1);
+ waitUntilNewOwner(channel2, childBundle12, brokerId1);
+ assertEquals(Optional.of(brokerId1), channel1.getOwnerAsync(childBundle11).get());
+ assertEquals(Optional.of(brokerId1), channel1.getOwnerAsync(childBundle12).get());
+ assertEquals(Optional.of(brokerId1), channel2.getOwnerAsync(childBundle11).get());
+ assertEquals(Optional.of(brokerId1), channel2.getOwnerAsync(childBundle12).get());
// try the monitor and check the monitor moves `Deleted` -> `Init`
@@ -628,9 +628,9 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
"semiTerminalStateWaitingTimeInMillis", 1, true);
((ServiceUnitStateChannelImpl) channel1).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
((ServiceUnitStateChannelImpl) channel2).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
waitUntilState(channel1, bundle, Init);
waitUntilState(channel2, bundle, Init);
@@ -724,7 +724,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
String leader = channel1.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
String leader2 = channel2.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
assertEquals(leader, leader2);
- if (leader.equals(lookupServiceAddress2)) {
+ if (leader.equals(brokerId2)) {
leaderChannel = channel2;
followerChannel = channel1;
var tmp = followerCleanupJobsTmp;
@@ -740,12 +740,12 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
var owner1 = channel1.getOwnerAsync(bundle1);
var owner2 = channel2.getOwnerAsync(bundle2);
- doReturn(CompletableFuture.completedFuture(Optional.of(lookupServiceAddress2)))
+ doReturn(CompletableFuture.completedFuture(Optional.of(brokerId2)))
.when(loadManager).selectAsync(any(), any());
assertTrue(owner1.get().isEmpty());
assertTrue(owner2.get().isEmpty());
- String broker = lookupServiceAddress1;
+ String broker = brokerId1;
channel1.publishAssignEventAsync(bundle1, broker);
channel2.publishAssignEventAsync(bundle2, broker);
@@ -755,9 +755,9 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
waitUntilNewOwner(channel2, bundle2, broker);
// Verify to transfer the ownership to the other broker.
- channel1.publishUnloadEventAsync(new Unload(broker, bundle1, Optional.of(lookupServiceAddress2)));
- waitUntilNewOwner(channel1, bundle1, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle1, lookupServiceAddress2);
+ channel1.publishUnloadEventAsync(new Unload(broker, bundle1, Optional.of(brokerId2)));
+ waitUntilNewOwner(channel1, bundle1, brokerId2);
+ waitUntilNewOwner(channel2, bundle1, brokerId2);
// test stable metadata state
leaderChannel.handleMetadataSessionEvent(SessionReestablished);
@@ -768,13 +768,13 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
System.currentTimeMillis() - (MAX_CLEAN_UP_DELAY_TIME_IN_SECS * 1000 + 1000), true);
leaderChannel.handleBrokerRegistrationEvent(broker, NotificationType.Deleted);
followerChannel.handleBrokerRegistrationEvent(broker, NotificationType.Deleted);
- leaderChannel.handleBrokerRegistrationEvent(lookupServiceAddress2, NotificationType.Deleted);
- followerChannel.handleBrokerRegistrationEvent(lookupServiceAddress2, NotificationType.Deleted);
+ leaderChannel.handleBrokerRegistrationEvent(brokerId2, NotificationType.Deleted);
+ followerChannel.handleBrokerRegistrationEvent(brokerId2, NotificationType.Deleted);
- waitUntilNewOwner(channel1, bundle1, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle1, lookupServiceAddress2);
- waitUntilNewOwner(channel1, bundle2, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle2, lookupServiceAddress2);
+ waitUntilNewOwner(channel1, bundle1, brokerId2);
+ waitUntilNewOwner(channel2, bundle1, brokerId2);
+ waitUntilNewOwner(channel1, bundle2, brokerId2);
+ waitUntilNewOwner(channel2, bundle2, brokerId2);
verify(leaderCleanupJobs, times(1)).computeIfAbsent(eq(broker), any());
verify(followerCleanupJobs, times(0)).computeIfAbsent(eq(broker), any());
@@ -795,8 +795,8 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
// test jittery metadata state
- channel1.publishUnloadEventAsync(new Unload(lookupServiceAddress2, bundle1, Optional.of(broker)));
- channel1.publishUnloadEventAsync(new Unload(lookupServiceAddress2, bundle2, Optional.of(broker)));
+ channel1.publishUnloadEventAsync(new Unload(brokerId2, bundle1, Optional.of(broker)));
+ channel1.publishUnloadEventAsync(new Unload(brokerId2, bundle2, Optional.of(broker)));
waitUntilNewOwner(channel1, bundle1, broker);
waitUntilNewOwner(channel2, bundle1, broker);
waitUntilNewOwner(channel1, bundle2, broker);
@@ -868,10 +868,10 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
1);
// finally cleanup
- waitUntilNewOwner(channel1, bundle1, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle1, lookupServiceAddress2);
- waitUntilNewOwner(channel1, bundle2, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle2, lookupServiceAddress2);
+ waitUntilNewOwner(channel1, bundle1, brokerId2);
+ waitUntilNewOwner(channel2, bundle1, brokerId2);
+ waitUntilNewOwner(channel1, bundle2, brokerId2);
+ waitUntilNewOwner(channel2, bundle2, brokerId2);
verify(leaderCleanupJobs, times(3)).computeIfAbsent(eq(broker), any());
verify(followerCleanupJobs, times(0)).computeIfAbsent(eq(broker), any());
@@ -890,8 +890,8 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
1);
// test unstable state
- channel1.publishUnloadEventAsync(new Unload(lookupServiceAddress2, bundle1, Optional.of(broker)));
- channel1.publishUnloadEventAsync(new Unload(lookupServiceAddress2, bundle2, Optional.of(broker)));
+ channel1.publishUnloadEventAsync(new Unload(brokerId2, bundle1, Optional.of(broker)));
+ channel1.publishUnloadEventAsync(new Unload(brokerId2, bundle2, Optional.of(broker)));
waitUntilNewOwner(channel1, bundle1, broker);
waitUntilNewOwner(channel2, bundle1, broker);
waitUntilNewOwner(channel1, bundle2, broker);
@@ -935,17 +935,17 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertTrue(owner1.get().isEmpty());
assertTrue(owner2.get().isEmpty());
- var assigned1 = channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
+ var assigned1 = channel1.publishAssignEventAsync(bundle, brokerId1);
assertNotNull(assigned1);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress1);
+ waitUntilNewOwner(channel1, bundle, brokerId1);
+ waitUntilNewOwner(channel2, bundle, brokerId1);
String assignedAddr1 = assigned1.get(5, TimeUnit.SECONDS);
- assertEquals(lookupServiceAddress1, assignedAddr1);
+ assertEquals(brokerId1, assignedAddr1);
FieldUtils.writeDeclaredField(channel2,
"inFlightStateWaitingTimeInMillis", 3 * 1000, true);
- var assigned2 = channel2.publishAssignEventAsync(bundle, lookupServiceAddress2);
+ var assigned2 = channel2.publishAssignEventAsync(bundle, brokerId2);
assertNotNull(assigned2);
Exception ex = null;
try {
@@ -954,8 +954,8 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
ex = e;
}
assertNull(ex);
- assertEquals(Optional.of(lookupServiceAddress1), channel2.getOwnerAsync(bundle).get());
- assertEquals(Optional.of(lookupServiceAddress1), channel1.getOwnerAsync(bundle).get());
+ assertEquals(Optional.of(brokerId1), channel2.getOwnerAsync(bundle).get());
+ assertEquals(Optional.of(brokerId1), channel1.getOwnerAsync(bundle).get());
var compactor = spy (pulsar1.getStrategicCompactor());
Field strategicCompactorField = FieldUtils.getDeclaredField(PulsarService.class, "strategicCompactor", true);
@@ -965,7 +965,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
.pollInterval(200, TimeUnit.MILLISECONDS)
.atMost(140, TimeUnit.SECONDS)
.untilAsserted(() -> {
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle, brokerId1);
verify(compactor, times(1))
.compact(eq(ServiceUnitStateChannelImpl.TOPIC), any());
});
@@ -977,7 +977,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
.pollInterval(200, TimeUnit.MILLISECONDS)
.atMost(5, TimeUnit.SECONDS)
.untilAsserted(() -> assertEquals(
- channel3.getOwnerAsync(bundle).get(), Optional.of(lookupServiceAddress1)));
+ channel3.getOwnerAsync(bundle).get(), Optional.of(brokerId1)));
channel3.close();
FieldUtils.writeDeclaredField(channel2,
"inFlightStateWaitingTimeInMillis", 30 * 1000, true);
@@ -1022,16 +1022,16 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
public void unloadTest()
throws ExecutionException, InterruptedException, IllegalAccessException {
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle, brokerId1);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress1);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress1);
+ waitUntilNewOwner(channel1, bundle, brokerId1);
+ waitUntilNewOwner(channel2, bundle, brokerId1);
var ownerAddr1 = channel1.getOwnerAsync(bundle).get();
var ownerAddr2 = channel2.getOwnerAsync(bundle).get();
assertEquals(ownerAddr1, ownerAddr2);
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress1));
- Unload unload = new Unload(lookupServiceAddress1, bundle, Optional.empty());
+ assertEquals(ownerAddr1, Optional.of(brokerId1));
+ Unload unload = new Unload(brokerId1, bundle, Optional.empty());
channel1.publishUnloadEventAsync(unload);
@@ -1043,17 +1043,17 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertEquals(Optional.empty(), owner1.get());
assertEquals(Optional.empty(), owner2.get());
- channel2.publishAssignEventAsync(bundle, lookupServiceAddress2);
+ channel2.publishAssignEventAsync(bundle, brokerId2);
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress2);
+ waitUntilNewOwner(channel1, bundle, brokerId2);
+ waitUntilNewOwner(channel2, bundle, brokerId2);
ownerAddr1 = channel1.getOwnerAsync(bundle).get();
ownerAddr2 = channel2.getOwnerAsync(bundle).get();
assertEquals(ownerAddr1, ownerAddr2);
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress2));
- Unload unload2 = new Unload(lookupServiceAddress2, bundle, Optional.empty());
+ assertEquals(ownerAddr1, Optional.of(brokerId2));
+ Unload unload2 = new Unload(brokerId2, bundle, Optional.empty());
channel2.publishUnloadEventAsync(unload2);
@@ -1072,9 +1072,9 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
"semiTerminalStateWaitingTimeInMillis", 1, true);
((ServiceUnitStateChannelImpl) channel1).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
((ServiceUnitStateChannelImpl) channel2).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
waitUntilState(channel1, bundle, Init);
waitUntilState(channel2, bundle, Init);
@@ -1104,7 +1104,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
public void assignTestWhenDestBrokerProducerFails()
throws ExecutionException, InterruptedException, IllegalAccessException {
- Unload unload = new Unload(lookupServiceAddress1, bundle, Optional.empty());
+ Unload unload = new Unload(brokerId1, bundle, Optional.empty());
channel1.publishUnloadEventAsync(unload);
@@ -1128,9 +1128,9 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
"inFlightStateWaitingTimeInMillis", 3 * 1000, true);
FieldUtils.writeDeclaredField(channel2,
"inFlightStateWaitingTimeInMillis", 3 * 1000, true);
- doReturn(CompletableFuture.completedFuture(Optional.of(lookupServiceAddress2)))
+ doReturn(CompletableFuture.completedFuture(Optional.of(brokerId2)))
.when(loadManager).selectAsync(any(), any());
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress2);
+ channel1.publishAssignEventAsync(bundle, brokerId2);
// channel1 is broken. the assign won't be complete.
waitUntilState(channel1, bundle);
waitUntilState(channel2, bundle);
@@ -1154,18 +1154,18 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
"inFlightStateWaitingTimeInMillis", 1 , true);
((ServiceUnitStateChannelImpl) channel1).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
((ServiceUnitStateChannelImpl) channel2).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
- waitUntilNewOwner(channel1, bundle, lookupServiceAddress2);
- waitUntilNewOwner(channel2, bundle, lookupServiceAddress2);
+ waitUntilNewOwner(channel1, bundle, brokerId2);
+ waitUntilNewOwner(channel2, bundle, brokerId2);
var ownerAddr1 = channel1.getOwnerAsync(bundle).get();
var ownerAddr2 = channel2.getOwnerAsync(bundle).get();
assertEquals(ownerAddr1, ownerAddr2);
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress2));
+ assertEquals(ownerAddr1, Optional.of(brokerId2));
var leader = channel1.isChannelOwnerAsync().get() ? channel1 : channel2;
validateMonitorCounters(leader,
@@ -1189,20 +1189,20 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
throws ExecutionException, InterruptedException, IllegalAccessException {
- Unload unload = new Unload(lookupServiceAddress1, bundle, Optional.empty());
+ Unload unload = new Unload(brokerId1, bundle, Optional.empty());
channel1.publishUnloadEventAsync(unload);
waitUntilState(channel1, bundle, Free);
waitUntilState(channel2, bundle, Free);
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle, brokerId1);
waitUntilState(channel1, bundle, Owned);
waitUntilState(channel2, bundle, Owned);
- assertEquals(lookupServiceAddress1, channel1.getOwnerAsync(bundle).get().get());
- assertEquals(lookupServiceAddress1, channel2.getOwnerAsync(bundle).get().get());
+ assertEquals(brokerId1, channel1.getOwnerAsync(bundle).get().get());
+ assertEquals(brokerId1, channel2.getOwnerAsync(bundle).get().get());
var producer = (Producer<ServiceUnitStateData>) FieldUtils.readDeclaredField(channel1,
"producer", true);
@@ -1221,7 +1221,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
// Assert child bundle ownerships in the channels.
- Split split = new Split(bundle, lookupServiceAddress1, Map.of(
+ Split split = new Split(bundle, brokerId1, Map.of(
childBundle1Range, Optional.empty(), childBundle2Range, Optional.empty()));
channel2.publishSplitEventAsync(split);
// channel1 is broken. the split won't be complete.
@@ -1268,13 +1268,13 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertFalse(owner1);
assertFalse(owner2);
- owner1 = channel1.isOwner(bundle, lookupServiceAddress2);
- owner2 = channel2.isOwner(bundle, lookupServiceAddress1);
+ owner1 = channel1.isOwner(bundle, brokerId2);
+ owner2 = channel2.isOwner(bundle, brokerId1);
assertFalse(owner1);
assertFalse(owner2);
- channel1.publishAssignEventAsync(bundle, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle, brokerId1);
owner2 = channel2.isOwner(bundle);
assertFalse(owner2);
@@ -1287,34 +1287,34 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertTrue(owner1);
assertFalse(owner2);
- owner1 = channel1.isOwner(bundle, lookupServiceAddress1);
- owner2 = channel2.isOwner(bundle, lookupServiceAddress2);
+ owner1 = channel1.isOwner(bundle, brokerId1);
+ owner2 = channel2.isOwner(bundle, brokerId2);
assertTrue(owner1);
assertFalse(owner2);
- owner1 = channel2.isOwner(bundle, lookupServiceAddress1);
- owner2 = channel1.isOwner(bundle, lookupServiceAddress2);
+ owner1 = channel2.isOwner(bundle, brokerId1);
+ owner2 = channel1.isOwner(bundle, brokerId2);
assertTrue(owner1);
assertFalse(owner2);
- overrideTableView(channel1, bundle, new ServiceUnitStateData(Assigning, lookupServiceAddress1, 1));
+ overrideTableView(channel1, bundle, new ServiceUnitStateData(Assigning, brokerId1, 1));
assertFalse(channel1.isOwner(bundle));
- overrideTableView(channel1, bundle, new ServiceUnitStateData(Owned, lookupServiceAddress1, 1));
+ overrideTableView(channel1, bundle, new ServiceUnitStateData(Owned, brokerId1, 1));
assertTrue(channel1.isOwner(bundle));
- overrideTableView(channel1, bundle, new ServiceUnitStateData(Releasing, null, lookupServiceAddress1, 1));
+ overrideTableView(channel1, bundle, new ServiceUnitStateData(Releasing, null, brokerId1, 1));
assertFalse(channel1.isOwner(bundle));
- overrideTableView(channel1, bundle, new ServiceUnitStateData(Splitting, null, lookupServiceAddress1, 1));
+ overrideTableView(channel1, bundle, new ServiceUnitStateData(Splitting, null, brokerId1, 1));
assertTrue(channel1.isOwner(bundle));
- overrideTableView(channel1, bundle, new ServiceUnitStateData(Free, null, lookupServiceAddress1, 1));
+ overrideTableView(channel1, bundle, new ServiceUnitStateData(Free, null, brokerId1, 1));
assertFalse(channel1.isOwner(bundle));
- overrideTableView(channel1, bundle, new ServiceUnitStateData(Deleted, null, lookupServiceAddress1, 1));
+ overrideTableView(channel1, bundle, new ServiceUnitStateData(Deleted, null, brokerId1, 1));
assertFalse(channel1.isOwner(bundle));
overrideTableView(channel1, bundle, null);
@@ -1323,13 +1323,13 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
@Test(priority = 16)
public void splitAndRetryFailureTest() throws Exception {
- channel1.publishAssignEventAsync(bundle3, lookupServiceAddress1);
- waitUntilNewOwner(channel1, bundle3, lookupServiceAddress1);
- waitUntilNewOwner(channel2, bundle3, lookupServiceAddress1);
+ channel1.publishAssignEventAsync(bundle3, brokerId1);
+ waitUntilNewOwner(channel1, bundle3, brokerId1);
+ waitUntilNewOwner(channel2, bundle3, brokerId1);
var ownerAddr1 = channel1.getOwnerAsync(bundle3).get();
var ownerAddr2 = channel2.getOwnerAsync(bundle3).get();
- assertEquals(ownerAddr1, Optional.of(lookupServiceAddress1));
- assertEquals(ownerAddr2, Optional.of(lookupServiceAddress1));
+ assertEquals(ownerAddr1, Optional.of(brokerId1));
+ assertEquals(ownerAddr2, Optional.of(brokerId1));
assertTrue(ownerAddr1.isPresent());
NamespaceService namespaceService = spy(pulsar1.getNamespaceService());
@@ -1370,7 +1370,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
});
var leader = channel1.isChannelOwnerAsync().get() ? channel1 : channel2;
((ServiceUnitStateChannelImpl) leader)
- .monitorOwnerships(List.of(lookupServiceAddress1, lookupServiceAddress2));
+ .monitorOwnerships(List.of(brokerId1, brokerId2));
waitUntilState(leader, bundle3, Deleted);
waitUntilState(channel1, bundle3, Deleted);
waitUntilState(channel2, bundle3, Deleted);
@@ -1381,14 +1381,14 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
validateEventCounters(channel1, 1, 0, 1, 0, 0, 0);
validateEventCounters(channel2, 0, 0, 0, 0, 0, 0);
- waitUntilNewOwner(channel1, childBundle31, lookupServiceAddress1);
- waitUntilNewOwner(channel1, childBundle32, lookupServiceAddress1);
- waitUntilNewOwner(channel2, childBundle31, lookupServiceAddress1);
- waitUntilNewOwner(channel2, childBundle32, lookupServiceAddress1);
- assertEquals(Optional.of(lookupServiceAddress1), channel1.getOwnerAsync(childBundle31).get());
- assertEquals(Optional.of(lookupServiceAddress1), channel1.getOwnerAsync(childBundle32).get());
- assertEquals(Optional.of(lookupServiceAddress1), channel2.getOwnerAsync(childBundle31).get());
- assertEquals(Optional.of(lookupServiceAddress1), channel2.getOwnerAsync(childBundle32).get());
+ waitUntilNewOwner(channel1, childBundle31, brokerId1);
+ waitUntilNewOwner(channel1, childBundle32, brokerId1);
+ waitUntilNewOwner(channel2, childBundle31, brokerId1);
+ waitUntilNewOwner(channel2, childBundle32, brokerId1);
+ assertEquals(Optional.of(brokerId1), channel1.getOwnerAsync(childBundle31).get());
+ assertEquals(Optional.of(brokerId1), channel1.getOwnerAsync(childBundle32).get());
+ assertEquals(Optional.of(brokerId1), channel2.getOwnerAsync(childBundle31).get());
+ assertEquals(Optional.of(brokerId1), channel2.getOwnerAsync(childBundle32).get());
// try the monitor and check the monitor moves `Deleted` -> `Init`
@@ -1399,9 +1399,9 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
"semiTerminalStateWaitingTimeInMillis", 1, true);
((ServiceUnitStateChannelImpl) channel1).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
((ServiceUnitStateChannelImpl) channel2).monitorOwnerships(
- List.of(lookupServiceAddress1, lookupServiceAddress2));
+ List.of(brokerId1, brokerId2));
waitUntilState(channel1, bundle3, Init);
waitUntilState(channel2, bundle3, Init);
@@ -1437,12 +1437,12 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
String leader = channel1.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
String leader2 = channel2.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
assertEquals(leader, leader2);
- if (leader.equals(lookupServiceAddress2)) {
+ if (leader.equals(brokerId2)) {
leaderChannel = channel2;
followerChannel = channel1;
}
- String broker = lookupServiceAddress1;
+ String broker = brokerId1;
// test override states
String releasingBundle = "public/releasing/0xfffffff0_0xffffffff";
@@ -1467,7 +1467,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
new ServiceUnitStateData(Owned, broker, null, 1));
// test stable metadata state
- doReturn(CompletableFuture.completedFuture(Optional.of(lookupServiceAddress2)))
+ doReturn(CompletableFuture.completedFuture(Optional.of(brokerId2)))
.when(loadManager).selectAsync(any(), any());
leaderChannel.handleMetadataSessionEvent(SessionReestablished);
followerChannel.handleMetadataSessionEvent(SessionReestablished);
@@ -1478,11 +1478,11 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
leaderChannel.handleBrokerRegistrationEvent(broker, NotificationType.Deleted);
followerChannel.handleBrokerRegistrationEvent(broker, NotificationType.Deleted);
- waitUntilNewOwner(channel2, releasingBundle, lookupServiceAddress2);
- waitUntilNewOwner(channel2, childBundle11, lookupServiceAddress2);
- waitUntilNewOwner(channel2, childBundle12, lookupServiceAddress2);
- waitUntilNewOwner(channel2, assigningBundle, lookupServiceAddress2);
- waitUntilNewOwner(channel2, ownedBundle, lookupServiceAddress2);
+ waitUntilNewOwner(channel2, releasingBundle, brokerId2);
+ waitUntilNewOwner(channel2, childBundle11, brokerId2);
+ waitUntilNewOwner(channel2, childBundle12, brokerId2);
+ waitUntilNewOwner(channel2, assigningBundle, brokerId2);
+ waitUntilNewOwner(channel2, ownedBundle, brokerId2);
assertEquals(Optional.empty(), channel2.getOwnerAsync(freeBundle).get());
assertTrue(channel2.getOwnerAsync(deletedBundle).isCompletedExceptionally());
assertTrue(channel2.getOwnerAsync(splittingBundle).isCompletedExceptionally());
@@ -1502,12 +1502,12 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
String leader = channel1.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
String leader2 = channel2.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
assertEquals(leader, leader2);
- if (leader.equals(lookupServiceAddress2)) {
+ if (leader.equals(brokerId2)) {
leaderChannel = channel2;
followerChannel = channel1;
}
- String broker = lookupServiceAddress1;
+ String broker = brokerId1;
// test override states
String releasingBundle = "public/releasing/0xfffffff0_0xffffffff";
@@ -1532,19 +1532,19 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
new ServiceUnitStateData(Owned, broker, null, 1));
// test stable metadata state
- doReturn(CompletableFuture.completedFuture(Optional.of(lookupServiceAddress2)))
+ doReturn(CompletableFuture.completedFuture(Optional.of(brokerId2)))
.when(loadManager).selectAsync(any(), any());
FieldUtils.writeDeclaredField(leaderChannel, "inFlightStateWaitingTimeInMillis",
-1, true);
FieldUtils.writeDeclaredField(followerChannel, "inFlightStateWaitingTimeInMillis",
-1, true);
((ServiceUnitStateChannelImpl) leaderChannel)
- .monitorOwnerships(List.of(lookupServiceAddress1, lookupServiceAddress2));
+ .monitorOwnerships(List.of(brokerId1, brokerId2));
waitUntilNewOwner(channel2, releasingBundle, broker);
waitUntilNewOwner(channel2, childBundle11, broker);
waitUntilNewOwner(channel2, childBundle12, broker);
- waitUntilNewOwner(channel2, assigningBundle, lookupServiceAddress2);
+ waitUntilNewOwner(channel2, assigningBundle, brokerId2);
waitUntilNewOwner(channel2, ownedBundle, broker);
assertEquals(Optional.empty(), channel2.getOwnerAsync(freeBundle).get());
assertTrue(channel2.getOwnerAsync(deletedBundle).isCompletedExceptionally());
@@ -1563,7 +1563,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
// set the bundle owner is the broker
- String broker = lookupServiceAddress2;
+ String broker = brokerId2;
String bundle = "public/owned/0xfffffff0_0xffffffff";
overrideTableViews(bundle,
new ServiceUnitStateData(Owned, broker, null, 1));
@@ -1593,7 +1593,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
String leader1 = channel1.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
String leader2 = channel2.getChannelOwnerAsync().get(2, TimeUnit.SECONDS).get();
assertEquals(leader1, leader2);
- if (leader1.equals(lookupServiceAddress2)) {
+ if (leader1.equals(brokerId2)) {
leaderChannel = channel2;
}
leaderChannel.handleMetadataSessionEvent(SessionReestablished);
@@ -1608,10 +1608,10 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
assertTrue(channel1.getOwnerAsync(bundle).get().isEmpty());
assertTrue(System.currentTimeMillis() - start < 20_000);
- // simulate ownership cleanup(lookupServiceAddress1 selected owner) by the leader channel
+ // simulate ownership cleanup(brokerId1 selected owner) by the leader channel
overrideTableViews(bundle,
new ServiceUnitStateData(Owned, broker, null, 1));
- doReturn(CompletableFuture.completedFuture(Optional.of(lookupServiceAddress1)))
+ doReturn(CompletableFuture.completedFuture(Optional.of(brokerId1)))
.when(loadManager).selectAsync(any(), any());
leaderChannel.handleMetadataSessionEvent(SessionReestablished);
FieldUtils.writeDeclaredField(leaderChannel, "lastMetadataSessionEventTimestamp",
@@ -1619,9 +1619,9 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
getCleanupJobs(leaderChannel).clear();
leaderChannel.handleBrokerRegistrationEvent(broker, NotificationType.Deleted);
- // verify the ownership cleanup, and channel's getOwnerAsync returns lookupServiceAddress1 without timeout
+ // verify the ownership cleanup, and channel's getOwnerAsync returns brokerId1 without timeout
start = System.currentTimeMillis();
- assertEquals(lookupServiceAddress1, channel1.getOwnerAsync(bundle).get().get());
+ assertEquals(brokerId1, channel1.getOwnerAsync(bundle).get().get());
assertTrue(System.currentTimeMillis() - start < 20_000);
// test clean-up
@@ -1743,7 +1743,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
.atMost(10, TimeUnit.SECONDS)
.until(() -> { // wait until true
((ServiceUnitStateChannelImpl) channel)
- .monitorOwnerships(List.of(lookupServiceAddress1, lookupServiceAddress2));
+ .monitorOwnerships(List.of(brokerId1, brokerId2));
ServiceUnitStateData data = tv.get(key);
ServiceUnitState actual = state(data);
return actual == expected;
@@ -1965,7 +1965,7 @@ public class ServiceUnitStateChannelTest extends MockedPulsarServiceBaseTest {
var leaderElectionService = new LeaderElectionService(
- pulsar.getCoordinationService(), pulsar.getSafeWebServiceAddress(),
+ pulsar.getCoordinationService(), pulsar.getBrokerId(), pulsar.getSafeWebServiceAddress(),
state -> {
if (state == LeaderElectionState.Leading) {
channel.scheduleOwnershipMonitor();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/filter/BrokerIsolationPoliciesFilterTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/filter/BrokerIsolationPoliciesFilterTest.java
index f45e1405e1d..87aaf4bac7f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/filter/BrokerIsolationPoliciesFilterTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/filter/BrokerIsolationPoliciesFilterTest.java
@@ -84,20 +84,20 @@ public class BrokerIsolationPoliciesFilterTest {
// a. available-brokers: broker1, broker2, broker3 => result: broker1
Map<String, BrokerLookupData> result = filter.filterAsync(new HashMap<>(Map.of(
- "broker1", getLookupData(),
- "broker2", getLookupData(),
- "broker3", getLookupData())), namespaceName, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker1"));
+ "broker1:8080", getLookupData(),
+ "broker2:8080", getLookupData(),
+ "broker3:8080", getLookupData())), namespaceName, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker1:8080"));
// b. available-brokers: broker2, broker3 => result: broker2
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker2", getLookupData(),
- "broker3", getLookupData())), namespaceName, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker2"));
+ "broker2:8080", getLookupData(),
+ "broker3:8080", getLookupData())), namespaceName, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker2:8080"));
// c. available-brokers: broker3 => result: NULL
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker3", getLookupData())), namespaceName, getContext()).get();
+ "broker3:8080", getLookupData())), namespaceName, getContext()).get();
assertTrue(result.isEmpty());
// 2. Namespace: primary=broker1, secondary=broker2, shared=broker3, min_limit = 2
@@ -105,20 +105,20 @@ public class BrokerIsolationPoliciesFilterTest {
// a. available-brokers: broker1, broker2, broker3 => result: broker1, broker2
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker1", getLookupData(),
- "broker2", getLookupData(),
- "broker3", getLookupData())), namespaceName, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker1", "broker2"));
+ "broker1:8080", getLookupData(),
+ "broker2:8080", getLookupData(),
+ "broker3:8080", getLookupData())), namespaceName, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker1:8080", "broker2:8080"));
// b. available-brokers: broker2, broker3 => result: broker2
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker2", getLookupData(),
- "broker3", getLookupData())), namespaceName, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker2"));
+ "broker2:8080", getLookupData(),
+ "broker3:8080", getLookupData())), namespaceName, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker2:8080"));
// c. available-brokers: broker3 => result: NULL
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker3", getLookupData())), namespaceName, getContext()).get();
+ "broker3:8080", getLookupData())), namespaceName, getContext()).get();
assertTrue(result.isEmpty());
}
@@ -142,31 +142,31 @@ public class BrokerIsolationPoliciesFilterTest {
Map<String, BrokerLookupData> result = filter.filterAsync(new HashMap<>(Map.of(
- "broker1", getLookupData(),
- "broker2", getLookupData(),
- "broker3", getLookupData())), namespaceBundle, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker1", "broker2", "broker3"));
+ "broker1:8080", getLookupData(),
+ "broker2:8080", getLookupData(),
+ "broker3:8080", getLookupData())), namespaceBundle, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker1:8080", "broker2:8080", "broker3:8080"));
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker1", getLookupData(true, false),
- "broker2", getLookupData(true, false),
- "broker3", getLookupData())), namespaceBundle, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker3"));
+ "broker1:8080", getLookupData(true, false),
+ "broker2:8080", getLookupData(true, false),
+ "broker3:8080", getLookupData())), namespaceBundle, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker3:8080"));
doReturn(false).when(namespaceBundle).hasNonPersistentTopic();
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker1", getLookupData(),
- "broker2", getLookupData(),
- "broker3", getLookupData())), namespaceBundle, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker1", "broker2", "broker3"));
+ "broker1:8080", getLookupData(),
+ "broker2:8080", getLookupData(),
+ "broker3:8080", getLookupData())), namespaceBundle, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker1:8080", "broker2:8080", "broker3:8080"));
result = filter.filterAsync(new HashMap<>(Map.of(
- "broker1", getLookupData(false, true),
- "broker2", getLookupData(),
- "broker3", getLookupData())), namespaceBundle, getContext()).get();
- assertEquals(result.keySet(), Set.of("broker2", "broker3"));
+ "broker1:8080", getLookupData(false, true),
+ "broker2:8080", getLookupData(),
+ "broker3:8080", getLookupData())), namespaceBundle, getContext()).get();
+ assertEquals(result.keySet(), Set.of("broker2:8080", "broker3:8080"));
}
private void setIsolationPolicies(SimpleResourceAllocationPolicies policies,
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/scheduler/TransferShedderTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/scheduler/TransferShedderTest.java
index 4eec6124777..0ff64616973 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/scheduler/TransferShedderTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/extensions/scheduler/TransferShedderTest.java
@@ -100,6 +100,7 @@ import org.apache.pulsar.policies.data.loadbalancer.AdvertisedListener;
import org.apache.pulsar.policies.data.loadbalancer.NamespaceBundleStats;
import org.apache.pulsar.policies.data.loadbalancer.ResourceUsage;
import org.apache.pulsar.policies.data.loadbalancer.SystemResourceUsage;
+import org.assertj.core.api.Assertions;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
@@ -168,18 +169,18 @@ public class TransferShedderTest {
var ctx = getContext();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker1", getTopBundlesLoad("my-tenant/my-namespaceA", 1000000, 2000000));
- topBundlesLoadDataStore.pushAsync("broker2", getTopBundlesLoad("my-tenant/my-namespaceB", 1000000, 3000000));
- topBundlesLoadDataStore.pushAsync("broker3", getTopBundlesLoad("my-tenant/my-namespaceC", 2000000, 4000000));
- topBundlesLoadDataStore.pushAsync("broker4", getTopBundlesLoad("my-tenant/my-namespaceD", 2000000, 6000000));
- topBundlesLoadDataStore.pushAsync("broker5", getTopBundlesLoad("my-tenant/my-namespaceE", 2000000, 7000000));
+ topBundlesLoadDataStore.pushAsync("broker1:8080", getTopBundlesLoad("my-tenant/my-namespaceA", 1000000, 2000000));
+ topBundlesLoadDataStore.pushAsync("broker2:8080", getTopBundlesLoad("my-tenant/my-namespaceB", 1000000, 3000000));
+ topBundlesLoadDataStore.pushAsync("broker3:8080", getTopBundlesLoad("my-tenant/my-namespaceC", 2000000, 4000000));
+ topBundlesLoadDataStore.pushAsync("broker4:8080", getTopBundlesLoad("my-tenant/my-namespaceD", 2000000, 6000000));
+ topBundlesLoadDataStore.pushAsync("broker5:8080", getTopBundlesLoad("my-tenant/my-namespaceE", 2000000, 7000000));
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker1", getCpuLoad(ctx, 2, "broker1"));
- brokerLoadDataStore.pushAsync("broker2", getCpuLoad(ctx, 4, "broker2"));
- brokerLoadDataStore.pushAsync("broker3", getCpuLoad(ctx, 6, "broker3"));
- brokerLoadDataStore.pushAsync("broker4", getCpuLoad(ctx, 80, "broker4"));
- brokerLoadDataStore.pushAsync("broker5", getCpuLoad(ctx, 90, "broker5"));
+ brokerLoadDataStore.pushAsync("broker1:8080", getCpuLoad(ctx, 2, "broker1:8080"));
+ brokerLoadDataStore.pushAsync("broker2:8080", getCpuLoad(ctx, 4, "broker2:8080"));
+ brokerLoadDataStore.pushAsync("broker3:8080", getCpuLoad(ctx, 6, "broker3:8080"));
+ brokerLoadDataStore.pushAsync("broker4:8080", getCpuLoad(ctx, 80, "broker4:8080"));
+ brokerLoadDataStore.pushAsync("broker5:8080", getCpuLoad(ctx, 90, "broker5:8080"));
return ctx;
}
@@ -192,9 +193,9 @@ public class TransferShedderTest {
Random rand = new Random();
for (int i = 0; i < clusterSize; i++) {
int brokerLoad = rand.nextInt(1000);
- brokerLoadDataStore.pushAsync("broker" + i, getCpuLoad(ctx, brokerLoad, "broker" + i));
+ brokerLoadDataStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, brokerLoad, "broker" + i + ":8080"));
int bundleLoad = rand.nextInt(brokerLoad + 1);
- topBundlesLoadDataStore.pushAsync("broker" + i, getTopBundlesLoad("my-tenant/my-namespace" + i,
+ topBundlesLoadDataStore.pushAsync("broker" + i + ":8080", getTopBundlesLoad("my-tenant/my-namespace" + i,
bundleLoad, brokerLoad - bundleLoad));
}
return ctx;
@@ -209,14 +210,14 @@ public class TransferShedderTest {
int i = 0;
for (; i < clusterSize-1; i++) {
int brokerLoad = 1;
- topBundlesLoadDataStore.pushAsync("broker" + i, getTopBundlesLoad("my-tenant/my-namespace" + i,
+ topBundlesLoadDataStore.pushAsync("broker" + i + ":8080", getTopBundlesLoad("my-tenant/my-namespace" + i,
300_000, 700_000));
- brokerLoadDataStore.pushAsync("broker" + i, getCpuLoad(ctx, brokerLoad, "broker" + i));
+ brokerLoadDataStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, brokerLoad, "broker" + i + ":8080"));
}
int brokerLoad = 100;
- topBundlesLoadDataStore.pushAsync("broker" + i, getTopBundlesLoad("my-tenant/my-namespace" + i,
+ topBundlesLoadDataStore.pushAsync("broker" + i + ":8080", getTopBundlesLoad("my-tenant/my-namespace" + i,
30_000_000, 70_000_000));
- brokerLoadDataStore.pushAsync("broker" + i, getCpuLoad(ctx, brokerLoad, "broker" + i));
+ brokerLoadDataStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, brokerLoad, "broker" + i + ":8080"));
return ctx;
}
@@ -230,21 +231,21 @@ public class TransferShedderTest {
int i = 0;
for (; i < clusterSize-2; i++) {
int brokerLoad = 98;
- topBundlesLoadDataStore.pushAsync("broker" + i, getTopBundlesLoad("my-tenant/my-namespace" + i,
+ topBundlesLoadDataStore.pushAsync("broker" + i + ":8080", getTopBundlesLoad("my-tenant/my-namespace" + i,
30_000_000, 70_000_000));
- brokerLoadDataStore.pushAsync("broker" + i, getCpuLoad(ctx, brokerLoad, "broker" + i));
+ brokerLoadDataStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, brokerLoad, "broker" + i + ":8080"));
}
int brokerLoad = 99;
- topBundlesLoadDataStore.pushAsync("broker" + i, getTopBundlesLoad("my-tenant/my-namespace" + i,
+ topBundlesLoadDataStore.pushAsync("broker" + i + ":8080", getTopBundlesLoad("my-tenant/my-namespace" + i,
30_000_000, 70_000_000));
- brokerLoadDataStore.pushAsync("broker" + i, getCpuLoad(ctx, brokerLoad, "broker" + i));
+ brokerLoadDataStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, brokerLoad, "broker" + i + ":8080"));
i++;
brokerLoad = 1;
- topBundlesLoadDataStore.pushAsync("broker" + i, getTopBundlesLoad("my-tenant/my-namespace" + i,
+ topBundlesLoadDataStore.pushAsync("broker" + i + ":8080", getTopBundlesLoad("my-tenant/my-namespace" + i,
300_000, 700_000));
- brokerLoadDataStore.pushAsync("broker" + i, getCpuLoad(ctx, brokerLoad, "broker" + i));
+ brokerLoadDataStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, brokerLoad, "broker" + i + ":8080"));
return ctx;
}
@@ -474,11 +475,11 @@ public class TransferShedderTest {
BrokerRegistry brokerRegistry = mock(BrokerRegistry.class);
doReturn(CompletableFuture.completedFuture(Map.of(
- "broker1", getMockBrokerLookupData(),
- "broker2", getMockBrokerLookupData(),
- "broker3", getMockBrokerLookupData(),
- "broker4", getMockBrokerLookupData(),
- "broker5", getMockBrokerLookupData()
+ "broker1:8080", getMockBrokerLookupData(),
+ "broker2:8080", getMockBrokerLookupData(),
+ "broker3:8080", getMockBrokerLookupData(),
+ "broker4:8080", getMockBrokerLookupData(),
+ "broker5:8080", getMockBrokerLookupData()
))).when(brokerRegistry).getAvailableBrokerLookupDataAsync();
doReturn(conf).when(ctx).brokerConfiguration();
doReturn(brokerLoadDataStore).when(ctx).brokerLoadDataStore();
@@ -526,11 +527,11 @@ public class TransferShedderTest {
var ctx = getContext();
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker1", getCpuLoad(ctx, 2, "broker1"));
- brokerLoadDataStore.pushAsync("broker2", getCpuLoad(ctx, 4, "broker2"));
- brokerLoadDataStore.pushAsync("broker3", getCpuLoad(ctx, 6, "broker3"));
- brokerLoadDataStore.pushAsync("broker4", getCpuLoad(ctx, 80, "broker4"));
- brokerLoadDataStore.pushAsync("broker5", getCpuLoad(ctx, 90, "broker5"));
+ brokerLoadDataStore.pushAsync("broker1:8080", getCpuLoad(ctx, 2, "broker1:8080"));
+ brokerLoadDataStore.pushAsync("broker2:8080", getCpuLoad(ctx, 4, "broker2:8080"));
+ brokerLoadDataStore.pushAsync("broker3:8080", getCpuLoad(ctx, 6, "broker3:8080"));
+ brokerLoadDataStore.pushAsync("broker4:8080", getCpuLoad(ctx, 80, "broker4:8080"));
+ brokerLoadDataStore.pushAsync("broker5:8080", getCpuLoad(ctx, 90, "broker5:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
@@ -550,11 +551,11 @@ public class TransferShedderTest {
assertEquals(res.size(), 2);
- FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker1").get(), "updatedAt", 0, true);
- FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker2").get(), "updatedAt", 0, true);
- FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker3").get(), "updatedAt", 0, true);
- FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker4").get(), "updatedAt", 0, true);
- FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker5").get(), "updatedAt", 0, true);
+ FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker1:8080").get(), "updatedAt", 0, true);
+ FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker2:8080").get(), "updatedAt", 0, true);
+ FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker3:8080").get(), "updatedAt", 0, true);
+ FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker4:8080").get(), "updatedAt", 0, true);
+ FieldUtils.writeDeclaredField(brokerLoadDataStore.get("broker5:8080").get(), "updatedAt", 0, true);
res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
@@ -571,20 +572,20 @@ public class TransferShedderTest {
Map<String, Long> recentlyUnloadedBrokers = new HashMap<>();
var oldTS = System.currentTimeMillis() - ctx.brokerConfiguration()
.getLoadBalancerBrokerLoadDataTTLInSeconds() * 1001;
- recentlyUnloadedBrokers.put("broker1", oldTS);
+ recentlyUnloadedBrokers.put("broker1:8080", oldTS);
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), recentlyUnloadedBrokers);
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker2")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker2:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
assertEquals(counter.getLoadStd(), setupLoadStd);
var now = System.currentTimeMillis();
- recentlyUnloadedBrokers.put("broker1", now);
+ recentlyUnloadedBrokers.put("broker1:8080", now);
res = transferShedder.findBundlesForUnloading(ctx, Map.of(), recentlyUnloadedBrokers);
assertTrue(res.isEmpty());
@@ -604,9 +605,9 @@ public class TransferShedderTest {
recentlyUnloadedBundles.put(bundleD2, now);
var res = transferShedder.findBundlesForUnloading(ctx, recentlyUnloadedBundles, Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker3",
+ expected.add(new UnloadDecision(new Unload("broker3:8080",
"my-tenant/my-namespaceC/0x00000000_0x0FFFFFFF",
- Optional.of("broker1")),
+ Optional.of("broker1:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -639,13 +640,13 @@ public class TransferShedderTest {
isolationPoliciesHelper, antiAffinityGroupPolicyHelper));
setIsolationPolicies(allocationPoliciesSpy, "my-tenant/my-namespaceE",
- Set.of("broker5"), Set.of(), Set.of(), 1);
+ Set.of("broker5:8080"), Set.of(), Set.of(), 1);
var ctx = setupContext();
ctx.brokerConfiguration().setLoadBalancerSheddingBundlesWithPoliciesEnabled(true);
doReturn(ctx.brokerConfiguration()).when(pulsar).getConfiguration();
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker1:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -656,7 +657,7 @@ public class TransferShedderTest {
res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
expected = new HashSet<>();
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.empty()),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.empty()),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -777,7 +778,7 @@ public class TransferShedderTest {
}).when(antiAffinityGroupPolicyHelper).filterAsync(any(), any());
var res2 = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected2 = new HashSet<>();
- expected2.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected2.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
assertEquals(res2, expected2);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -853,22 +854,22 @@ public class TransferShedderTest {
var ctx = getContext();
BrokerRegistry brokerRegistry = mock(BrokerRegistry.class);
doReturn(CompletableFuture.completedFuture(Map.of(
- "broker1", mock(BrokerLookupData.class),
- "broker2", mock(BrokerLookupData.class),
- "broker3", mock(BrokerLookupData.class)
+ "broker1:8080", mock(BrokerLookupData.class),
+ "broker2:8080", mock(BrokerLookupData.class),
+ "broker3:8080", mock(BrokerLookupData.class)
))).when(brokerRegistry).getAvailableBrokerLookupDataAsync();
doReturn(brokerRegistry).when(ctx).brokerRegistry();
ctx.brokerConfiguration().setLoadBalancerDebugModeEnabled(true);
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker1", getCpuLoad(ctx, 10, "broker1"));
- brokerLoadDataStore.pushAsync("broker2", getCpuLoad(ctx, 20, "broker2"));
- brokerLoadDataStore.pushAsync("broker3", getCpuLoad(ctx, 30, "broker3"));
+ brokerLoadDataStore.pushAsync("broker1:8080", getCpuLoad(ctx, 10, "broker1:8080"));
+ brokerLoadDataStore.pushAsync("broker2:8080", getCpuLoad(ctx, 20, "broker2:8080"));
+ brokerLoadDataStore.pushAsync("broker3:8080", getCpuLoad(ctx, 30, "broker3:8080"));
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker1", getTopBundlesLoad("my-tenant/my-namespaceA", 30, 30));
- topBundlesLoadDataStore.pushAsync("broker2", getTopBundlesLoad("my-tenant/my-namespaceB", 40, 40));
- topBundlesLoadDataStore.pushAsync("broker3", getTopBundlesLoad("my-tenant/my-namespaceC", 50, 50));
+ topBundlesLoadDataStore.pushAsync("broker1:8080", getTopBundlesLoad("my-tenant/my-namespaceA", 30, 30));
+ topBundlesLoadDataStore.pushAsync("broker2:8080", getTopBundlesLoad("my-tenant/my-namespaceB", 40, 40));
+ topBundlesLoadDataStore.pushAsync("broker3:8080", getTopBundlesLoad("my-tenant/my-namespaceC", 50, 50));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
@@ -884,11 +885,11 @@ public class TransferShedderTest {
TransferShedder transferShedder = new TransferShedder(counter);
var ctx = setupContext();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker1", getTopBundlesLoad("my-tenant/my-namespaceA", 1));
- topBundlesLoadDataStore.pushAsync("broker2", getTopBundlesLoad("my-tenant/my-namespaceB", 2));
- topBundlesLoadDataStore.pushAsync("broker3", getTopBundlesLoad("my-tenant/my-namespaceC", 6));
- topBundlesLoadDataStore.pushAsync("broker4", getTopBundlesLoad("my-tenant/my-namespaceD", 10));
- topBundlesLoadDataStore.pushAsync("broker5", getTopBundlesLoad("my-tenant/my-namespaceE", 70));
+ topBundlesLoadDataStore.pushAsync("broker1:8080", getTopBundlesLoad("my-tenant/my-namespaceA", 1));
+ topBundlesLoadDataStore.pushAsync("broker2:8080", getTopBundlesLoad("my-tenant/my-namespaceB", 2));
+ topBundlesLoadDataStore.pushAsync("broker3:8080", getTopBundlesLoad("my-tenant/my-namespaceC", 6));
+ topBundlesLoadDataStore.pushAsync("broker4:8080", getTopBundlesLoad("my-tenant/my-namespaceD", 10));
+ topBundlesLoadDataStore.pushAsync("broker5:8080", getTopBundlesLoad("my-tenant/my-namespaceE", 70));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
assertTrue(res.isEmpty());
@@ -903,14 +904,14 @@ public class TransferShedderTest {
TransferShedder transferShedder = new TransferShedder(counter);
var ctx = setupContext();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker4", getTopBundlesLoad("my-tenant/my-namespaceD", 1000000000, 1000000000));
- topBundlesLoadDataStore.pushAsync("broker5", getTopBundlesLoad("my-tenant/my-namespaceE", 1000000000, 1000000000));
+ topBundlesLoadDataStore.pushAsync("broker4:8080", getTopBundlesLoad("my-tenant/my-namespaceD", 1000000000, 1000000000));
+ topBundlesLoadDataStore.pushAsync("broker5:8080", getTopBundlesLoad("my-tenant/my-namespaceE", 1000000000, 1000000000));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker3",
+ expected.add(new UnloadDecision(new Unload("broker3:8080",
"my-tenant/my-namespaceC/0x00000000_0x0FFFFFFF",
- Optional.of("broker1")),
+ Optional.of("broker1:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -924,12 +925,12 @@ public class TransferShedderTest {
TransferShedder transferShedder = new TransferShedder(counter);
var ctx = setupContext();
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker4", getCpuLoad(ctx, 55, "broker4"));
- brokerLoadDataStore.pushAsync("broker5", getCpuLoad(ctx, 65, "broker5"));
+ brokerLoadDataStore.pushAsync("broker4:8080", getCpuLoad(ctx, 55, "broker4:8080"));
+ brokerLoadDataStore.pushAsync("broker5:8080", getCpuLoad(ctx, 65, "broker5:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), 0.26400000000000007);
@@ -945,43 +946,43 @@ public class TransferShedderTest {
var brokerRegistry = mock(BrokerRegistry.class);
doReturn(brokerRegistry).when(ctx).brokerRegistry();
doReturn(CompletableFuture.completedFuture(Map.of(
- "broker1", mock(BrokerLookupData.class),
- "broker2", mock(BrokerLookupData.class)
+ "broker1:8080", mock(BrokerLookupData.class),
+ "broker2:8080", mock(BrokerLookupData.class)
))).when(brokerRegistry).getAvailableBrokerLookupDataAsync();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker1", getTopBundlesLoad("my-tenant/my-namespaceA", 1000000, 2000000, 3000000, 4000000, 5000000));
- topBundlesLoadDataStore.pushAsync("broker2",
+ topBundlesLoadDataStore.pushAsync("broker1:8080", getTopBundlesLoad("my-tenant/my-namespaceA", 1000000, 2000000, 3000000, 4000000, 5000000));
+ topBundlesLoadDataStore.pushAsync("broker2:8080",
getTopBundlesLoad("my-tenant/my-namespaceB", 100000000, 180000000, 220000000, 250000000, 250000000));
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker1", getCpuLoad(ctx, 10, "broker1"));
- brokerLoadDataStore.pushAsync("broker2", getCpuLoad(ctx, 1000, "broker2"));
+ brokerLoadDataStore.pushAsync("broker1:8080", getCpuLoad(ctx, 10, "broker1:8080"));
+ brokerLoadDataStore.pushAsync("broker2:8080", getCpuLoad(ctx, 1000, "broker2:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
expected.add(new UnloadDecision(
- new Unload("broker2", "my-tenant/my-namespaceB/0x00000000_0x1FFFFFFF", Optional.of("broker1")),
+ new Unload("broker2:8080", "my-tenant/my-namespaceB/0x00000000_0x1FFFFFFF", Optional.of("broker1:8080")),
Success, Overloaded));
expected.add(new UnloadDecision(
- new Unload("broker2", "my-tenant/my-namespaceB/0x1FFFFFFF_0x2FFFFFFF", Optional.of("broker1")),
+ new Unload("broker2:8080", "my-tenant/my-namespaceB/0x1FFFFFFF_0x2FFFFFFF", Optional.of("broker1:8080")),
Success, Overloaded));
expected.add(new UnloadDecision(
- new Unload("broker2", "my-tenant/my-namespaceB/0x2FFFFFFF_0x3FFFFFFF", Optional.of("broker1")),
+ new Unload("broker2:8080", "my-tenant/my-namespaceB/0x2FFFFFFF_0x3FFFFFFF", Optional.of("broker1:8080")),
Success, Overloaded));
expected.add(new UnloadDecision(
- new Unload("broker1", "my-tenant/my-namespaceA/0x00000000_0x1FFFFFFF", Optional.of("broker2")),
+ new Unload("broker1:8080", "my-tenant/my-namespaceA/0x00000000_0x1FFFFFFF", Optional.of("broker2:8080")),
Success, Overloaded));
expected.add(new UnloadDecision(
- new Unload("broker1", "my-tenant/my-namespaceA/0x1FFFFFFF_0x2FFFFFFF", Optional.of("broker2")),
+ new Unload("broker1:8080", "my-tenant/my-namespaceA/0x1FFFFFFF_0x2FFFFFFF", Optional.of("broker2:8080")),
Success, Overloaded));
expected.add(new UnloadDecision(
- new Unload("broker1","my-tenant/my-namespaceA/0x2FFFFFFF_0x3FFFFFFF", Optional.of("broker2")),
+ new Unload("broker1:8080","my-tenant/my-namespaceA/0x2FFFFFFF_0x3FFFFFFF", Optional.of("broker2:8080")),
Success, Overloaded));
expected.add(new UnloadDecision(
- new Unload("broker1","my-tenant/my-namespaceA/0x3FFFFFFF_0x4FFFFFFF", Optional.of("broker2")),
+ new Unload("broker1:8080","my-tenant/my-namespaceA/0x3FFFFFFF_0x4FFFFFFF", Optional.of("broker2:8080")),
Success, Overloaded));
assertEquals(counter.getLoadAvg(), 5.05);
assertEquals(counter.getLoadStd(), 4.95);
@@ -1001,20 +1002,20 @@ public class TransferShedderTest {
var brokerRegistry = mock(BrokerRegistry.class);
doReturn(brokerRegistry).when(ctx).brokerRegistry();
doReturn(CompletableFuture.completedFuture(Map.of(
- "broker1", mock(BrokerLookupData.class),
- "broker2", mock(BrokerLookupData.class)
+ "broker1:8080", mock(BrokerLookupData.class),
+ "broker2:8080", mock(BrokerLookupData.class)
))).when(brokerRegistry).getAvailableBrokerLookupDataAsync();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker1",
+ topBundlesLoadDataStore.pushAsync("broker1:8080",
getTopBundlesLoad("my-tenant/my-namespaceA", 1, 500000000));
- topBundlesLoadDataStore.pushAsync("broker2",
+ topBundlesLoadDataStore.pushAsync("broker2:8080",
getTopBundlesLoad("my-tenant/my-namespaceB", 500000000, 500000000));
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker1", getCpuLoad(ctx, 50, "broker1"));
- brokerLoadDataStore.pushAsync("broker2", getCpuLoad(ctx, 100, "broker2"));
+ brokerLoadDataStore.pushAsync("broker1:8080", getCpuLoad(ctx, 50, "broker1:8080"));
+ brokerLoadDataStore.pushAsync("broker2:8080", getCpuLoad(ctx, 100, "broker2:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
@@ -1032,24 +1033,24 @@ public class TransferShedderTest {
var brokerRegistry = mock(BrokerRegistry.class);
doReturn(brokerRegistry).when(ctx).brokerRegistry();
doReturn(CompletableFuture.completedFuture(Map.of(
- "broker1", mock(BrokerLookupData.class),
- "broker2", mock(BrokerLookupData.class)
+ "broker1:8080", mock(BrokerLookupData.class),
+ "broker2:8080", mock(BrokerLookupData.class)
))).when(brokerRegistry).getAvailableBrokerLookupDataAsync();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker1", getTopBundlesLoad("my-tenant/my-namespaceA", 1000000, 2000000, 3000000, 4000000, 5000000));
- topBundlesLoadDataStore.pushAsync("broker2", getTopBundlesLoad("my-tenant/my-namespaceB", 490000000, 510000000));
+ topBundlesLoadDataStore.pushAsync("broker1:8080", getTopBundlesLoad("my-tenant/my-namespaceA", 1000000, 2000000, 3000000, 4000000, 5000000));
+ topBundlesLoadDataStore.pushAsync("broker2:8080", getTopBundlesLoad("my-tenant/my-namespaceB", 490000000, 510000000));
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker1", getCpuLoad(ctx, 10, "broker1"));
- brokerLoadDataStore.pushAsync("broker2", getCpuLoad(ctx, 1000, "broker2"));
+ brokerLoadDataStore.pushAsync("broker1:8080", getCpuLoad(ctx, 10, "broker1:8080"));
+ brokerLoadDataStore.pushAsync("broker2:8080", getCpuLoad(ctx, 1000, "broker2:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
expected.add(new UnloadDecision(
- new Unload("broker2", "my-tenant/my-namespaceB/0x00000000_0x0FFFFFFF", Optional.of("broker1")),
+ new Unload("broker2:8080", "my-tenant/my-namespaceB/0x00000000_0x0FFFFFFF", Optional.of("broker1:8080")),
Success, Overloaded));
assertEquals(counter.getLoadAvg(), 5.05);
assertEquals(counter.getLoadStd(), 4.95);
@@ -1070,30 +1071,30 @@ public class TransferShedderTest {
var brokerRegistry = mock(BrokerRegistry.class);
doReturn(brokerRegistry).when(ctx).brokerRegistry();
doReturn(CompletableFuture.completedFuture(Map.of(
- "broker1", mock(BrokerLookupData.class),
- "broker2", mock(BrokerLookupData.class)
+ "broker1:8080", mock(BrokerLookupData.class),
+ "broker2:8080", mock(BrokerLookupData.class)
))).when(brokerRegistry).getAvailableBrokerLookupDataAsync();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker1", getTopBundlesLoad("my-tenant/my-namespaceA", 2400000, 2400000));
- topBundlesLoadDataStore.pushAsync("broker2", getTopBundlesLoad("my-tenant/my-namespaceB", 5000000, 5000000));
+ topBundlesLoadDataStore.pushAsync("broker1:8080", getTopBundlesLoad("my-tenant/my-namespaceA", 2400000, 2400000));
+ topBundlesLoadDataStore.pushAsync("broker2:8080", getTopBundlesLoad("my-tenant/my-namespaceB", 5000000, 5000000));
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker1", getCpuLoad(ctx, 48, "broker1"));
- brokerLoadDataStore.pushAsync("broker2", getCpuLoad(ctx, 100, "broker2"));
+ brokerLoadDataStore.pushAsync("broker1:8080", getCpuLoad(ctx, 48, "broker1:8080"));
+ brokerLoadDataStore.pushAsync("broker2:8080", getCpuLoad(ctx, 100, "broker2:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
expected.add(new UnloadDecision(
- new Unload("broker1",
- res.stream().filter(x -> x.getUnload().sourceBroker().equals("broker1")).findFirst().get()
- .getUnload().serviceUnit(), Optional.of("broker2")),
+ new Unload("broker1:8080",
+ res.stream().filter(x -> x.getUnload().sourceBroker().equals("broker1:8080")).findFirst().get()
+ .getUnload().serviceUnit(), Optional.of("broker2:8080")),
Success, Overloaded));
expected.add(new UnloadDecision(
- new Unload("broker2",
- res.stream().filter(x -> x.getUnload().sourceBroker().equals("broker2")).findFirst().get()
- .getUnload().serviceUnit(), Optional.of("broker1")),
+ new Unload("broker2:8080",
+ res.stream().filter(x -> x.getUnload().sourceBroker().equals("broker2:8080")).findFirst().get()
+ .getUnload().serviceUnit(), Optional.of("broker1:8080")),
Success, Overloaded));
assertEquals(counter.getLoadAvg(), 0.74);
assertEquals(counter.getLoadStd(), 0.26);
@@ -1111,18 +1112,18 @@ public class TransferShedderTest {
var ctx = setupContext();
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- var load = getCpuLoad(ctx, 4, "broker2");
+ var load = getCpuLoad(ctx, 4, "broker2:8080");
FieldUtils.writeDeclaredField(load,"msgThroughputEMA", 0, true);
- brokerLoadDataStore.pushAsync("broker2", load);
- brokerLoadDataStore.pushAsync("broker4", getCpuLoad(ctx, 55, "broker4"));
- brokerLoadDataStore.pushAsync("broker5", getCpuLoad(ctx, 65, "broker5"));
+ brokerLoadDataStore.pushAsync("broker2:8080", load);
+ brokerLoadDataStore.pushAsync("broker4:8080", getCpuLoad(ctx, 55, "broker4:8080"));
+ brokerLoadDataStore.pushAsync("broker5:8080", getCpuLoad(ctx, 65, "broker5:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker2")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker2:8080")),
Success, Underloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), 0.26400000000000007);
@@ -1136,17 +1137,17 @@ public class TransferShedderTest {
var ctx = setupContext();
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- var load = getCpuLoad(ctx, 3 , "broker2");
- brokerLoadDataStore.pushAsync("broker2", load);
- brokerLoadDataStore.pushAsync("broker4", getCpuLoad(ctx, 55, "broker4"));
- brokerLoadDataStore.pushAsync("broker5", getCpuLoad(ctx, 65, "broker5"));
+ var load = getCpuLoad(ctx, 3 , "broker2:8080");
+ brokerLoadDataStore.pushAsync("broker2:8080", load);
+ brokerLoadDataStore.pushAsync("broker4:8080", getCpuLoad(ctx, 55, "broker4:8080"));
+ brokerLoadDataStore.pushAsync("broker5:8080", getCpuLoad(ctx, 65, "broker5:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker2")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker2:8080")),
Success, Underloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), 0.262);
@@ -1162,9 +1163,9 @@ public class TransferShedderTest {
.setLoadBalancerMaxNumberOfBrokerSheddingPerCycle(10);
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker2")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker2:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -1188,9 +1189,9 @@ public class TransferShedderTest {
}
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker2")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker2:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -1203,13 +1204,13 @@ public class TransferShedderTest {
TransferShedder transferShedder = new TransferShedder(counter);
var ctx = setupContext();
var topBundlesLoadDataStore = ctx.topBundleLoadDataStore();
- topBundlesLoadDataStore.pushAsync("broker5", getTopBundlesLoad("my-tenant/my-namespaceE", 2000000, 3000000));
+ topBundlesLoadDataStore.pushAsync("broker5:8080", getTopBundlesLoad("my-tenant/my-namespaceE", 2000000, 3000000));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker2")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker2:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), setupLoadAvg);
@@ -1223,14 +1224,14 @@ public class TransferShedderTest {
var ctx = setupContext();
var brokerLoadDataStore = ctx.brokerLoadDataStore();
- brokerLoadDataStore.pushAsync("broker4", getCpuLoad(ctx, 200, "broker4"));
- brokerLoadDataStore.pushAsync("broker5", getCpuLoad(ctx, 1000, "broker5"));
+ brokerLoadDataStore.pushAsync("broker4:8080", getCpuLoad(ctx, 200, "broker4:8080"));
+ brokerLoadDataStore.pushAsync("broker5:8080", getCpuLoad(ctx, 1000, "broker5:8080"));
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(new Unload("broker5", bundleE1, Optional.of("broker1")),
+ expected.add(new UnloadDecision(new Unload("broker5:8080", bundleE1, Optional.of("broker1:8080")),
Success, Overloaded));
- expected.add(new UnloadDecision(new Unload("broker4", bundleD1, Optional.of("broker2")),
+ expected.add(new UnloadDecision(new Unload("broker4:8080", bundleD1, Optional.of("broker2:8080")),
Success, Overloaded));
assertEquals(res, expected);
assertEquals(counter.getLoadAvg(), 2.4240000000000004);
@@ -1264,13 +1265,16 @@ public class TransferShedderTest {
TransferShedder transferShedder = new TransferShedder(counter);
var ctx = setupContextLoadSkewedOverload(100);
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
- var expected = new HashSet<UnloadDecision>();
- expected.add(new UnloadDecision(
- new Unload("broker99", "my-tenant/my-namespace99/0x00000000_0x0FFFFFFF",
- Optional.of("broker52")), Success, Overloaded));
- assertEquals(res, expected);
- assertEquals(counter.getLoadAvg(), 0.019900000000000008);
- assertEquals(counter.getLoadStd(), 0.09850375627355534);
+ Assertions.assertThat(res).isIn(
+ Set.of(new UnloadDecision(
+ new Unload("broker99:8080", "my-tenant/my-namespace99/0x00000000_0x0FFFFFFF",
+ Optional.of("broker52:8080")), Success, Overloaded)),
+ Set.of(new UnloadDecision(
+ new Unload("broker99:8080", "my-tenant/my-namespace99/0x00000000_0x0FFFFFFF",
+ Optional.of("broker83:8080")), Success, Overloaded))
+ );
+ assertEquals(counter.getLoadAvg(), 0.019900000000000008, 0.00001);
+ assertEquals(counter.getLoadStd(), 0.09850375627355534, 0.00001);
}
@Test
@@ -1281,11 +1285,11 @@ public class TransferShedderTest {
var res = transferShedder.findBundlesForUnloading(ctx, Map.of(), Map.of());
var expected = new HashSet<UnloadDecision>();
expected.add(new UnloadDecision(
- new Unload("broker98", "my-tenant/my-namespace98/0x00000000_0x0FFFFFFF",
- Optional.of("broker99")), Success, Underloaded));
+ new Unload("broker98:8080", "my-tenant/my-namespace98/0x00000000_0x0FFFFFFF",
+ Optional.of("broker99:8080")), Success, Underloaded));
assertEquals(res, expected);
- assertEquals(counter.getLoadAvg(), 0.9704000000000005);
- assertEquals(counter.getLoadStd(), 0.09652895938523735);
+ assertEquals(counter.getLoadAvg(), 0.9704000000000005, 0.00001);
+ assertEquals(counter.getLoadStd(), 0.09652895938523735, 0.00001);
}
@Test
@@ -1301,13 +1305,13 @@ public class TransferShedderTest {
double[] loads = new double[numBrokers];
final Map<String, BrokerLookupData> availableBrokers = new HashMap<>();
for (int i = 0; i < loads.length; i++) {
- availableBrokers.put("broker" + i, mock(BrokerLookupData.class));
+ availableBrokers.put("broker" + i + ":8080", mock(BrokerLookupData.class));
}
stats.update(loadStore, availableBrokers, Map.of(), conf);
var brokerLoadDataStore = ctx.brokerLoadDataStore();
for (int i = 0; i < loads.length; i++) {
- loads[i] = loadStore.get("broker" + i).get().getWeightedMaxEMA();
+ loads[i] = loadStore.get("broker" + i + ":8080").get().getWeightedMaxEMA();
}
int i = 0;
int j = loads.length - 1;
@@ -1342,8 +1346,8 @@ public class TransferShedderTest {
var conf = ctx.brokerConfiguration();
final Map<String, BrokerLookupData> availableBrokers = new HashMap<>();
for (int i = 0; i < loads.length; i++) {
- availableBrokers.put("broker" + i, mock(BrokerLookupData.class));
- loadStore.pushAsync("broker" + i, getCpuLoad(ctx, loads[i], "broker" + i));
+ availableBrokers.put("broker" + i + ":8080", mock(BrokerLookupData.class));
+ loadStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, loads[i], "broker" + i + ":8080"));
}
stats.update(loadStore, availableBrokers, Map.of(), conf);
@@ -1361,8 +1365,8 @@ public class TransferShedderTest {
var conf = ctx.brokerConfiguration();
final Map<String, BrokerLookupData> availableBrokers = new HashMap<>();
for (int i = 0; i < loads.length; i++) {
- availableBrokers.put("broker" + i, mock(BrokerLookupData.class));
- loadStore.pushAsync("broker" + i, getCpuLoad(ctx, loads[i], "broker" + i));
+ availableBrokers.put("broker" + i + ":8080", mock(BrokerLookupData.class));
+ loadStore.pushAsync("broker" + i + ":8080", getCpuLoad(ctx, loads[i], "broker" + i + ":8080"));
}
stats.update(loadStore, availableBrokers, Map.of(), conf);
assertEquals(stats.avg(), 3.9449999999999994);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
index 6959d21cbe9..3552bd657c0 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
@@ -22,7 +22,6 @@ import static java.lang.Thread.sleep;
import static org.apache.pulsar.broker.loadbalance.impl.ModularLoadManagerImpl.TIME_AVERAGE_BROKER_ZPATH;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@@ -30,6 +29,7 @@ import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertNotEquals;
import static org.testng.Assert.assertTrue;
+import static org.testng.Assert.fail;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.BoundType;
import com.google.common.collect.Range;
@@ -81,16 +81,17 @@ import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.NamespaceIsolationDataImpl;
import org.apache.pulsar.common.policies.data.TenantInfoImpl;
import org.apache.pulsar.common.util.ObjectMapperFactory;
+import org.apache.pulsar.common.util.PortManager;
import org.apache.pulsar.metadata.api.MetadataCache;
import org.apache.pulsar.metadata.api.Notification;
import org.apache.pulsar.metadata.api.NotificationType;
import org.apache.pulsar.metadata.api.extended.CreateOption;
+import org.apache.pulsar.policies.data.loadbalancer.BrokerData;
+import org.apache.pulsar.policies.data.loadbalancer.BundleData;
import org.apache.pulsar.policies.data.loadbalancer.LocalBrokerData;
import org.apache.pulsar.policies.data.loadbalancer.NamespaceBundleStats;
import org.apache.pulsar.policies.data.loadbalancer.ResourceUsage;
import org.apache.pulsar.policies.data.loadbalancer.SystemResourceUsage;
-import org.apache.pulsar.policies.data.loadbalancer.BrokerData;
-import org.apache.pulsar.policies.data.loadbalancer.BundleData;
import org.apache.pulsar.policies.data.loadbalancer.TimeAverageBrokerData;
import org.apache.pulsar.policies.data.loadbalancer.TimeAverageMessageData;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
@@ -116,12 +117,9 @@ public class ModularLoadManagerImplTest {
private PulsarService pulsar3;
- private String primaryHost;
+ private String primaryBrokerId;
- private String primaryTlsHost;
- private String secondaryHost;
-
- private String secondaryTlsHost;
+ private String secondaryBrokerId;
private NamespaceBundleFactory nsFactory;
@@ -179,8 +177,7 @@ public class ModularLoadManagerImplTest {
pulsar1 = new PulsarService(config1);
pulsar1.start();
- primaryHost = String.format("%s:%d", "localhost", pulsar1.getListenPortHTTP().get());
- primaryTlsHost = String.format("%s:%d", "localhost", pulsar1.getListenPortHTTPS().get());
+ primaryBrokerId = String.format("%s:%d", "localhost", pulsar1.getListenPortHTTPS().get());
url1 = new URL(pulsar1.getWebServiceAddress());
admin1 = PulsarAdmin.builder().serviceHttpUrl(url1.toString()).build();
@@ -214,8 +211,7 @@ public class ModularLoadManagerImplTest {
config.setBrokerServicePortTls(Optional.of(0));
pulsar3 = new PulsarService(config);
- secondaryHost = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTP().get());
- secondaryTlsHost = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTPS().get());
+ secondaryBrokerId = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTPS().get());
url2 = new URL(pulsar2.getWebServiceAddress());
admin2 = PulsarAdmin.builder().serviceHttpUrl(url2.toString()).build();
@@ -235,7 +231,7 @@ public class ModularLoadManagerImplTest {
pulsar2.close();
pulsar1.close();
-
+
if (pulsar3.isRunning()) {
pulsar3.close();
}
@@ -266,7 +262,7 @@ public class ModularLoadManagerImplTest {
for (int i = 0; i < 2; ++i) {
final ServiceUnitId serviceUnit = makeBundle(Integer.toString(i));
final String broker = primaryLoadManager.selectBrokerForAssignment(serviceUnit).get();
- if (broker.equals(primaryHost)) {
+ if (broker.equals(primaryBrokerId)) {
foundFirst = true;
} else {
foundSecond = true;
@@ -282,12 +278,12 @@ public class ModularLoadManagerImplTest {
LoadData loadData = (LoadData) getField(primaryLoadManager, "loadData");
// Make sure the second broker is not in the internal map.
- Awaitility.await().untilAsserted(() -> assertFalse(loadData.getBrokerData().containsKey(secondaryHost)));
+ Awaitility.await().untilAsserted(() -> assertFalse(loadData.getBrokerData().containsKey(secondaryBrokerId)));
// Try 5 more selections, ensure they all go to the first broker.
for (int i = 2; i < 7; ++i) {
final ServiceUnitId serviceUnit = makeBundle(Integer.toString(i));
- assertEquals(primaryLoadManager.selectBrokerForAssignment(serviceUnit), primaryHost);
+ assertEquals(primaryLoadManager.selectBrokerForAssignment(serviceUnit), primaryBrokerId);
}
}
@@ -309,7 +305,7 @@ public class ModularLoadManagerImplTest {
// one bundle.
pulsar1.getLocalMetadataStore().getMetadataCache(BundleData.class).create(firstBundleDataPath, bundleData).join();
for (final NamespaceBundle bundle : bundles) {
- if (primaryLoadManager.selectBrokerForAssignment(bundle).equals(primaryHost)) {
+ if (primaryLoadManager.selectBrokerForAssignment(bundle).equals(primaryBrokerId)) {
++numAssignedToPrimary;
} else {
++numAssignedToSecondary;
@@ -323,52 +319,52 @@ public class ModularLoadManagerImplTest {
}
-
+
@Test
public void testBrokerAffinity() throws Exception {
// Start broker 3
pulsar3.start();
-
+
final String tenant = "test";
final String cluster = "test";
String namespace = tenant + "/" + cluster + "/" + "test";
String topic = "persistent://" + namespace + "/my-topic1";
- admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl("http://" + pulsar1.getAdvertisedAddress()).build());
+ admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress()).build());
admin1.tenants().createTenant(tenant,
new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet(cluster)));
admin1.namespaces().createNamespace(namespace, 16);
-
+
String topicLookup = admin1.lookups().lookupTopic(topic);
String bundleRange = admin1.lookups().getBundleRange(topic);
-
+
String brokerServiceUrl = pulsar1.getBrokerServiceUrl();
- String brokerUrl = pulsar1.getSafeWebServiceAddress();
+ String brokerId = pulsar1.getBrokerId();
log.debug("initial broker service url - {}", topicLookup);
Random rand=new Random();
-
+
if (topicLookup.equals(brokerServiceUrl)) {
int x = rand.nextInt(2);
if (x == 0) {
- brokerUrl = pulsar2.getSafeWebServiceAddress();
+ brokerId = pulsar2.getBrokerId();
brokerServiceUrl = pulsar2.getBrokerServiceUrl();
}
else {
- brokerUrl = pulsar3.getSafeWebServiceAddress();
+ brokerId = pulsar3.getBrokerId();
brokerServiceUrl = pulsar3.getBrokerServiceUrl();
}
}
- brokerUrl = brokerUrl.replaceFirst("http[s]?://", "");
- log.debug("destination broker service url - {}, broker url - {}", brokerServiceUrl, brokerUrl);
- String leaderServiceUrl = admin1.brokers().getLeaderBroker().getServiceUrl();
- log.debug("leader serviceUrl - {}, broker1 service url - {}", leaderServiceUrl, pulsar1.getSafeWebServiceAddress());
- //Make a call to broker which is not a leader
- if (!leaderServiceUrl.equals(pulsar1.getSafeWebServiceAddress())) {
- admin1.namespaces().unloadNamespaceBundle(namespace, bundleRange, brokerUrl);
+ log.debug("destination broker service url - {}, broker url - {}", brokerServiceUrl, brokerId);
+ String leaderBrokerId = admin1.brokers().getLeaderBroker().getBrokerId();
+ log.debug("leader lookup address - {}, broker1 lookup address - {}", leaderBrokerId,
+ pulsar1.getBrokerId());
+ // Make a call to broker which is not a leader
+ if (!leaderBrokerId.equals(pulsar1.getBrokerId())) {
+ admin1.namespaces().unloadNamespaceBundle(namespace, bundleRange, brokerId);
}
else {
- admin2.namespaces().unloadNamespaceBundle(namespace, bundleRange, brokerUrl);
+ admin2.namespaces().unloadNamespaceBundle(namespace, bundleRange, brokerId);
}
-
+
sleep(2000);
String topicLookupAfterUnload = admin1.lookups().lookupTopic(topic);
log.debug("final broker service url - {}", topicLookupAfterUnload);
@@ -440,9 +436,9 @@ public class ModularLoadManagerImplTest {
pulsar1.getConfiguration().setLoadBalancerEnabled(true);
final LoadData loadData = (LoadData) getField(primaryLoadManagerSpy, "loadData");
final Map<String, BrokerData> brokerDataMap = loadData.getBrokerData();
- final BrokerData brokerDataSpy1 = spy(brokerDataMap.get(primaryTlsHost));
+ final BrokerData brokerDataSpy1 = spy(brokerDataMap.get(primaryBrokerId));
when(brokerDataSpy1.getLocalData()).thenReturn(localBrokerData);
- brokerDataMap.put(primaryTlsHost, brokerDataSpy1);
+ brokerDataMap.put(primaryBrokerId, brokerDataSpy1);
// Need to update all the bundle data for the shredder to see the spy.
primaryLoadManagerSpy.handleDataNotification(new Notification(NotificationType.Created, LoadManager.LOADBALANCE_BROKERS_ROOT + "/broker:8080"));
@@ -460,7 +456,7 @@ public class ModularLoadManagerImplTest {
verify(namespacesSpy1, Mockito.times(1))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
assertEquals(bundleReference.get(), mockBundleName(2));
- assertEquals(selectedBrokerRef.get().get(), secondaryTlsHost);
+ assertEquals(selectedBrokerRef.get().get(), secondaryBrokerId);
primaryLoadManagerSpy.doLoadShedding();
// Now less expensive bundle will be unloaded (normally other bundle would move off and nothing would be
@@ -468,13 +464,13 @@ public class ModularLoadManagerImplTest {
verify(namespacesSpy1, Mockito.times(2))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
assertEquals(bundleReference.get(), mockBundleName(1));
- assertEquals(selectedBrokerRef.get().get(), secondaryTlsHost);
+ assertEquals(selectedBrokerRef.get().get(), secondaryBrokerId);
primaryLoadManagerSpy.doLoadShedding();
// Now both are in grace period: neither should be unloaded.
verify(namespacesSpy1, Mockito.times(2))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
- assertEquals(selectedBrokerRef.get().get(), secondaryTlsHost);
+ assertEquals(selectedBrokerRef.get().get(), secondaryBrokerId);
// Test bundle transfer to same broker
@@ -483,13 +479,11 @@ public class ModularLoadManagerImplTest {
verify(namespacesSpy1, Mockito.times(3))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
- doReturn(Optional.of(primaryHost)).when(primaryLoadManagerSpy).selectBroker(any());
loadData.getRecentlyUnloadedBundles().clear();
primaryLoadManagerSpy.doLoadShedding();
// The bundle shouldn't be unloaded because the broker is the same.
verify(namespacesSpy1, Mockito.times(4))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
-
}
// Test that ModularLoadManagerImpl will determine that writing local data to ZooKeeper is necessary if certain
@@ -606,10 +600,12 @@ public class ModularLoadManagerImplTest {
final String tenant = "my-property";
final String cluster = "use";
final String namespace = "my-ns";
- final String broker1Address = pulsar1.getAdvertisedAddress() + "0";
- final String broker2Address = pulsar2.getAdvertisedAddress() + "1";
- final String sharedBroker = "broker3";
- admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl("http://" + pulsar1.getAdvertisedAddress()).build());
+ String broker1Host = pulsar1.getAdvertisedAddress() + "0";
+ final String broker1Address = broker1Host + ":8080";
+ String broker2Host = pulsar2.getAdvertisedAddress() + "1";
+ final String broker2Address = broker2Host + ":8080";
+ final String sharedBroker = "broker3:8080";
+ admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress()).build());
admin1.tenants().createTenant(tenant,
new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet(cluster)));
admin1.namespaces().createNamespace(tenant + "/" + cluster + "/" + namespace);
@@ -617,8 +613,8 @@ public class ModularLoadManagerImplTest {
// set a new policy
String newPolicyJsonTemplate = "{\"namespaces\":[\"%s/%s/%s.*\"],\"primary\":[\"%s\"],"
+ "\"secondary\":[\"%s\"],\"auto_failover_policy\":{\"policy_type\":\"min_available\",\"parameters\":{\"min_limit\":%s,\"usage_threshold\":80}}}";
- String newPolicyJson = String.format(newPolicyJsonTemplate, tenant, cluster, namespace, broker1Address,
- broker2Address, 1);
+ String newPolicyJson = String.format(newPolicyJsonTemplate, tenant, cluster, namespace, broker1Host,
+ broker2Host, 1);
String newPolicyName = "my-ns-isolation-policies";
ObjectMapper jsonMapper = ObjectMapperFactory.create();
NamespaceIsolationDataImpl nsPolicyData = jsonMapper.readValue(newPolicyJson.getBytes(),
@@ -630,12 +626,12 @@ public class ModularLoadManagerImplTest {
ServiceUnitId serviceUnit = LoadBalancerTestingUtils.makeBundles(nsFactory, tenant, cluster, namespace, 1)[0];
BrokerTopicLoadingPredicate brokerTopicLoadingPredicate = new BrokerTopicLoadingPredicate() {
@Override
- public boolean isEnablePersistentTopics(String brokerUrl) {
+ public boolean isEnablePersistentTopics(String brokerId) {
return true;
}
@Override
- public boolean isEnableNonPersistentTopics(String brokerUrl) {
+ public boolean isEnableNonPersistentTopics(String brokerId) {
return true;
}
};
@@ -667,8 +663,8 @@ public class ModularLoadManagerImplTest {
// (2) now we will have isolation policy : primary=broker1, secondary=broker2, minLimit=2
- newPolicyJson = String.format(newPolicyJsonTemplate, tenant, cluster, namespace, broker1Address,
- broker2Address, 2);
+ newPolicyJson = String.format(newPolicyJsonTemplate, tenant, cluster, namespace, broker1Host,
+ broker2Host, 2);
nsPolicyData = jsonMapper.readValue(newPolicyJson.getBytes(), NamespaceIsolationDataImpl.class);
admin1.clusters().createNamespaceIsolationPolicy("use", newPolicyName, nsPolicyData);
@@ -705,10 +701,12 @@ public class ModularLoadManagerImplTest {
final String tenant = "my-tenant";
final String namespace = "my-tenant/use/my-ns";
final String bundle = "0x00000000_0xffffffff";
- final String brokerAddress = pulsar1.getAdvertisedAddress();
- final String broker1Address = pulsar1.getAdvertisedAddress() + 1;
+ final String brokerHost = pulsar1.getAdvertisedAddress();
+ final String brokerAddress = brokerHost + ":8080";
+ final String broker1Host = pulsar1.getAdvertisedAddress() + "1";
+ final String broker1Address = broker1Host + ":8080";
- admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl("http://" + pulsar1.getAdvertisedAddress()).build());
+ admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress()).build());
admin1.tenants().createTenant(tenant,
new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet(cluster)));
admin1.namespaces().createNamespace(namespace);
@@ -723,12 +721,13 @@ public class ModularLoadManagerImplTest {
loadManager.updateAll();
// test1: no isolation policy
- assertTrue(loadManager.shouldNamespacePoliciesUnload(namespace, bundle, primaryHost));
+ assertTrue(loadManager.shouldNamespacePoliciesUnload(namespace, bundle, primaryBrokerId));
// test2: as isolation policy, there are not another broker to load the bundle.
String newPolicyJsonTemplate = "{\"namespaces\":[\"%s.*\"],\"primary\":[\"%s\"],"
+ "\"secondary\":[\"%s\"],\"auto_failover_policy\":{\"policy_type\":\"min_available\",\"parameters\":{\"min_limit\":%s,\"usage_threshold\":80}}}";
- String newPolicyJson = String.format(newPolicyJsonTemplate, namespace, broker1Address,broker1Address, 1);
+
+ String newPolicyJson = String.format(newPolicyJsonTemplate, namespace, broker1Host, broker1Host, 1);
String newPolicyName = "my-ns-isolation-policies";
ObjectMapper jsonMapper = ObjectMapperFactory.create();
NamespaceIsolationDataImpl nsPolicyData = jsonMapper.readValue(newPolicyJson.getBytes(),
@@ -737,11 +736,11 @@ public class ModularLoadManagerImplTest {
assertFalse(loadManager.shouldNamespacePoliciesUnload(namespace, bundle, broker1Address));
// test3: as isolation policy, there are another can load the bundle.
- String newPolicyJson1 = String.format(newPolicyJsonTemplate, namespace, brokerAddress,brokerAddress, 1);
+ String newPolicyJson1 = String.format(newPolicyJsonTemplate, namespace, brokerHost, brokerHost, 1);
NamespaceIsolationDataImpl nsPolicyData1 = jsonMapper.readValue(newPolicyJson1.getBytes(),
NamespaceIsolationDataImpl.class);
admin1.clusters().updateNamespaceIsolationPolicy(cluster, newPolicyName, nsPolicyData1);
- assertTrue(loadManager.shouldNamespacePoliciesUnload(namespace, bundle, primaryHost));
+ assertTrue(loadManager.shouldNamespacePoliciesUnload(namespace, bundle, primaryBrokerId));
producer.close();
}
@@ -758,7 +757,7 @@ public class ModularLoadManagerImplTest {
ServiceConfiguration config = new ServiceConfiguration();
config.setLoadManagerClassName(ModularLoadManagerImpl.class.getName());
config.setClusterName("use");
- config.setWebServicePort(Optional.of(0));
+ config.setWebServicePort(Optional.of(PortManager.nextLockedFreePort()));
config.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config.setBrokerShutdownTimeoutMs(0L);
config.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
@@ -766,10 +765,12 @@ public class ModularLoadManagerImplTest {
PulsarService pulsar = new PulsarService(config);
// create znode using different zk-session
final String brokerZnode = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + pulsar.getAdvertisedAddress() + ":"
- + config.getWebServicePort();
- pulsar1.getLocalMetadataStore().put(brokerZnode, new byte[0], Optional.empty(), EnumSet.of(CreateOption.Ephemeral)).join();
+ + config.getWebServicePort().get();
+ pulsar1.getLocalMetadataStore()
+ .put(brokerZnode, new byte[0], Optional.empty(), EnumSet.of(CreateOption.Ephemeral)).join();
try {
pulsar.start();
+ fail("should have failed");
} catch (PulsarServerException e) {
//Ok.
}
@@ -808,7 +809,7 @@ public class ModularLoadManagerImplTest {
final String topicName = tenant + "/" + namespace + "/" + "topic";
int bundleNumbers = 8;
- admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl("http://" + pulsar1.getAdvertisedAddress()).build());
+ admin1.clusters().createCluster(cluster, ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress()).build());
admin1.tenants().createTenant(tenant,
new TenantInfoImpl(Sets.newHashSet("appid1", "appid2"), Sets.newHashSet(cluster)));
admin1.namespaces().createNamespace(tenant + "/" + namespace, bundleNumbers);
@@ -858,7 +859,6 @@ public class ModularLoadManagerImplTest {
final Optional<ResourceUnit> leastLoaded = loadManagerWrapper.getLeastLoaded(bundleWillBeSplit);
assertFalse(leastLoaded.isEmpty());
- assertTrue(leastLoaded.get().getResourceId().startsWith("https"));
String bundleDataPath = ModularLoadManagerImpl.BUNDLE_DATA_PATH + "/" + tenant + "/" + namespace;
CompletableFuture<List<String>> children = bundlesCache.getChildren(bundleDataPath);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/NamespaceServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/NamespaceServiceTest.java
index 03bb53eb9da..f3fabc91034 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/NamespaceServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/NamespaceServiceTest.java
@@ -349,14 +349,14 @@ public class NamespaceServiceTest extends BrokerTestBase {
@Test
public void testLoadReportDeserialize() throws Exception {
- final String candidateBroker1 = "http://localhost:8000";
- final String candidateBroker2 = "http://localhost:3000";
- LoadReport lr = new LoadReport(null, null, candidateBroker1, null);
- LocalBrokerData ld = new LocalBrokerData(null, null, candidateBroker2, null);
- URI uri1 = new URI(candidateBroker1);
- URI uri2 = new URI(candidateBroker2);
- String path1 = String.format("%s/%s:%s", LoadManager.LOADBALANCE_BROKERS_ROOT, uri1.getHost(), uri1.getPort());
- String path2 = String.format("%s/%s:%s", LoadManager.LOADBALANCE_BROKERS_ROOT, uri2.getHost(), uri2.getPort());
+ final String candidateBroker1 = "localhost:8000";
+ String broker1Url = "pulsar://localhost:6650";
+ final String candidateBroker2 = "localhost:3000";
+ String broker2Url = "pulsar://localhost:6660";
+ LoadReport lr = new LoadReport("http://" + candidateBroker1, null, broker1Url, null);
+ LocalBrokerData ld = new LocalBrokerData("http://" + candidateBroker2, null, broker2Url, null);
+ String path1 = String.format("%s/%s", LoadManager.LOADBALANCE_BROKERS_ROOT, candidateBroker1);
+ String path2 = String.format("%s/%s", LoadManager.LOADBALANCE_BROKERS_ROOT, candidateBroker2);
pulsar.getLocalMetadataStore().put(path1,
ObjectMapperFactory.getMapper().writer().writeValueAsBytes(lr),
@@ -375,23 +375,23 @@ public class NamespaceServiceTest extends BrokerTestBase {
.getAndSet(new ModularLoadManagerWrapper(new ModularLoadManagerImpl()));
oldLoadManager.stop();
LookupResult result2 = pulsar.getNamespaceService().createLookupResult(candidateBroker2, false, null).get();
- Assert.assertEquals(result1.getLookupData().getBrokerUrl(), candidateBroker1);
- Assert.assertEquals(result2.getLookupData().getBrokerUrl(), candidateBroker2);
+ Assert.assertEquals(result1.getLookupData().getBrokerUrl(), broker1Url);
+ Assert.assertEquals(result2.getLookupData().getBrokerUrl(), broker2Url);
System.out.println(result2);
}
@Test
public void testCreateLookupResult() throws Exception {
- final String candidateBroker = "pulsar://localhost:6650";
+ final String candidateBroker = "localhost:8080";
+ final String brokerUrl = "pulsar://localhost:6650";
final String listenerUrl = "pulsar://localhost:7000";
final String listenerUrlTls = "pulsar://localhost:8000";
final String listener = "listenerName";
Map<String, AdvertisedListener> advertisedListeners = new HashMap<>();
advertisedListeners.put(listener, AdvertisedListener.builder().brokerServiceUrl(new URI(listenerUrl)).brokerServiceUrlTls(new URI(listenerUrlTls)).build());
- LocalBrokerData ld = new LocalBrokerData(null, null, candidateBroker, null, advertisedListeners);
- URI uri = new URI(candidateBroker);
- String path = String.format("%s/%s:%s", LoadManager.LOADBALANCE_BROKERS_ROOT, uri.getHost(), uri.getPort());
+ LocalBrokerData ld = new LocalBrokerData("http://" + candidateBroker, null, brokerUrl, null, advertisedListeners);
+ String path = String.format("%s/%s", LoadManager.LOADBALANCE_BROKERS_ROOT, candidateBroker);
pulsar.getLocalMetadataStore().put(path,
ObjectMapperFactory.getMapper().writer().writeValueAsBytes(ld),
@@ -401,7 +401,7 @@ public class NamespaceServiceTest extends BrokerTestBase {
LookupResult noListener = pulsar.getNamespaceService().createLookupResult(candidateBroker, false, null).get();
LookupResult withListener = pulsar.getNamespaceService().createLookupResult(candidateBroker, false, listener).get();
- Assert.assertEquals(noListener.getLookupData().getBrokerUrl(), candidateBroker);
+ Assert.assertEquals(noListener.getLookupData().getBrokerUrl(), brokerUrl);
Assert.assertEquals(withListener.getLookupData().getBrokerUrl(), listenerUrl);
Assert.assertEquals(withListener.getLookupData().getBrokerUrlTls(), listenerUrlTls);
System.out.println(withListener);
@@ -683,7 +683,7 @@ public class NamespaceServiceTest extends BrokerTestBase {
@Test
public void testHeartbeatNamespaceMatch() throws Exception {
- NamespaceName namespaceName = NamespaceService.getHeartbeatNamespace(pulsar.getLookupServiceAddress(), conf);
+ NamespaceName namespaceName = NamespaceService.getHeartbeatNamespace(pulsar.getBrokerId(), conf);
NamespaceBundle namespaceBundle = pulsar.getNamespaceService().getNamespaceBundleFactory().getFullBundle(namespaceName);
assertTrue(NamespaceService.isSystemServiceNamespace(
NamespaceBundle.getBundleNamespace(namespaceBundle.toString())));
@@ -704,7 +704,7 @@ public class NamespaceServiceTest extends BrokerTestBase {
Field loadManagerField = NamespaceService.class.getDeclaredField("loadManager");
loadManagerField.setAccessible(true);
doReturn(true).when(loadManager).isCentralized();
- SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getSafeWebServiceAddress(), null);
+ SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getBrokerId(), null);
Optional<ResourceUnit> res = Optional.of(resourceUnit);
doReturn(res).when(loadManager).getLeastLoaded(any(ServiceUnitId.class));
loadManagerField.set(pulsar.getNamespaceService(), new AtomicReference<>(loadManager));
@@ -834,10 +834,7 @@ public class NamespaceServiceTest extends BrokerTestBase {
public CompletableFuture<Void> registryBrokerDataChangeNotice() {
CompletableFuture<Void> completableFuture = new CompletableFuture<>();
- String lookupServiceAddress = pulsar.getAdvertisedAddress() + ":"
- + (conf.getWebServicePort().isPresent() ? conf.getWebServicePort().get()
- : conf.getWebServicePortTls().get());
- String brokerDataPath = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + lookupServiceAddress;
+ String brokerDataPath = LoadManager.LOADBALANCE_BROKERS_ROOT + "/" + pulsar.getBrokerId();
pulsar.getLocalMetadataStore().registerListener(notice -> {
if (brokerDataPath.equals(notice.getPath())){
if (!completableFuture.isDone()) {
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
index f07a1b99c3d..0c059d20833 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
@@ -1534,9 +1534,9 @@ public class BrokerServiceTest extends BrokerTestBase {
assertTrue(brokerService.isSystemTopic(TRANSACTION_COORDINATOR_ASSIGN));
assertTrue(brokerService.isSystemTopic(TRANSACTION_COORDINATOR_LOG));
NamespaceName heartbeatNamespaceV1 = NamespaceService
- .getHeartbeatNamespace(pulsar.getLookupServiceAddress(), pulsar.getConfig());
+ .getHeartbeatNamespace(pulsar.getBrokerId(), pulsar.getConfig());
NamespaceName heartbeatNamespaceV2 = NamespaceService
- .getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(), pulsar.getConfig());
+ .getHeartbeatNamespaceV2(pulsar.getBrokerId(), pulsar.getConfig());
assertTrue(brokerService.isSystemTopic("persistent://" + heartbeatNamespaceV1.toString() + "/healthcheck"));
assertTrue(brokerService.isSystemTopic(heartbeatNamespaceV2.toString() + "/healthcheck"));
}
@@ -1648,11 +1648,11 @@ public class BrokerServiceTest extends BrokerTestBase {
}
@Test
- public void testGetLookupServiceAddress() throws Exception {
+ public void testGetBrokerId() throws Exception {
cleanup();
- setup();
conf.setWebServicePortTls(Optional.of(8081));
- assertEquals(pulsar.getLookupServiceAddress(), "localhost:8081");
+ setup();
+ assertEquals(pulsar.getBrokerId(), "localhost:8081");
resetState();
}
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/InactiveTopicDeleteTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/InactiveTopicDeleteTest.java
index ddb4e30b9ac..765a33968b9 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/InactiveTopicDeleteTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/InactiveTopicDeleteTest.java
@@ -598,11 +598,11 @@ public class InactiveTopicDeleteTest extends BrokerTestBase {
super.baseSetup();
// init topic
NamespaceName heartbeatNamespaceV1 = NamespaceService
- .getHeartbeatNamespace(pulsar.getLookupServiceAddress(), pulsar.getConfig());
+ .getHeartbeatNamespace(pulsar.getBrokerId(), pulsar.getConfig());
final String healthCheckTopicV1 = "persistent://" + heartbeatNamespaceV1 + "/healthcheck";
NamespaceName heartbeatNamespaceV2 = NamespaceService
- .getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(), pulsar.getConfig());
+ .getHeartbeatNamespaceV2(pulsar.getBrokerId(), pulsar.getConfig());
final String healthCheckTopicV2 = "persistent://" + heartbeatNamespaceV2 + "/healthcheck";
admin.brokers().healthcheck(TopicVersion.V1);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/systopic/PartitionedSystemTopicTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/systopic/PartitionedSystemTopicTest.java
index 416d7ed0270..a2401ebe19a 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/systopic/PartitionedSystemTopicTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/systopic/PartitionedSystemTopicTest.java
@@ -165,7 +165,7 @@ public class PartitionedSystemTopicTest extends BrokerTestBase {
@Test
public void testHealthCheckTopicNotOffload() throws Exception {
- NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(),
+ NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getBrokerId(),
pulsar.getConfig());
TopicName topicName = TopicName.get("persistent", namespaceName, BrokersBase.HEALTH_CHECK_TOPIC_SUFFIX);
PersistentTopic persistentTopic = (PersistentTopic) pulsar.getBrokerService()
@@ -185,7 +185,7 @@ public class PartitionedSystemTopicTest extends BrokerTestBase {
@Test
public void testSystemNamespaceNotCreateChangeEventsTopic() throws Exception {
admin.brokers().healthcheck(TopicVersion.V2);
- NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(),
+ NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getBrokerId(),
pulsar.getConfig());
TopicName topicName = TopicName.get("persistent", namespaceName, SystemTopicNames.NAMESPACE_EVENTS_LOCAL_NAME);
Optional<Topic> optionalTopic = pulsar.getBrokerService()
@@ -203,7 +203,7 @@ public class PartitionedSystemTopicTest extends BrokerTestBase {
@Test
public void testHeartbeatTopicNotAllowedToSendEvent() throws Exception {
admin.brokers().healthcheck(TopicVersion.V2);
- NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(),
+ NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getBrokerId(),
pulsar.getConfig());
TopicName topicName = TopicName.get("persistent", namespaceName, SystemTopicNames.NAMESPACE_EVENTS_LOCAL_NAME);
for (int partition = 0; partition < PARTITIONS; partition ++) {
@@ -218,7 +218,7 @@ public class PartitionedSystemTopicTest extends BrokerTestBase {
@Test
public void testHeartbeatTopicBeDeleted() throws Exception {
admin.brokers().healthcheck(TopicVersion.V2);
- NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(),
+ NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getBrokerId(),
pulsar.getConfig());
TopicName heartbeatTopicName = TopicName.get("persistent", namespaceName, BrokersBase.HEALTH_CHECK_TOPIC_SUFFIX);
@@ -230,11 +230,11 @@ public class PartitionedSystemTopicTest extends BrokerTestBase {
topics = getPulsar().getNamespaceService().getListOfPersistentTopics(namespaceName).join();
Assert.assertEquals(topics.size(), 0);
}
-
+
@Test
public void testHeartbeatNamespaceNotCreateTransactionInternalTopic() throws Exception {
admin.brokers().healthcheck(TopicVersion.V2);
- NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(),
+ NamespaceName namespaceName = NamespaceService.getHeartbeatNamespaceV2(pulsar.getBrokerId(),
pulsar.getConfig());
TopicName topicName = TopicName.get("persistent",
namespaceName, SystemTopicNames.TRANSACTION_BUFFER_SNAPSHOT);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java
index 49a3fd7ef1e..018358c791f 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/testcontext/PulsarTestContext.java
@@ -54,6 +54,7 @@ import org.apache.pulsar.broker.service.BrokerService;
import org.apache.pulsar.broker.service.ServerCnx;
import org.apache.pulsar.broker.storage.ManagedLedgerStorage;
import org.apache.pulsar.common.util.GracefulExecutorServicesShutdown;
+import org.apache.pulsar.common.util.PortManager;
import org.apache.pulsar.compaction.Compactor;
import org.apache.pulsar.metadata.api.MetadataStore;
import org.apache.pulsar.metadata.api.MetadataStoreConfig;
@@ -153,6 +154,8 @@ public class PulsarTestContext implements AutoCloseable {
private final boolean startable;
+ private final boolean preallocatePorts;
+
public ManagedLedgerFactory getManagedLedgerFactory() {
return managedLedgerClientFactory.getManagedLedgerFactory();
@@ -220,7 +223,9 @@ public class PulsarTestContext implements AutoCloseable {
protected SpyConfig.Builder spyConfigBuilder = SpyConfig.builder(SpyConfig.SpyType.NONE);
protected Consumer<PulsarService> pulsarServiceCustomizer;
protected ServiceConfiguration svcConfig = initializeConfig();
- protected Consumer<ServiceConfiguration> configOverrideCustomizer = this::defaultOverrideServiceConfiguration;
+ protected Consumer<ServiceConfiguration> configOverrideCustomizer;
+
+ protected boolean configOverrideCalled = false;
protected Function<BrokerService, BrokerService> brokerServiceCustomizer = Function.identity();
/**
@@ -345,6 +350,7 @@ public class PulsarTestContext implements AutoCloseable {
*/
public Builder configOverride(Consumer<ServiceConfiguration> configOverrideCustomizer) {
this.configOverrideCustomizer = configOverrideCustomizer;
+ this.configOverrideCalled = true;
return this;
}
@@ -521,6 +527,12 @@ public class PulsarTestContext implements AutoCloseable {
if (super.config == null) {
config(svcConfig);
}
+ handlePreallocatePorts(super.config);
+ if (configOverrideCustomizer != null || !configOverrideCalled) {
+ // call defaultOverrideServiceConfiguration if configOverrideCustomizer
+ // isn't explicitly set to null with `.configOverride(null)` call
+ defaultOverrideServiceConfiguration(super.config);
+ }
if (configOverrideCustomizer != null) {
configOverrideCustomizer.accept(super.config);
}
@@ -543,6 +555,37 @@ public class PulsarTestContext implements AutoCloseable {
return super.build();
}
+ protected void handlePreallocatePorts(ServiceConfiguration config) {
+ if (super.preallocatePorts) {
+ config.getBrokerServicePort().ifPresent(portNumber -> {
+ if (portNumber == 0) {
+ config.setBrokerServicePort(Optional.of(PortManager.nextLockedFreePort()));
+ }
+ });
+ config.getBrokerServicePortTls().ifPresent(portNumber -> {
+ if (portNumber == 0) {
+ config.setBrokerServicePortTls(Optional.of(PortManager.nextLockedFreePort()));
+ }
+ });
+ config.getWebServicePort().ifPresent(portNumber -> {
+ if (portNumber == 0) {
+ config.setWebServicePort(Optional.of(PortManager.nextLockedFreePort()));
+ }
+ });
+ config.getWebServicePortTls().ifPresent(portNumber -> {
+ if (portNumber == 0) {
+ config.setWebServicePortTls(Optional.of(PortManager.nextLockedFreePort()));
+ }
+ });
+ registerCloseable(() -> {
+ config.getBrokerServicePort().ifPresent(PortManager::releaseLockedPort);
+ config.getBrokerServicePortTls().ifPresent(PortManager::releaseLockedPort);
+ config.getWebServicePort().ifPresent(PortManager::releaseLockedPort);
+ config.getWebServicePortTls().ifPresent(PortManager::releaseLockedPort);
+ });
+ }
+ }
+
private void initializeCommonPulsarServices(SpyConfig spyConfig) {
if (super.bookKeeperClient == null && super.managedLedgerClientFactory == null) {
if (super.executor == null) {
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
index a632608bf70..cb72c7d42cd 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
@@ -172,7 +172,7 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
// mock: return Broker2 as a Least-loaded broker when leader receives request [3]
doReturn(true).when(loadManager1).isCentralized();
- SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar2.getSafeWebServiceAddress(), null);
+ SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar2.getBrokerId(), null);
doReturn(Optional.of(resourceUnit)).when(loadManager1).getLeastLoaded(any(ServiceUnitId.class));
doReturn(Optional.of(resourceUnit)).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
loadManagerField.set(pulsar.getNamespaceService(), new AtomicReference<>(loadManager1));
@@ -305,7 +305,7 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
// mock: return Broker2 as a Least-loaded broker when leader receives request
doReturn(true).when(loadManager2).isCentralized();
- SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar2.getSafeWebServiceAddress(), null);
+ SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar2.getBrokerId(), null);
doReturn(Optional.of(resourceUnit)).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
loadManagerField.set(pulsar.getNamespaceService(), new AtomicReference<>(loadManager2));
/**** started broker-2 ****/
@@ -485,7 +485,7 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
// request [3]
doReturn(true).when(loadManager1).isCentralized();
doReturn(true).when(loadManager2).isCentralized();
- SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getWebServiceAddressTls(), null);
+ SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getBrokerId(), null);
doReturn(Optional.of(resourceUnit)).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
doReturn(Optional.of(resourceUnit)).when(loadManager1).getLeastLoaded(any(ServiceUnitId.class));
@@ -579,7 +579,7 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
loadManagerField.set(pulsar2.getNamespaceService(), new AtomicReference<>(loadManager2));
// mock: return Broker1 as a Least-loaded broker when leader receives request [3]
doReturn(true).when(loadManager1).isCentralized();
- SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getSafeWebServiceAddress(), null);
+ SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getBrokerId(), null);
doReturn(Optional.of(resourceUnit)).when(loadManager1).getLeastLoaded(any(ServiceUnitId.class));
doReturn(Optional.of(resourceUnit)).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
loadManagerField.set(pulsar.getNamespaceService(), new AtomicReference<>(loadManager1));
@@ -694,7 +694,7 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
loadManagerField.set(pulsar2.getNamespaceService(), new AtomicReference<>(loadManager2));
// mock: return Broker1 as a Least-loaded broker when leader receives request [3]
doReturn(true).when(loadManager1).isCentralized();
- SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getSafeWebServiceAddress(), null);
+ SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getBrokerId(), null);
Optional<ResourceUnit> res = Optional.of(resourceUnit);
doReturn(res).when(loadManager1).getLeastLoaded(any(ServiceUnitId.class));
doReturn(res).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/compaction/CompactionTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/compaction/CompactionTest.java
index 050fc503df2..545dd97675c 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/compaction/CompactionTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/compaction/CompactionTest.java
@@ -1781,9 +1781,9 @@ public class CompactionTest extends MockedPulsarServiceBaseTest {
@SneakyThrows
@Test
public void testHealthCheckTopicNotCompacted() {
- NamespaceName heartbeatNamespaceV1 = NamespaceService.getHeartbeatNamespace(pulsar.getLookupServiceAddress(), pulsar.getConfiguration());
+ NamespaceName heartbeatNamespaceV1 = NamespaceService.getHeartbeatNamespace(pulsar.getBrokerId(), pulsar.getConfiguration());
String topicV1 = "persistent://" + heartbeatNamespaceV1.toString() + "/healthcheck";
- NamespaceName heartbeatNamespaceV2 = NamespaceService.getHeartbeatNamespaceV2(pulsar.getLookupServiceAddress(), pulsar.getConfiguration());
+ NamespaceName heartbeatNamespaceV2 = NamespaceService.getHeartbeatNamespaceV2(pulsar.getBrokerId(), pulsar.getConfiguration());
String topicV2 = heartbeatNamespaceV2.toString() + "/healthcheck";
Producer<byte[]> producer1 = pulsarClient.newProducer().topic(topicV1).create();
Producer<byte[]> producer2 = pulsarClient.newProducer().topic(topicV2).create();
diff --git a/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/BrokerInfo.java b/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/BrokerInfo.java
index 8955fe7a0ac..19e9ff2d15a 100644
--- a/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/BrokerInfo.java
+++ b/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/BrokerInfo.java
@@ -25,9 +25,11 @@ import org.apache.pulsar.common.policies.data.impl.BrokerInfoImpl;
*/
public interface BrokerInfo {
String getServiceUrl();
+ String getBrokerId();
interface Builder {
Builder serviceUrl(String serviceUrl);
+ Builder brokerId(String brokerId);
BrokerInfo build();
}
diff --git a/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/impl/BrokerInfoImpl.java b/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/impl/BrokerInfoImpl.java
index e4d0a68b50a..d77f693c7cd 100644
--- a/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/impl/BrokerInfoImpl.java
+++ b/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/impl/BrokerInfoImpl.java
@@ -31,6 +31,7 @@ import org.apache.pulsar.common.policies.data.BrokerInfo;
@NoArgsConstructor
public final class BrokerInfoImpl implements BrokerInfo {
private String serviceUrl;
+ private String brokerId;
public static BrokerInfoImplBuilder builder() {
return new BrokerInfoImplBuilder();
@@ -38,14 +39,20 @@ public final class BrokerInfoImpl implements BrokerInfo {
public static class BrokerInfoImplBuilder implements BrokerInfo.Builder {
private String serviceUrl;
+ private String brokerId;
public BrokerInfoImplBuilder serviceUrl(String serviceUrl) {
this.serviceUrl = serviceUrl;
return this;
}
+ public BrokerInfoImplBuilder brokerId(String brokerId) {
+ this.brokerId = brokerId;
+ return this;
+ }
+
public BrokerInfoImpl build() {
- return new BrokerInfoImpl(serviceUrl);
+ return new BrokerInfoImpl(serviceUrl, brokerId);
}
}
}
(pulsar) 06/11: [cleanup] Consolidate certs in broker (and some proxy) tests (#20353)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit e1982bc5151d62773b65996ba15c4a58bb5e4de4
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Fri May 19 11:19:14 2023 -0500
[cleanup] Consolidate certs in broker (and some proxy) tests (#20353)
(cherry picked from commit d565c953a7deab1ea93949bfefa44477e51e417f)
---
.../apache/pulsar/broker/admin/AdminApiTest.java | 9 +-
.../pulsar/broker/admin/v1/V1_AdminApiTest.java | 9 +-
.../pulsar/broker/service/BrokerServiceTest.java | 41 +++----
.../apache/pulsar/broker/web/WebServiceTest.java | 30 +++--
.../pulsar/client/api/BrokerServiceLookupTest.java | 44 +++----
.../functions/worker/PulsarFunctionTlsTest.java | 16 ++-
.../resources/authentication/tls/broker-cert.pem | 117 -------------------
.../resources/authentication/tls/broker-key.pem | 27 -----
.../test/resources/authentication/tls/cacert.pem | 127 ---------------------
.../resources/authentication/tls/client-cert.pem | 90 ---------------
.../resources/authentication/tls/client-key.pem | 27 -----
.../src/test/resources/certificate/client.crt | 20 ----
.../src/test/resources/certificate/client.csr | 17 ---
.../src/test/resources/certificate/client.key | 28 -----
.../src/test/resources/certificate/server.crt | 20 ----
.../src/test/resources/certificate/server.csr | 17 ---
.../src/test/resources/certificate/server.key | 28 -----
.../pulsar/client/cli/PulsarClientToolTest.java | 9 +-
.../proxy/server/ProxyServiceTlsStarterTest.java | 16 +--
.../apache/pulsar/proxy/server/ProxyTlsTest.java | 12 +-
.../pulsar/proxy/server/ProxyTlsTestWithAuth.java | 8 +-
21 files changed, 84 insertions(+), 628 deletions(-)
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
index 83f27c3e9d8..5cf95dbdc8c 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
@@ -157,9 +157,6 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
private static final Logger LOG = LoggerFactory.getLogger(AdminApiTest.class);
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/certificate/server.crt";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/certificate/server.key";
-
private MockedPulsarService mockPulsarSetup;
private PulsarService otherPulsar;
@@ -188,8 +185,8 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
conf.setLoadBalancerEnabled(true);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setMessageExpiryCheckIntervalInMinutes(1);
conf.setSubscriptionExpiryCheckIntervalInMinutes(1);
conf.setBrokerDeleteInactiveTopicsEnabled(false);
@@ -206,7 +203,7 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
bundleFactory = new NamespaceBundleFactory(pulsar, Hashing.crc32());
- adminTls = spy(PulsarAdmin.builder().tlsTrustCertsFilePath(TLS_SERVER_CERT_FILE_PATH)
+ adminTls = spy(PulsarAdmin.builder().tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.serviceHttpUrl(brokerUrlTls.toString()).build());
// create otherbroker to test redirect on calls that need
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
index f8614631a9f..63210231fd9 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/v1/V1_AdminApiTest.java
@@ -127,9 +127,6 @@ public class V1_AdminApiTest extends MockedPulsarServiceBaseTest {
private static final Logger LOG = LoggerFactory.getLogger(V1_AdminApiTest.class);
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/certificate/server.crt";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/certificate/server.key";
-
private MockedPulsarService mockPulsarSetup;
private PulsarService otherPulsar;
@@ -147,15 +144,15 @@ public class V1_AdminApiTest extends MockedPulsarServiceBaseTest {
conf.setLoadBalancerEnabled(true);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setNumExecutorThreadPoolSize(5);
super.internalSetup();
bundleFactory = new NamespaceBundleFactory(pulsar, Hashing.crc32());
- adminTls = spy(PulsarAdmin.builder().tlsTrustCertsFilePath(TLS_SERVER_CERT_FILE_PATH)
+ adminTls = spy(PulsarAdmin.builder().tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.serviceHttpUrl(brokerUrlTls.toString()).build());
// create otherbroker to test redirect on calls that need
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
index 57bf3a2a866..10c90fd434d 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
@@ -122,11 +122,6 @@ import org.testng.annotations.Test;
@Test(groups = "broker")
public class BrokerServiceTest extends BrokerTestBase {
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/certificate/server.crt";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/certificate/server.key";
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/certificate/client.crt";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/certificate/client.key";
-
@BeforeClass
@Override
protected void setup() throws Exception {
@@ -681,8 +676,8 @@ public class BrokerServiceTest extends BrokerTestBase {
conf.setAuthenticationEnabled(false);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setNumExecutorThreadPoolSize(5);
restartBroker();
@@ -736,7 +731,7 @@ public class BrokerServiceTest extends BrokerTestBase {
// Case 4: Access with TLS (Use trusted certificates)
try {
pulsarClient = PulsarClient.builder().serviceUrl(brokerUrlTls.toString()).enableTls(true)
- .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(TLS_SERVER_CERT_FILE_PATH)
+ .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(BROKER_CERT_FILE_PATH)
.statsInterval(0, TimeUnit.SECONDS)
.operationTimeout(1000, TimeUnit.MILLISECONDS).build();
@@ -760,8 +755,8 @@ public class BrokerServiceTest extends BrokerTestBase {
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePort(Optional.empty());
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setNumExecutorThreadPoolSize(5);
restartBroker();
@@ -797,15 +792,15 @@ public class BrokerServiceTest extends BrokerTestBase {
conf.setAuthenticationProviders(providers);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(true);
conf.setNumExecutorThreadPoolSize(5);
restartBroker();
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
PulsarClient pulsarClient = null;
@@ -860,15 +855,15 @@ public class BrokerServiceTest extends BrokerTestBase {
conf.setAuthenticationProviders(providers);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(false);
conf.setNumExecutorThreadPoolSize(5);
restartBroker();
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
PulsarClient pulsarClient = null;
@@ -922,16 +917,16 @@ public class BrokerServiceTest extends BrokerTestBase {
conf.setAuthenticationProviders(providers);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(false);
- conf.setTlsTrustCertsFilePath(TLS_CLIENT_CERT_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setNumExecutorThreadPoolSize(5);
restartBroker();
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
PulsarClient pulsarClient = null;
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/web/WebServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/web/WebServiceTest.java
index ca8efe9d1cc..b069d31dc6e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/web/WebServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/web/WebServiceTest.java
@@ -63,6 +63,7 @@ import org.apache.pulsar.common.policies.data.ClusterDataImpl;
import org.apache.pulsar.common.policies.data.TenantInfo;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.pulsar.common.util.SecurityUtility;
+import org.apache.pulsar.utils.ResourceUtils;
import org.asynchttpclient.AsyncHttpClient;
import org.asynchttpclient.BoundRequestBuilder;
import org.asynchttpclient.DefaultAsyncHttpClient;
@@ -84,10 +85,17 @@ public class WebServiceTest {
private PulsarService pulsar;
private String BROKER_LOOKUP_URL;
private String BROKER_LOOKUP_URL_TLS;
- private static final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/certificate/server.crt";
- private static final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/certificate/server.key";
- private static final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/certificate/client.crt";
- private static final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/certificate/client.key";
+
+ private final static String CA_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
+ private final static String BROKER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ private final static String BROKER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ private final static String CLIENT_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
+ private final static String CLIENT_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
@Test
@@ -351,8 +359,8 @@ public class WebServiceTest {
if (useTls) {
KeyManager[] keyManagers = null;
if (useAuth) {
- Certificate[] tlsCert = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
- PrivateKey tlsKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
+ Certificate[] tlsCert = SecurityUtility.loadCertificatesFromPemFile(CLIENT_CERT_FILE_PATH);
+ PrivateKey tlsKey = SecurityUtility.loadPrivateKeyFromPemFile(CLIENT_KEY_FILE_PATH);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
@@ -403,10 +411,10 @@ public class WebServiceTest {
config.setAuthenticationProviders(providers);
config.setAuthorizationEnabled(false);
config.setSuperUserRoles(roles);
- config.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- config.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ config.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ config.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
config.setTlsAllowInsecureConnection(allowInsecure);
- config.setTlsTrustCertsFilePath(allowInsecure ? "" : TLS_CLIENT_CERT_FILE_PATH);
+ config.setTlsTrustCertsFilePath(allowInsecure ? "" : CA_CERT_FILE_PATH);
config.setClusterName("local");
config.setAdvertisedAddress("localhost"); // TLS certificate expects localhost
config.setMetadataStoreUrl("zk:localhost:2181");
@@ -433,8 +441,8 @@ public class WebServiceTest {
serviceUrl = BROKER_URL_BASE_TLS;
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", CLIENT_CERT_FILE_PATH);
+ authParams.put("tlsKeyFile", CLIENT_KEY_FILE_PATH);
adminBuilder.authentication(AuthenticationTls.class.getName(), authParams).allowTlsInsecureConnection(true);
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
index 96995499bf2..3ab5e926054 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
@@ -32,7 +32,6 @@ import com.google.common.collect.Sets;
import com.google.common.util.concurrent.MoreExecutors;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponse;
-import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.prometheus.client.CollectorRegistry;
import java.io.IOException;
import java.io.InputStream;
@@ -43,10 +42,6 @@ import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
@@ -64,10 +59,7 @@ import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import javax.naming.AuthenticationException;
import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
import lombok.Cleanup;
import org.apache.pulsar.broker.BrokerTestUtil;
import org.apache.pulsar.broker.PulsarService;
@@ -438,10 +430,6 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
@Test
public void testWebserviceServiceTls() throws Exception {
log.info("-- Starting {} test --", methodName);
- final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/certificate/server.crt";
- final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/certificate/server.key";
- final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/certificate/client.crt";
- final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/certificate/client.key";
/**** start broker-2 ****/
ServiceConfiguration conf2 = new ServiceConfiguration();
@@ -454,12 +442,15 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
conf2.setWebServicePort(Optional.of(0));
conf2.setWebServicePortTls(Optional.of(0));
conf2.setAdvertisedAddress("localhost");
- conf2.setTlsAllowInsecureConnection(true);
- conf2.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf2.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf2.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ conf2.setTlsRequireTrustedClientCertOnConnect(true);
+ conf2.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf2.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf2.setClusterName(conf.getClusterName());
conf2.setMetadataStoreUrl("zk:localhost:2181");
conf2.setConfigurationMetadataStoreUrl("zk:localhost:3181");
+ // Not in use, and because TLS is not configured, it will fail to start
+ conf2.setSystemTopicEnabled(false);
@Cleanup
PulsarTestContext pulsarTestContext2 = createAdditionalPulsarTestContext(conf2);
@@ -468,10 +459,13 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
// restart broker1 with tls enabled
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsAllowInsecureConnection(true);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ conf.setTlsRequireTrustedClientCertOnConnect(true);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setNumExecutorThreadPoolSize(5);
+ // Not in use, and because TLS is not configured, it will fail to start
+ conf.setSystemTopicEnabled(false);
stopBroker();
startBroker();
pulsar.getLoadManager().get().writeLoadReportOnZookeeper();
@@ -505,18 +499,8 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
final String lookupResourceUrl = "/lookup/v2/topic/persistent/my-property/my-ns/my-topic1";
// set client cert_key file
- KeyManager[] keyManagers = null;
- Certificate[] tlsCert = SecurityUtility.loadCertificatesFromPemFile(TLS_CLIENT_CERT_FILE_PATH);
- PrivateKey tlsKey = SecurityUtility.loadPrivateKeyFromPemFile(TLS_CLIENT_KEY_FILE_PATH);
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
- ks.load(null, null);
- ks.setKeyEntry("private", tlsKey, "".toCharArray(), tlsCert);
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
- kmf.init(ks, "".toCharArray());
- keyManagers = kmf.getKeyManagers();
- TrustManager[] trustManagers = InsecureTrustManagerFactory.INSTANCE.getTrustManagers();
- SSLContext sslCtx = SSLContext.getInstance("TLS");
- sslCtx.init(keyManagers, trustManagers, new SecureRandom());
+ SSLContext sslCtx = SecurityUtility.createSslContext(false, CA_CERT_FILE_PATH,
+ getTlsFileForClient("admin.cert"), getTlsFileForClient("admin.key-pk8"), "");
HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
// hit broker2 url
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionTlsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionTlsTest.java
index a06a504af00..9882b15450e 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionTlsTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/functions/worker/PulsarFunctionTlsTest.java
@@ -54,6 +54,7 @@ import org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactory;
import org.apache.pulsar.functions.runtime.thread.ThreadRuntimeFactoryConfig;
import org.apache.pulsar.functions.sink.PulsarSink;
import org.apache.pulsar.functions.worker.service.WorkerServiceLoader;
+import org.apache.pulsar.utils.ResourceUtils;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
import org.awaitility.Awaitility;
import org.testng.annotations.AfterMethod;
@@ -66,11 +67,16 @@ public class PulsarFunctionTlsTest {
protected static final int BROKER_COUNT = 2;
- private static final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem";
- private static final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem";
- private static final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private static final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
- private static final String CA_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
+ private final String TLS_SERVER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ private final String TLS_SERVER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ private final String TLS_CLIENT_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.cert.pem");
+ private final String TLS_CLIENT_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/client-keys/admin.key-pk8.pem");
+ private final String CA_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
LocalBookkeeperEnsemble bkEnsemble;
protected PulsarAdmin[] pulsarAdmins = new PulsarAdmin[BROKER_COUNT];
diff --git a/pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem b/pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem
deleted file mode 100644
index 8d0a02f2421..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem
+++ /dev/null
@@ -1,117 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 4098 (0x1002)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=US, ST=California, L=Palo Alto, O=Apache Software Foundation, OU=Pulsar, CN=Pulsar CA/emailAddress=dev@pulsar.apache.org
- Validity
- Not Before: Feb 17 17:00:44 2021 GMT
- Not After : Feb 12 17:00:44 2041 GMT
- Subject: C=US, ST=California, O=Apache Software Foundation, OU=Pulsar, CN=localhost/emailAddress=dev@pulsar.apache.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:9b:2a:6f:24:02:23:f7:ff:e6:75:61:ca:07:a8:
- c0:ab:e9:8d:eb:51:2e:64:f7:9e:9b:d4:b4:be:3a:
- fa:f4:6e:c6:92:8f:38:4d:08:cd:89:15:3e:2c:c4:
- 99:6d:cb:58:80:fc:e0:4d:d6:7d:f6:82:ab:0d:94:
- f2:e2:45:c9:d3:15:95:57:0a:6c:86:dc:78:64:3b:
- 34:4b:01:7c:5d:de:4f:d4:21:1a:5d:27:a0:a5:70:
- 7a:2e:02:50:e1:19:b4:b9:05:df:99:0d:8b:cc:62:
- dc:10:73:fa:72:8b:38:7f:d3:56:54:61:50:bb:92:
- ff:09:71:09:c7:bd:04:43:3c:8c:9c:8b:32:d1:05:
- 04:8a:c6:89:d8:78:56:4d:da:2f:f4:ec:34:37:26:
- b5:87:e4:3f:26:c9:41:60:ba:31:10:19:be:f8:0c:
- a4:0a:85:19:59:e2:00:5d:b7:c0:bd:d1:2e:fc:a6:
- 34:8b:85:2a:cc:05:f6:fb:e4:00:e6:74:95:ff:02:
- 6f:43:7f:39:a7:c2:83:8e:5b:38:40:c9:42:c8:bc:
- 26:72:36:35:64:c2:54:22:11:87:e8:65:8f:3d:e9:
- 41:a7:6d:19:88:9a:20:9b:9a:52:e7:d2:cb:b3:e0:
- 2e:8f:c1:56:54:bc:6d:14:30:73:c5:d7:8e:d0:5a:
- 5e:cd
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Cert Type:
- SSL Server
- Netscape Comment:
- OpenSSL Generated Server Certificate
- X509v3 Subject Key Identifier:
- 49:3C:B2:98:30:CE:7F:79:7A:C6:8B:57:CA:24:9F:12:82:1E:5D:EF
- X509v3 Authority Key Identifier:
- keyid:D2:B2:3D:B1:A4:7C:48:4B:36:E1:A7:DE:D8:FC:BA:92:BA:A7:C4:71
- DirName:/C=US/ST=California/L=Palo Alto/O=Apache Software Foundation/OU=Pulsar/CN=Pulsar CA/emailAddress=dev@pulsar.apache.org
- serial:52:7B:B4:00:96:60:B4:26:85:BE:01:82:B8:B8:E2:8C:72:EF:5B:90
-
- X509v3 Key Usage: critical
- Digital Signature, Key Encipherment
- X509v3 Extended Key Usage:
- TLS Web Server Authentication
- Signature Algorithm: sha256WithRSAEncryption
- 0f:bd:af:39:0c:2c:dc:8f:7e:06:0d:27:df:35:c7:8d:5a:03:
- 68:97:f6:dc:d6:d3:39:0e:b4:76:48:7d:e1:1c:a9:4b:83:fa:
- 52:00:ab:28:93:2d:06:76:0c:14:35:3c:f1:8e:3b:af:c8:d0:
- 27:1f:58:d4:71:22:5f:05:a6:9e:73:c6:a5:5e:2a:e6:fb:eb:
- fc:73:52:87:ca:8a:2a:f9:1e:5f:e2:b9:bd:01:27:9f:7c:61:
- a6:97:ad:a0:ab:4e:fb:cc:fa:c8:77:6a:65:1b:ae:60:5e:fb:
- 97:14:8c:40:d7:96:c6:2c:64:59:c0:52:52:7c:2d:98:4b:f4:
- 72:da:83:f7:c6:4f:32:42:ce:df:02:dd:5f:eb:58:42:f9:62:
- a1:9a:05:ef:13:48:27:af:a3:7f:23:eb:e0:dc:1d:8f:96:2a:
- 88:47:f7:e4:75:6f:a9:15:f6:44:f1:6d:39:3a:2c:df:a7:82:
- cc:7e:aa:9c:1c:c0:a7:7d:68:31:4a:4e:21:b8:9f:17:90:4b:
- f1:68:23:ef:a7:53:fc:a9:a8:35:6b:8f:4c:5e:d4:ea:b0:8a:
- 27:9a:86:89:ce:f2:5d:03:35:80:fc:45:e8:87:66:0f:32:b5:
- 2a:f5:1b:79:0e:09:8b:90:40:20:fb:e3:27:8a:c9:92:c1:53:
- 97:10:5a:8c:50:ef:02:46:7e:ec:68:c8:1e:26:66:0e:1d:d6:
- 6c:82:e7:38:14:e8:cb:45:77:29:5f:2c:1a:9d:d7:54:21:8a:
- cf:0f:b7:0c:ae:fe:d6:fb:fb:c3:07:3e:33:df:59:25:1c:73:
- d4:87:73:14:b4:76:16:8a:3f:82:05:7b:42:0a:55:0c:79:24:
- 3c:58:31:3f:e0:3e:9f:4e:d0:0e:fd:77:b7:13:2c:d3:d0:46:
- cc:80:09:0f:50:56:8b:6e:6e:91:b2:5b:c8:2f:4d:86:dc:72:
- 00:de:08:0d:5e:3e:96:1f:12:7d:3b:0d:4d:71:d5:c8:a8:06:
- ba:00:23:ec:10:4c:a4:c3:6f:bc:f0:d7:b1:cf:57:3f:3b:79:
- db:80:87:35:c7:4e:7f:bb:38:30:0a:9f:fe:5a:86:f5:97:ce:
- 24:38:79:fd:a0:dc:0b:82:11:a1:ea:0c:e9:16:65:e0:c0:54:
- 80:ad:6e:55:18:ac:27:35:3a:b0:20:70:62:8e:5d:a2:33:53:
- 8c:ce:f9:ee:a1:27:cb:db:e5:9a:5e:e6:f7:80:93:84:63:04:
- 26:58:ab:23:bb:94:80:d0:a0:55:a2:8a:ed:bc:0f:c3:41:d2:
- 26:a5:b9:8d:8a:45:e8:a1:fc:e8:ee:7a:64:93:ed:d6:ef:a2:
- 51:d7:c9:0a:31:39:35:4a
------BEGIN CERTIFICATE-----
-MIIGPDCCBCSgAwIBAgICEAIwDQYJKoZIhvcNAQELBQAwgaYxCzAJBgNVBAYTAlVT
-MRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlQYWxvIEFsdG8xIzAhBgNV
-BAoMGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMQ8wDQYDVQQLDAZQdWxzYXIx
-EjAQBgNVBAMMCVB1bHNhciBDQTEkMCIGCSqGSIb3DQEJARYVZGV2QHB1bHNhci5h
-cGFjaGUub3JnMB4XDTIxMDIxNzE3MDA0NFoXDTQxMDIxMjE3MDA0NFowgZIxCzAJ
-BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMSMwIQYDVQQKDBpBcGFjaGUg
-U29mdHdhcmUgRm91bmRhdGlvbjEPMA0GA1UECwwGUHVsc2FyMRIwEAYDVQQDDAls
-b2NhbGhvc3QxJDAiBgkqhkiG9w0BCQEWFWRldkBwdWxzYXIuYXBhY2hlLm9yZzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJsqbyQCI/f/5nVhygeowKvp
-jetRLmT3npvUtL46+vRuxpKPOE0IzYkVPizEmW3LWID84E3WffaCqw2U8uJFydMV
-lVcKbIbceGQ7NEsBfF3eT9QhGl0noKVwei4CUOEZtLkF35kNi8xi3BBz+nKLOH/T
-VlRhULuS/wlxCce9BEM8jJyLMtEFBIrGidh4Vk3aL/TsNDcmtYfkPybJQWC6MRAZ
-vvgMpAqFGVniAF23wL3RLvymNIuFKswF9vvkAOZ0lf8Cb0N/OafCg45bOEDJQsi8
-JnI2NWTCVCIRh+hljz3pQadtGYiaIJuaUufSy7PgLo/BVlS8bRQwc8XXjtBaXs0C
-AwEAAaOCAYQwggGAMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZAMDMGCWCG
-SAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2VydGlmaWNhdGUw
-HQYDVR0OBBYEFEk8spgwzn95esaLV8oknxKCHl3vMIHmBgNVHSMEgd4wgduAFNKy
-PbGkfEhLNuGn3tj8upK6p8RxoYGspIGpMIGmMQswCQYDVQQGEwJVUzETMBEGA1UE
-CAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRvMSMwIQYDVQQKDBpBcGFj
-aGUgU29mdHdhcmUgRm91bmRhdGlvbjEPMA0GA1UECwwGUHVsc2FyMRIwEAYDVQQD
-DAlQdWxzYXIgQ0ExJDAiBgkqhkiG9w0BCQEWFWRldkBwdWxzYXIuYXBhY2hlLm9y
-Z4IUUnu0AJZgtCaFvgGCuLjijHLvW5AwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQM
-MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4ICAQAPva85DCzcj34GDSffNceN
-WgNol/bc1tM5DrR2SH3hHKlLg/pSAKsoky0GdgwUNTzxjjuvyNAnH1jUcSJfBaae
-c8alXirm++v8c1KHyooq+R5f4rm9ASeffGGml62gq077zPrId2plG65gXvuXFIxA
-15bGLGRZwFJSfC2YS/Ry2oP3xk8yQs7fAt1f61hC+WKhmgXvE0gnr6N/I+vg3B2P
-liqIR/fkdW+pFfZE8W05Oizfp4LMfqqcHMCnfWgxSk4huJ8XkEvxaCPvp1P8qag1
-a49MXtTqsIonmoaJzvJdAzWA/EXoh2YPMrUq9Rt5DgmLkEAg++MnismSwVOXEFqM
-UO8CRn7saMgeJmYOHdZsguc4FOjLRXcpXywanddUIYrPD7cMrv7W+/vDBz4z31kl
-HHPUh3MUtHYWij+CBXtCClUMeSQ8WDE/4D6fTtAO/Xe3EyzT0EbMgAkPUFaLbm6R
-slvIL02G3HIA3ggNXj6WHxJ9Ow1NcdXIqAa6ACPsEEykw2+88Nexz1c/O3nbgIc1
-x05/uzgwCp/+Wob1l84kOHn9oNwLghGh6gzpFmXgwFSArW5VGKwnNTqwIHBijl2i
-M1OMzvnuoSfL2+WaXub3gJOEYwQmWKsju5SA0KBVoortvA/DQdImpbmNikXoofzo
-7npkk+3W76JR18kKMTk1Sg==
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls/broker-key.pem b/pulsar-broker/src/test/resources/authentication/tls/broker-key.pem
deleted file mode 100644
index ee03e754bee..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls/broker-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAmypvJAIj9//mdWHKB6jAq+mN61EuZPeem9S0vjr69G7Gko84
-TQjNiRU+LMSZbctYgPzgTdZ99oKrDZTy4kXJ0xWVVwpshtx4ZDs0SwF8Xd5P1CEa
-XSegpXB6LgJQ4Rm0uQXfmQ2LzGLcEHP6cos4f9NWVGFQu5L/CXEJx70EQzyMnIsy
-0QUEisaJ2HhWTdov9Ow0Nya1h+Q/JslBYLoxEBm++AykCoUZWeIAXbfAvdEu/KY0
-i4UqzAX2++QA5nSV/wJvQ385p8KDjls4QMlCyLwmcjY1ZMJUIhGH6GWPPelBp20Z
-iJogm5pS59LLs+Auj8FWVLxtFDBzxdeO0FpezQIDAQABAoIBAG9pk63mP49l1kM4
-eQjw2Y9WvslVXBuxVNiNbU4eKW1zUO+RGJrvlC027JLWg1g7pwvPBvu85GspPcsd
-xRxFgfonyDhcSrq2+Vb2z8B/i54W73jgX/69YnMIBSKeFRbcD1C+7+MEv/l8jojd
-zdmLL4FQ7O7fhUl57dgIqz4Y8UOYyyBsPpz3pzJLFEb5rE/ajqmFzyl+dO+8140B
-niQ0+7+tAK0njX8OC0WN844GkO24WPCfWhUFrYGkfLq498eRUCWM2YP2tAJ+Uxnh
-v3K9icDwOX6PJXYlbvNEUCE+t60NoDYHcMpfzUdFEhBYpKadfKE/RFFcu0vAZ+aR
-y24oAuECgYEAyPLYXWIs88pPHQhSf2DAMRref5eeV+XA6Dy/P+z8z0bA7I6X9dl6
-AK6rRKGJl9HI7c/Gky6P10fymopYopNkClXm7SBTLKx0vfjil0U6Mx5ZsfDspE3q
-0o9MJKVgobCxVZlLErU55XzktKwjlv2UvDX7VuxRndqN9qdf+YSMb9kCgYEAxayx
-sOrJcPZVfy3Ohy5CeStF+E2dtfcKB7M7xZxZqykVy+6J1XjXHmp1L7Wpi0ju57Hi
-l2ZqKasHDwtlLOnfSTbvC47hsa1ydnoFTjJBObR1wS43oVkyV0AHid4w81ddOWPC
-H0ZmhvNe7pUxm5crpxsY6hAAraJ4Hej23MOxghUCgYEAip26UvCeQa2U1VogTm3X
-Jgh641kbiVabs5fz9Yzs966+9m+Gs7jJSB81Vap415mHGUTyniTIZKDk4WX9rmgt
-4lNPcNOTjIWKImHFLMQ8WXbeOLkRBGYbThQ7WiwadG8GZR3Rg54vyfZVbawxAL78
-ErjKIDP0OQfCVhsvQVgF6EECgYEAlQ2P+xA/Dv+gHkLjDUmTdBxuKToVZqU9merL
-cklfz9EuD1Tx99ajltq9PFll25IGGw0mB/WAraS5sN1tz/0VkfZrL7LwefKIcc+2
-em0og6OQezcnWXGRpPqx9IJnNMY2lFSlhsGmA7I1bf9vpZvKnbmwAqZIbKUqn5sP
-sg2ZprUCgYEApAVD+9wXfZE/YDHVZX1k6p38ORqjq/04AJkL/LmUW5DL5to1+1KQ
-Q438HzMtYIq7aZyzWmlF6DmyN5mxKKK3yY79p0rvdV74AoT+ucDzM3ge0Md7liCs
-0GwNnDSiPzdau738UoIKc1VbF7dMDL3LzqnfrBUCr7nXRbR3BHHuqws=
------END RSA PRIVATE KEY-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls/cacert.pem b/pulsar-broker/src/test/resources/authentication/tls/cacert.pem
deleted file mode 100644
index 6abfc2d80c1..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls/cacert.pem
+++ /dev/null
@@ -1,127 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- 52:7b:b4:00:96:60:b4:26:85:be:01:82:b8:b8:e2:8c:72:ef:5b:90
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=US, ST=California, L=Palo Alto, O=Apache Software Foundation, OU=Pulsar, CN=Pulsar CA/emailAddress=dev@pulsar.apache.org
- Validity
- Not Before: Feb 17 16:43:44 2021 GMT
- Not After : Feb 12 16:43:44 2041 GMT
- Subject: C=US, ST=California, L=Palo Alto, O=Apache Software Foundation, OU=Pulsar, CN=Pulsar CA/emailAddress=dev@pulsar.apache.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (4096 bit)
- Modulus:
- 00:b1:3c:7d:ab:4a:54:72:37:2a:92:94:0a:66:46:
- af:8c:ed:f4:2e:f3:87:1a:d0:c7:9d:23:35:1b:61:
- 74:69:ca:f7:f5:3e:95:9c:86:f2:21:34:f8:0b:ed:
- 45:76:22:ec:75:52:c0:67:db:2f:ba:da:25:3f:e1:
- 5b:ac:da:15:dd:a5:75:24:b2:12:f0:b0:ce:fd:ab:
- 44:06:a9:09:f6:b0:8e:8f:83:53:16:69:fa:9c:cc:
- 00:fa:dd:13:f3:da:fd:f2:bf:88:8e:c4:f8:1a:6f:
- ab:4d:f8:32:81:80:7e:51:7a:99:2d:94:cd:f3:5d:
- 1c:58:b2:44:f1:96:12:46:56:bd:60:8f:65:32:b7:
- d4:4b:7b:f3:23:88:2d:9b:a4:c4:c9:52:ea:9f:66:
- c1:74:be:4b:91:c6:b9:57:ec:c1:cc:81:bb:03:d5:
- fa:a0:46:4f:9a:a7:3e:3c:27:26:2b:97:eb:69:53:
- 04:75:50:97:d6:0d:90:b1:37:9f:64:df:70:4d:d9:
- b3:e3:b7:cc:76:50:d9:3c:9b:4c:ac:e9:26:2e:cf:
- ac:47:42:14:b7:60:00:0a:de:42:47:66:0c:c7:7a:
- b9:4d:f4:fb:c2:6a:45:78:ec:b0:b4:ce:b3:1f:50:
- 25:96:13:0c:55:0a:e0:d6:76:f7:1f:e1:16:e6:41:
- d6:72:6a:49:17:12:d9:05:8f:dc:56:b6:31:b3:b7:
- 9c:e3:d8:a9:99:8a:1d:3b:9d:d9:59:44:ee:46:88:
- 11:5f:ab:fa:38:a9:8b:d2:23:15:8b:af:1a:de:66:
- ba:7d:51:95:37:94:91:aa:01:01:d7:83:19:4b:5d:
- 8d:f4:18:39:ef:e3:32:d0:62:c8:12:50:4e:91:c2:
- ac:58:73:68:bb:92:20:fc:14:e5:1a:86:bd:40:4c:
- 94:e0:7d:0d:9c:08:57:ae:00:44:38:94:a3:3d:64:
- 99:43:f8:e3:12:90:14:0f:5d:63:e2:c6:07:ea:d0:
- 4c:8e:cf:e0:ae:34:be:86:4f:fc:58:e2:ea:f5:23:
- 82:37:96:02:57:1b:b4:29:ca:fd:68:a0:48:79:e8:
- 31:97:9a:5a:0e:2b:b4:b0:84:bb:57:4e:5f:4f:a7:
- 43:45:97:d7:de:05:fc:2f:6c:3e:f5:53:26:56:a3:
- a5:da:52:69:57:8e:a0:4b:27:50:f9:ad:6e:76:a6:
- 29:cc:06:94:dd:d0:ac:c6:18:22:a0:e2:bb:ed:d5:
- e4:97:f7:ac:23:df:75:30:41:97:07:3f:d3:12:8e:
- c5:a4:ef:ce:40:e8:3b:57:24:19:33:1b:ee:8a:0e:
- dd:0c:70:f2:1a:87:35:d9:71:d8:18:a7:9c:47:db:
- 93:51:c3
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- D2:B2:3D:B1:A4:7C:48:4B:36:E1:A7:DE:D8:FC:BA:92:BA:A7:C4:71
- X509v3 Authority Key Identifier:
- keyid:D2:B2:3D:B1:A4:7C:48:4B:36:E1:A7:DE:D8:FC:BA:92:BA:A7:C4:71
-
- X509v3 Basic Constraints: critical
- CA:TRUE
- X509v3 Key Usage: critical
- Digital Signature, Certificate Sign, CRL Sign
- Signature Algorithm: sha256WithRSAEncryption
- 14:3d:7c:15:86:de:aa:5a:30:5d:d4:f2:bc:5f:10:d2:af:fe:
- 91:d7:ee:f3:b8:5f:ce:e4:c9:b2:01:c3:16:da:66:8e:7e:b1:
- c1:e3:30:ff:1d:73:d0:9c:20:3d:54:32:57:ae:07:80:4a:24:
- 6e:7e:32:a3:e7:23:4d:5c:31:54:8b:c1:1b:c5:bc:20:5d:43:
- 62:93:e0:2e:a7:01:77:39:cf:fd:ec:4c:57:09:4f:2b:ad:ac:
- b6:c0:be:5a:a3:ea:12:ac:5a:7f:60:23:81:bb:9a:fa:5f:7a:
- 67:a9:31:c3:34:af:db:ff:32:22:83:40:c2:7d:2f:39:5e:8a:
- 29:44:73:5f:6e:b4:f4:a2:ae:60:1f:8e:ef:91:9a:49:bb:a6:
- 90:2b:e0:44:95:24:8b:37:90:18:2d:41:32:8a:8e:07:8d:ea:
- 75:62:b8:9c:ec:73:6f:12:54:23:6d:40:00:74:c7:d3:fb:b7:
- 95:06:7d:cc:6d:8e:2c:d0:8b:11:06:8a:b7:43:1a:d7:e9:98:
- f4:c6:ef:ad:2a:75:08:fb:07:8f:20:36:7a:86:1a:cf:f7:d6:
- 96:ad:ed:71:59:d1:81:56:18:8d:98:c2:c0:44:e5:29:7a:7c:
- c0:e3:d7:fb:b8:f5:b2:50:53:8a:cf:38:ff:99:aa:bb:28:51:
- 60:e8:05:91:e1:ee:86:90:90:9b:87:60:63:38:cf:54:a5:82:
- 74:0f:40:b5:d2:6a:c5:a9:98:22:59:4e:fb:a5:81:e2:7b:0e:
- 3f:71:f3:24:17:1e:c5:89:fc:ae:ed:f3:69:65:02:b8:1e:98:
- bc:37:c6:25:36:f8:ca:99:60:8e:13:3b:33:ec:91:b3:eb:04:
- 6d:41:97:3e:35:c0:97:ed:66:12:25:44:23:f3:2e:fa:9c:2e:
- c2:ba:dd:f3:63:d7:5b:b2:72:03:4d:3b:fb:5e:29:d6:5c:02:
- 32:93:47:d1:4c:77:4a:58:c5:aa:81:ab:67:84:80:81:14:28:
- e1:db:11:16:6d:31:50:7a:47:b2:a8:2d:15:a1:c4:63:1b:ce:
- d5:e1:d7:57:dc:1a:71:e0:55:9f:6d:fb:be:e6:99:e8:89:be:
- 2c:e0:19:5e:cd:02:79:52:ee:93:56:9f:dc:d7:de:31:9b:2a:
- c8:91:48:a0:c7:44:7d:72:32:27:c3:2b:d8:e8:6b:94:67:b5:
- 1d:9d:99:25:23:d9:24:b5:ed:4b:f2:18:2d:88:f5:d4:36:bb:
- 53:8c:a8:b1:7f:05:13:d7:8d:89:9d:55:33:90:bc:60:99:cf:
- 05:ba:bd:cb:c5:61:f9:c5:1a:f7:46:9c:40:90:dd:83:aa:7a:
- 1f:ab:5c:10:8d:26:27:1e
------BEGIN CERTIFICATE-----
-MIIGPzCCBCegAwIBAgIUUnu0AJZgtCaFvgGCuLjijHLvW5AwDQYJKoZIhvcNAQEL
-BQAwgaYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRIwEAYDVQQH
-DAlQYWxvIEFsdG8xIzAhBgNVBAoMGkFwYWNoZSBTb2Z0d2FyZSBGb3VuZGF0aW9u
-MQ8wDQYDVQQLDAZQdWxzYXIxEjAQBgNVBAMMCVB1bHNhciBDQTEkMCIGCSqGSIb3
-DQEJARYVZGV2QHB1bHNhci5hcGFjaGUub3JnMB4XDTIxMDIxNzE2NDM0NFoXDTQx
-MDIxMjE2NDM0NFowgaYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh
-MRIwEAYDVQQHDAlQYWxvIEFsdG8xIzAhBgNVBAoMGkFwYWNoZSBTb2Z0d2FyZSBG
-b3VuZGF0aW9uMQ8wDQYDVQQLDAZQdWxzYXIxEjAQBgNVBAMMCVB1bHNhciBDQTEk
-MCIGCSqGSIb3DQEJARYVZGV2QHB1bHNhci5hcGFjaGUub3JnMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAsTx9q0pUcjcqkpQKZkavjO30LvOHGtDHnSM1
-G2F0acr39T6VnIbyITT4C+1FdiLsdVLAZ9svutolP+FbrNoV3aV1JLIS8LDO/atE
-BqkJ9rCOj4NTFmn6nMwA+t0T89r98r+IjsT4Gm+rTfgygYB+UXqZLZTN810cWLJE
-8ZYSRla9YI9lMrfUS3vzI4gtm6TEyVLqn2bBdL5Lkca5V+zBzIG7A9X6oEZPmqc+
-PCcmK5fraVMEdVCX1g2QsTefZN9wTdmz47fMdlDZPJtMrOkmLs+sR0IUt2AACt5C
-R2YMx3q5TfT7wmpFeOywtM6zH1AllhMMVQrg1nb3H+EW5kHWcmpJFxLZBY/cVrYx
-s7ec49ipmYodO53ZWUTuRogRX6v6OKmL0iMVi68a3ma6fVGVN5SRqgEB14MZS12N
-9Bg57+My0GLIElBOkcKsWHNou5Ig/BTlGoa9QEyU4H0NnAhXrgBEOJSjPWSZQ/jj
-EpAUD11j4sYH6tBMjs/grjS+hk/8WOLq9SOCN5YCVxu0Kcr9aKBIeegxl5paDiu0
-sIS7V05fT6dDRZfX3gX8L2w+9VMmVqOl2lJpV46gSydQ+a1udqYpzAaU3dCsxhgi
-oOK77dXkl/esI991MEGXBz/TEo7FpO/OQOg7VyQZMxvuig7dDHDyGoc12XHYGKec
-R9uTUcMCAwEAAaNjMGEwHQYDVR0OBBYEFNKyPbGkfEhLNuGn3tj8upK6p8RxMB8G
-A1UdIwQYMBaAFNKyPbGkfEhLNuGn3tj8upK6p8RxMA8GA1UdEwEB/wQFMAMBAf8w
-DgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAUPXwVht6qWjBd1PK8
-XxDSr/6R1+7zuF/O5MmyAcMW2maOfrHB4zD/HXPQnCA9VDJXrgeASiRufjKj5yNN
-XDFUi8EbxbwgXUNik+AupwF3Oc/97ExXCU8rray2wL5ao+oSrFp/YCOBu5r6X3pn
-qTHDNK/b/zIig0DCfS85XoopRHNfbrT0oq5gH47vkZpJu6aQK+BElSSLN5AYLUEy
-io4Hjep1Yric7HNvElQjbUAAdMfT+7eVBn3MbY4s0IsRBoq3QxrX6Zj0xu+tKnUI
-+wePIDZ6hhrP99aWre1xWdGBVhiNmMLAROUpenzA49f7uPWyUFOKzzj/maq7KFFg
-6AWR4e6GkJCbh2BjOM9UpYJ0D0C10mrFqZgiWU77pYHiew4/cfMkFx7Fifyu7fNp
-ZQK4Hpi8N8YlNvjKmWCOEzsz7JGz6wRtQZc+NcCX7WYSJUQj8y76nC7Cut3zY9db
-snIDTTv7XinWXAIyk0fRTHdKWMWqgatnhICBFCjh2xEWbTFQekeyqC0VocRjG87V
-4ddX3Bpx4FWfbfu+5pnoib4s4BlezQJ5Uu6TVp/c194xmyrIkUigx0R9cjInwyvY
-6GuUZ7UdnZklI9kkte1L8hgtiPXUNrtTjKixfwUT142JnVUzkLxgmc8Fur3LxWH5
-xRr3RpxAkN2Dqnofq1wQjSYnHg==
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls/client-cert.pem b/pulsar-broker/src/test/resources/authentication/tls/client-cert.pem
deleted file mode 100644
index 45f3cde215f..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls/client-cert.pem
+++ /dev/null
@@ -1,90 +0,0 @@
-Certificate:
- Data:
- Version: 1 (0x0)
- Serial Number: 4097 (0x1001)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=US, ST=California, L=Palo Alto, O=Apache Software Foundation, OU=Pulsar, CN=Pulsar CA/emailAddress=dev@pulsar.apache.org
- Validity
- Not Before: Feb 17 16:56:55 2021 GMT
- Not After : Feb 12 16:56:55 2041 GMT
- Subject: C=US, ST=California, O=Apache Software Foundation, OU=Pulsar, CN=admin/emailAddress=dev@pulsar.apache.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:ab:61:f5:12:b1:e1:ae:19:01:3e:59:4a:c6:ca:
- 00:0c:96:e8:76:3a:83:20:d9:af:3a:e1:11:20:12:
- e0:e4:d0:70:8f:4b:7b:af:e1:89:ef:9b:c5:a9:c2:
- ed:ae:24:8d:bb:42:6e:ec:59:11:3f:f5:63:59:61:
- 18:9f:70:b6:76:88:e2:ca:79:15:cc:fb:9c:5e:5c:
- bb:a1:d7:f0:d8:11:d4:17:34:1e:81:7e:0b:0e:05:
- be:5d:fa:d6:46:af:e1:95:d8:a0:5d:c5:2f:d9:a9:
- 8f:69:64:49:95:f7:42:16:6a:84:2b:2e:af:91:73:
- 3d:b6:d4:44:56:9a:61:43:49:15:22:ae:90:5d:04:
- 29:90:4e:b2:41:34:73:3e:a2:48:05:1c:bc:8e:1b:
- 0b:c1:d5:df:56:32:40:e9:91:a2:7b:de:31:2b:67:
- f1:8e:d6:c5:c0:87:57:70:29:f9:af:db:57:a0:2e:
- 8c:30:0a:a7:47:39:33:4c:d7:2d:32:aa:48:29:bd:
- c4:48:c5:58:52:07:c4:99:b1:cc:66:da:ac:28:4d:
- c1:bc:1f:44:3f:a3:63:61:bd:ff:48:61:76:04:b2:
- 7d:1c:6e:9c:ee:82:bb:f7:60:1c:7a:a0:98:be:2d:
- 70:43:2f:64:bf:d2:0f:20:25:f7:c7:7d:70:05:b8:
- 2e:bf
- Exponent: 65537 (0x10001)
- Signature Algorithm: sha256WithRSAEncryption
- 1c:31:b8:0f:a1:03:28:a0:da:31:ec:34:ce:e0:fd:01:99:9d:
- 9b:ad:f8:03:5d:20:85:18:de:ca:b5:ea:61:c9:3b:65:42:9c:
- e5:21:73:d2:06:41:4b:a9:3a:fb:7f:ff:45:f3:5a:4a:ab:5a:
- 86:cd:57:6a:5f:13:c0:ae:7e:ad:5c:6e:c3:c4:e7:b7:d3:14:
- bf:86:fe:f2:d1:70:0e:fc:98:50:a7:fe:53:62:5a:2d:f5:63:
- 2c:ee:4a:7c:dd:32:3e:d1:52:3a:1f:15:38:4b:2a:4a:ee:27:
- a9:d8:92:a8:33:92:83:c9:3a:09:5a:01:66:0e:68:da:8f:82:
- c0:18:cc:78:ea:c5:db:09:7c:2f:61:c3:51:f8:58:7a:27:d7:
- 92:c0:ff:f8:29:d7:a0:e9:54:17:8d:48:a8:ff:5e:92:ee:81:
- 6c:37:90:1c:93:28:8c:d2:f5:b1:20:96:d3:1d:0f:c0:7f:db:
- 0c:6d:65:7f:3a:55:e5:c9:9a:ad:09:91:a5:57:cb:fc:bf:df:
- 69:bd:6b:87:94:5b:d0:cf:3b:8b:48:41:3d:56:b6:1d:3f:e7:
- f6:b6:58:f7:54:2a:dd:da:60:68:db:9b:70:04:8b:19:c3:44:
- bf:1d:b4:28:b9:f8:ea:ad:d3:1a:6e:64:72:b1:61:6a:f3:e1:
- d4:68:56:7b:0e:ad:4c:53:1e:d2:2e:1c:bc:b7:82:59:af:65:
- d2:fd:ef:89:7c:34:8f:51:a1:4e:9d:7e:dc:c7:97:68:ea:aa:
- e5:67:ed:be:dc:38:74:0e:c3:6f:fd:08:62:54:d8:1f:15:d1:
- 25:fc:21:f6:8c:f9:2f:65:5e:07:b9:e9:56:ba:48:14:5c:0d:
- 18:ba:f8:83:54:5b:b6:27:0c:36:2c:20:29:9c:c2:68:c5:3a:
- 0f:a5:d6:5f:7c:aa:f9:a6:2a:2b:69:c5:b1:39:e7:1c:02:31:
- 5b:f5:82:de:c9:4e:8d:33:dc:94:02:44:0a:44:95:75:7b:a1:
- e7:ee:92:fc:35:93:73:8c:22:c1:32:ea:39:17:ca:d0:87:fc:
- 4d:8e:04:f8:59:66:d3:14:3f:59:ad:76:14:20:16:7b:77:4f:
- 94:58:f8:85:5c:ba:b3:69:ed:7f:75:54:9a:1a:88:21:5d:04:
- 57:87:85:e2:d4:0e:1b:61:7f:5d:36:dc:72:a1:9d:0b:c8:ce:
- 19:69:49:fa:1b:bb:3f:3d:1b:4d:81:42:95:4e:d8:0b:04:d1:
- 08:6d:15:b3:ae:52:41:12:ff:e1:90:c4:7d:52:88:55:8b:87:
- 83:06:48:8b:fc:3a:a7:47:0e:6c:a8:4c:9e:b0:aa:da:50:f5:
- 97:97:98:3e:9d:18:ef:43
------BEGIN CERTIFICATE-----
-MIIEqzCCApMCAhABMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYDVQQGEwJVUzETMBEG
-A1UECAwKQ2FsaWZvcm5pYTESMBAGA1UEBwwJUGFsbyBBbHRvMSMwIQYDVQQKDBpB
-cGFjaGUgU29mdHdhcmUgRm91bmRhdGlvbjEPMA0GA1UECwwGUHVsc2FyMRIwEAYD
-VQQDDAlQdWxzYXIgQ0ExJDAiBgkqhkiG9w0BCQEWFWRldkBwdWxzYXIuYXBhY2hl
-Lm9yZzAeFw0yMTAyMTcxNjU2NTVaFw00MTAyMTIxNjU2NTVaMIGOMQswCQYDVQQG
-EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEjMCEGA1UECgwaQXBhY2hlIFNvZnR3
-YXJlIEZvdW5kYXRpb24xDzANBgNVBAsMBlB1bHNhcjEOMAwGA1UEAwwFYWRtaW4x
-JDAiBgkqhkiG9w0BCQEWFWRldkBwdWxzYXIuYXBhY2hlLm9yZzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKth9RKx4a4ZAT5ZSsbKAAyW6HY6gyDZrzrh
-ESAS4OTQcI9Le6/hie+bxanC7a4kjbtCbuxZET/1Y1lhGJ9wtnaI4sp5Fcz7nF5c
-u6HX8NgR1Bc0HoF+Cw4Fvl361kav4ZXYoF3FL9mpj2lkSZX3QhZqhCsur5FzPbbU
-RFaaYUNJFSKukF0EKZBOskE0cz6iSAUcvI4bC8HV31YyQOmRonveMStn8Y7WxcCH
-V3Ap+a/bV6AujDAKp0c5M0zXLTKqSCm9xEjFWFIHxJmxzGbarChNwbwfRD+jY2G9
-/0hhdgSyfRxunO6Cu/dgHHqgmL4tcEMvZL/SDyAl98d9cAW4Lr8CAwEAATANBgkq
-hkiG9w0BAQsFAAOCAgEAHDG4D6EDKKDaMew0zuD9AZmdm634A10ghRjeyrXqYck7
-ZUKc5SFz0gZBS6k6+3//RfNaSqtahs1Xal8TwK5+rVxuw8Tnt9MUv4b+8tFwDvyY
-UKf+U2JaLfVjLO5KfN0yPtFSOh8VOEsqSu4nqdiSqDOSg8k6CVoBZg5o2o+CwBjM
-eOrF2wl8L2HDUfhYeifXksD/+CnXoOlUF41IqP9eku6BbDeQHJMojNL1sSCW0x0P
-wH/bDG1lfzpV5cmarQmRpVfL/L/fab1rh5Rb0M87i0hBPVa2HT/n9rZY91Qq3dpg
-aNubcASLGcNEvx20KLn46q3TGm5kcrFhavPh1GhWew6tTFMe0i4cvLeCWa9l0v3v
-iXw0j1GhTp1+3MeXaOqq5Wftvtw4dA7Db/0IYlTYHxXRJfwh9oz5L2VeB7npVrpI
-FFwNGLr4g1RbticMNiwgKZzCaMU6D6XWX3yq+aYqK2nFsTnnHAIxW/WC3slOjTPc
-lAJECkSVdXuh5+6S/DWTc4wiwTLqORfK0If8TY4E+Flm0xQ/Wa12FCAWe3dPlFj4
-hVy6s2ntf3VUmhqIIV0EV4eF4tQOG2F/XTbccqGdC8jOGWlJ+hu7Pz0bTYFClU7Y
-CwTRCG0Vs65SQRL/4ZDEfVKIVYuHgwZIi/w6p0cObKhMnrCq2lD1l5eYPp0Y70M=
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls/client-key.pem b/pulsar-broker/src/test/resources/authentication/tls/client-key.pem
deleted file mode 100644
index e12697c966a..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls/client-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEoQIBAAKCAQEAq2H1ErHhrhkBPllKxsoADJbodjqDINmvOuERIBLg5NBwj0t7
-r+GJ75vFqcLtriSNu0Ju7FkRP/VjWWEYn3C2dojiynkVzPucXly7odfw2BHUFzQe
-gX4LDgW+XfrWRq/hldigXcUv2amPaWRJlfdCFmqEKy6vkXM9ttREVpphQ0kVIq6Q
-XQQpkE6yQTRzPqJIBRy8jhsLwdXfVjJA6ZGie94xK2fxjtbFwIdXcCn5r9tXoC6M
-MAqnRzkzTNctMqpIKb3ESMVYUgfEmbHMZtqsKE3BvB9EP6NjYb3/SGF2BLJ9HG6c
-7oK792AceqCYvi1wQy9kv9IPICX3x31wBbguvwIDAQABAoIBAQCcwbSPrPRncaeZ
-h8LFoO36le16dnqKCZIloMcxNxNNNvo9lyVC8mBgMXLSm+Eab4TTyyf6Nl14ytJc
-ZltHOqkqMnp+B9LQ8zNLfDaDCijY+TWtI5bjio5B/S7qdwyXCzii/slv+3SQ+m6a
-T4ifCtH//t11QfaEa4v/NphrPjnIeAgB681bk8nKdRop84ar+51lgbHoAza+wv+8
-e+aK3Od8r4yD19ZoPiMg0o4t2cEi8kupVgjsuZVtcvF9Q6QLYV17BFYEHqYjcr18
-N1EJ96f2FLO6cwEM+cG4n8gHjfDGRcDlhT9Cum1kDpg4J88auVUXnrDyi5Dcv1Pz
-6EC+ZmXBAoGBAOHUSUDMkbEePKDaM3Z+4jLqZWc3UZhxQLnqg5l7phdQ6iSogQX9
-1LpZCJ+lOMTHBCnaTCoQpuSHgYgraVkD4KG6nzC423oDesd/xNvlfW3TRsmwZWbL
-khdcdBSoVy3Kbv1v8kxw0NlcR68qo1XYfmFCAITcFHdxDz/jGStydlR9AoGBAMJH
-gyPenL595X8t47R93rkGOIx5cVf5YrDIZCByp4K44Tf9OqZHbky7jSPSSbur10mI
-pypRq5EcZ/cudU4w4gGaMauczt5Dgvlqd3T+GTZY3jO8bxi66gvzYTbigAxaJWcY
-Uafiv5W9ldRKsY3pyCL8ubg38Ed2cSaS2wGd/SDrAn8NO2MPaO0gc6UZx688QjL+
-yL0oTxV42Snxusv7MkOJGjSd8UGeGEFeqdjXgdbRsNeNnDzaOh+NRGNSlziU/qUq
-1MR/FlXF0G5hQhtGxyuSQ87iAnPukf79X21tyG9TP4lBUE3iLLoQAlgw606muQiu
-qi9dmYeZeAZst+HBqfNFAoGADg6qmH/VC5uEbY1eeoLZCL5AfTmUT+9FitEVHZvu
-LvE9qpVyFvH4Mykm7z6aAzBN5Y4zukYqiddqVmJQLpYu5DrJ+UbhWQe9hFqFxjtU
-i7Amc8vgpgNwR+kWUahV547mQe1qiyFHB4iuPKwi6MfPqWhr775sbl9NlKLvodBS
-rn0CgYBDrLH6ehNV/RnJIVZYQD6YcocYdYFy4u76mCYKmEP57XmstZHZXQgiRwbK
-Oy2Yg/qieKtSMjstgHFK6ZNYIR37l9J9Lh9aeal61+wW2dsGEy29Rhg01FpvKReq
-wCHz3tneUyaOhq9m0gKMOpWYcO+FBX1/2K5Gwj8FgEpu9r2b3w==
------END RSA PRIVATE KEY-----
diff --git a/pulsar-broker/src/test/resources/certificate/client.crt b/pulsar-broker/src/test/resources/certificate/client.crt
deleted file mode 100644
index 2d7d156866a..00000000000
--- a/pulsar-broker/src/test/resources/certificate/client.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDVjCCAj4CCQCtw/UnTFDT7DANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJB
-VTETMBEGA1UECAwKU29tZS1TdGF0ZTEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MSEw
-HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBmNsaWVu
-dDAeFw0xNjA2MjAwMTQ1NDZaFw0yNjA2MTgwMTQ1NDZaMG0xCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIDApTb21lLVN0YXRlMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxITAf
-BgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGY2xpZW50
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQV5F3Au9FWXIYPdWqiX
-Rk5gdVmVkDuuFK4ZoOd8inoJpB3PPkpmpgoVkKQHDFhgx3ODGWIUgo+n6QDsJxY4
-ygHfVeggQgek8iUfteYVsIcHS0bjkhIij/3ihC301FkiqbrV069oLvUXLKcv3zxG
-mdBAiz0k4xGZhFieVRvQCLY9syUUxmQ/3Cv42lDY8a1gTw4CRRx/hCfDvXCKhOT4
-bMwUIDZfHB3JoDh3Thp8FLz0nTrRF75mSQJ/OdcafIm0Xoz2Otp/CSxLS+U1lLvG
-05crWTDe0om7NW4mK4CqGCFq5gUw7eIzaeO7Q5Qez9XGTMzkgIDTMvNYGGEeJhhm
-NQIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQAKXy4g6hljY5MpO8mbZh+uJHq6NEUs
-4dr7OKDDWc39AROZsGf2eFUmHOjmRSw7VHpguGKI+rFRELVffpg/VvMh5apu+DBf
-jhxtDNceAyh5uugPNUJHXyeikBDYW8bAzUU3DmMldPkTZWcGjurmyhDQ1TtK2YJe
-RMFBXw5aAzdJMNi6OfXDH/ZX32hrb482yghDZj+ndnm0FefmLbFTQRMF8/fIHb1W
-kqNHwIaapZwH6j/MJy/TRFYcJunrBUYT9zVjY46k3GU0ex/Bn7T4pg9gzgFGZJhn
-jQQFKliIC84thCzdlPkrLduLY8tmlDKpLXatbEQ+s1MmNOURm6irPp6g
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/certificate/client.csr b/pulsar-broker/src/test/resources/certificate/client.csr
deleted file mode 100644
index e01f33ef073..00000000000
--- a/pulsar-broker/src/test/resources/certificate/client.csr
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICsjCCAZoCAQAwbTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
-FTATBgNVBAcMDERlZmF1bHQgQ2l0eTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMQ8wDQYDVQQDDAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCpBXkXcC70VZchg91aqJdGTmB1WZWQO64Urhmg53yKegmkHc8+
-SmamChWQpAcMWGDHc4MZYhSCj6fpAOwnFjjKAd9V6CBCB6TyJR+15hWwhwdLRuOS
-EiKP/eKELfTUWSKputXTr2gu9Rcspy/fPEaZ0ECLPSTjEZmEWJ5VG9AItj2zJRTG
-ZD/cK/jaUNjxrWBPDgJFHH+EJ8O9cIqE5PhszBQgNl8cHcmgOHdOGnwUvPSdOtEX
-vmZJAn851xp8ibRejPY62n8JLEtL5TWUu8bTlytZMN7Sibs1biYrgKoYIWrmBTDt
-4jNp47tDlB7P1cZMzOSAgNMy81gYYR4mGGY1AgMBAAGgADANBgkqhkiG9w0BAQUF
-AAOCAQEAk3eueaq/gonBzKH75oWHlqPbMZQFk4NXqx8h24ZfkCzPEFPyDM+jdQxv
-8vDtyWq+fizqAQmGrM7WPHgnTbmZyovfmwuKwtTlkD/8t7XpTmm9fYspbL4WzdP1
-y8/Vug09te+rni+v+kjk5b9IceEy6kLvXuzirE6c4LunAm+thrr5gWmsx1pyDiq7
-W2M15UZrm/paaCg6cVaMFdXCRZP+g1P4NcgDUe2TyFbLlhOJNtX3DJRZWEhrkEYK
-mRz2tJuiuitCzheAgRrFXepRagHKYffNSas1n/2kIc9QpZ8654kxsAzEwL7CnHd/
-SHbMS9dfP+uM6DACwcvngSOBMJ9KMg==
------END CERTIFICATE REQUEST-----
diff --git a/pulsar-broker/src/test/resources/certificate/client.key b/pulsar-broker/src/test/resources/certificate/client.key
deleted file mode 100644
index 34fc701c525..00000000000
--- a/pulsar-broker/src/test/resources/certificate/client.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCpBXkXcC70VZch
-g91aqJdGTmB1WZWQO64Urhmg53yKegmkHc8+SmamChWQpAcMWGDHc4MZYhSCj6fp
-AOwnFjjKAd9V6CBCB6TyJR+15hWwhwdLRuOSEiKP/eKELfTUWSKputXTr2gu9Rcs
-py/fPEaZ0ECLPSTjEZmEWJ5VG9AItj2zJRTGZD/cK/jaUNjxrWBPDgJFHH+EJ8O9
-cIqE5PhszBQgNl8cHcmgOHdOGnwUvPSdOtEXvmZJAn851xp8ibRejPY62n8JLEtL
-5TWUu8bTlytZMN7Sibs1biYrgKoYIWrmBTDt4jNp47tDlB7P1cZMzOSAgNMy81gY
-YR4mGGY1AgMBAAECggEAcJj3yVhvv0/BhY8+CCYl2K1f7u1GCLbpSleNNTbhLbMM
-9yrwo/OWnGg9Y4USOPQrTNOz81X2id+/oSZ/K67PGCvVJ3qi+rny9WkrzdbAfkAF
-6O0Jr4arRbeBjkK7Rjc3M1EHH6VLx3R5AsNBzfpuogss5FVQXICd/5+1oscLeLEx
-/Fn+51IEn9FUg5vr7ElG51f+zPxexcWHLNoqGjTEIGGtI8/CfTzD9tBV4sIjf/Nc
-Zzfs9XYrChfcrS0U1zDa+L7c5gYfoN6M08sBiuZlhyyO9wgzPlp+XnsrSFv6hUta
-0scjAbN4bh+orQn6zgFN/sjkQnraWXW7pKFLyTR/IQKBgQDVju4IbhE9XRweNgXi
-s3BuGV+HsuFffEf0904/zCuCUcScGb5WCz5+KtlFJ//YxfocHVZajH+4GdCGbWim
-m+H3XvRpWgfK/aBNOXu5ueLbnPYyPjTrcpKRsomeoiV+Jz1tv5PQElwzCiCzVvQf
-fMyhQT16YIsFQAGJzQMBEHWODQKBgQDKnKps3sKSR3ycUtIxCVXUir7p52qst0Pm
-bPO8JrcRKZP2z8MJB96+DcQFzrxj7t5DDktkYEsFOPPuIeUsYXsY+MKHs4hEQVCz
-hpDJJNQ8s+SV8TLzKpinZEmLIjslLbn2rQrpqybPg84VxqX3qqM8IrXhMf77aGj6
-QHqvQwHWyQKBgQDF1RVO+9++j82ncvY6z22coKath5leIjxqgtqbISFBJUxUK0j2
-Xo4yxLDnbqmE/8m1V7wSP8tlGYzhquLiTM+kn/Mc0Ukc0503TMQABmJQfXRYkOXn
-IwkCLXltWdoPpnwyeeGNRCTjJ0OpvyiBLtRFobE498xxPZzvMdrRlpS/1QKBgQCo
-wmMleUnBQ2/kWQugMnFeLg6kjs+IesFAnYFKN0kGL4aB7j06OWbrEFY0rCS4bA6O
-9coQGjCCchSjRXI4TB2XCCQnmX8nsuuADNZt45Iv2XrM9XEFn3Y0/tBO5j0zU2nw
-r+NGC/uwns050BMPPf7mqNarctQ6HZZK0wgdEQfoGQKBgC+pbkQv9cn68TsiaJ3w
-tvNRTXCIAAH4Vtn9Cp+63ao+kXn94BJqQF99i58kJpG4ol6wbCHUoC6fHgxUh5HB
-JB0HjC2eCMgn4acAQg0sPW6l35KX36yYxtrL7eosB/yBYum0XAwmboNjEhlCZkOs
-YOpSsn61g7xqqrt40Spb5vUn
------END PRIVATE KEY-----
diff --git a/pulsar-broker/src/test/resources/certificate/server.crt b/pulsar-broker/src/test/resources/certificate/server.crt
deleted file mode 100644
index 59b651be2a4..00000000000
--- a/pulsar-broker/src/test/resources/certificate/server.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDLjCCAhYCCQDn/Yvym+FMsDANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJB
-VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
-cyBQdHkgTHRkMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTYwNjEzMjIyMTQ2WhcN
-MjYwNjExMjIyMTQ2WjBZMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0
-ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRIwEAYDVQQDEwls
-b2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs29IuzZvk
-OGUkS/wqKzd/h2esqjCSjw4SLLbeh1GA3UEvh1k9+eRiYwJG1yCOHmcsp4A8Du99
-8xbgeihpWWw7pjL5VVky3ciuvHyz1Cc6bKRps/GzVJBwFP0gzHnK8bUM86U52yGT
-1DepD/Y2lURy0igdVcAMjGweMwoTmiaVcwZexfYuEef+jz3fmpmOwP9rboIA9rQr
-mTbLzzkbAwZXdl+bRvIefIjIazIzTOs8tJWrhFaTJUgBhhLjFIwTdpS+n+FqOu8J
-92K+PvKjIeJ3kmnZyRHK7uidlAn0g/DK+co1sX3zORPCWeg21K+/vVHTj91zARNb
-O9hVS4bqqsw9AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBACE0WBuTbHcPtYKv2ZMS
-mYk9jvtAhmWHQ6tNqV8CmS2AsrzZdWglGaqIRsm5slkD2BGeQS+BesTArUuENTmP
-r9kJSecdiiB8aWtLbhoCSH3QR6IW/b5UVl6sR5OIh7SkNTjMSUSDnMEVLNGyKZGS
-gCGVbDf3n5KhOTnwqguELRykynKFt2LVksBia9+88lUtiRHpbyClo/KVWltJlaww
-PT0WEpwqVUcHmwrR3MTzJDEPvIplSgxdaDmFGYS1YKm9T/wQd+t/0DbXMmfJXBbd
-FVUnB6o7qJVU9N2Tbaj9NbCtwz5nTZG4A5kRXWHVjZsn5WzLuS/me3rDXjwlfB2p
-ipY=
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/certificate/server.csr b/pulsar-broker/src/test/resources/certificate/server.csr
deleted file mode 100644
index 8782222c5ab..00000000000
--- a/pulsar-broker/src/test/resources/certificate/server.csr
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIICnjCCAYYCAQAwWTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAxMJbG9j
-YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNvSLs2b5Dhl
-JEv8Kis3f4dnrKowko8OEiy23odRgN1BL4dZPfnkYmMCRtcgjh5nLKeAPA7vffMW
-4HooaVlsO6Yy+VVZMt3Irrx8s9QnOmykabPxs1SQcBT9IMx5yvG1DPOlOdshk9Q3
-qQ/2NpVEctIoHVXADIxsHjMKE5omlXMGXsX2LhHn/o8935qZjsD/a26CAPa0K5k2
-y885GwMGV3Zfm0byHnyIyGsyM0zrPLSVq4RWkyVIAYYS4xSME3aUvp/hajrvCfdi
-vj7yoyHid5Jp2ckRyu7onZQJ9IPwyvnKNbF98zkTwlnoNtSvv71R04/dcwETWzvY
-VUuG6qrMPQIDAQABoAAwDQYJKoZIhvcNAQEFBQADggEBAEPHySnpf3E/7tZsiDka
-rqdB/sU7fdqjyV0iy0cuKQkU8WYrsE7bHkqMYc8CiIDfWhIGW5Jnzups2O6eH0Sx
-2BS21ARFiNGC1UfY1HSV2zrTNh3RqQa3YsXzv9vvdQ/gjsqGDuGDIc1yAA+Ytdja
-3rhIzEVqBhiLzg+M2+gW1zs+Kqj0Zo0pLB2uqhdZJmjxBb2FCli50vCVEhqIS3RO
-KTE+AJfxThWIeahFyVaskaEGkS6NVr2JihV0elbKolH19k2UzRTVn7p3Ixh5ojuW
-gtU/90vOy/SDkSRmCWMqgkUKJ2oeImleHdrvwNyrzvrLWRAz6R5yGQJwji9kKpHD
-FK0=
------END CERTIFICATE REQUEST-----
diff --git a/pulsar-broker/src/test/resources/certificate/server.key b/pulsar-broker/src/test/resources/certificate/server.key
deleted file mode 100644
index 6da70f5aec3..00000000000
--- a/pulsar-broker/src/test/resources/certificate/server.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCs29IuzZvkOGUk
-S/wqKzd/h2esqjCSjw4SLLbeh1GA3UEvh1k9+eRiYwJG1yCOHmcsp4A8Du998xbg
-eihpWWw7pjL5VVky3ciuvHyz1Cc6bKRps/GzVJBwFP0gzHnK8bUM86U52yGT1Dep
-D/Y2lURy0igdVcAMjGweMwoTmiaVcwZexfYuEef+jz3fmpmOwP9rboIA9rQrmTbL
-zzkbAwZXdl+bRvIefIjIazIzTOs8tJWrhFaTJUgBhhLjFIwTdpS+n+FqOu8J92K+
-PvKjIeJ3kmnZyRHK7uidlAn0g/DK+co1sX3zORPCWeg21K+/vVHTj91zARNbO9hV
-S4bqqsw9AgMBAAECggEAd/LuDeZFZ/+uR5qmuAhXMZqfWZSbsges5vW6S/6wkvB1
-vGp6heQzFAbKXKgJgjUcuULeXE6s58RYuppqEnin/1hcBOKxy/dUu9Q14H+2XPdo
-u6TPcvaaZ/xYjnr1hNtnHD6yB8zEpxVbLmjSHJxF7Dti9MA9TTfgCrC2LFYKsicD
-/5AQyHuwpHyTL3Iiwv4Qtks/SD2a3fu8lD0yTQwA/hY6/0ieXxXd9tZV5a6GSA0P
-nieol1byfuX7Q5fb8ggPd9u9K1mVZTBRKiE5w+uU4Ic2IkBmZX5ZuRS+vFplpLsY
-YpFPvzFmpNkpK2SdYjJ+V4tkJsFHmOaFRgW/0QB2DQKBgQDeQMSZBQlPUrgRdWHN
-OyvTcrSvXzg5DbaIj39tgdNZ6PYns/thD0n707KGRJOChIyYiiKxLxzLWdPUxqQO
-rNLUV9IkMVc/QZR8RUqGc2BxmPOxAprhzeOhLsyqP/sgtxRHAnLqmkXuHYoxvTZ6
-LFCRCZBpEJrutGxl3s/x+sfkuwKBgQDHGwnSmvArpL8ZY1dV4xKNkxifCBnNmqAl
-TKHPW3odN9nkMECEt1XUIioUUKXUsiAZNp5xa/v1DEyJ4f2T20QKcAGbS18b1M5W
-axIoH3IhyLo74tuo0fthgq5bzypfFOlIjo7F9mpEky/461RWmoNAAlp9+FkDi48C
-KwjAk39/ZwKBgQDXFJqs8sDFsOlMi+nvsHmDERhmNqG0JN8mXKgWk3KzKc09MuHs
-Vd1lBMNZSHfv8NIWtGdKTKty5yUmXm1ZfkoxECPevpkOMCq/8FZksrb8d+YswLae
-Gp9U1nNdtrkSOdo3tdj7y/wsqQ2ZgOB9bvEwyq6j3lvw8U2NcAiQxf44DQKBgBHb
-lPf0uZHQhutKA61KXoGgLdclrNrKAY8W3nRwqfUw6zQSN9cvcl1Cay/DQ/xdtY9N
-XMyjeMezwLGlOU8nnWSqQxqgmfkvDwqlM82xdFUfYcS5RiZQHxHR3L2TSSOaBoph
-buDGhyV7ZhQXV0slNJxrGZ6uxZ0RyVPSdEiBcjAFAoGBAJqZ6uCVHpv/FwZVggu7
-Xb9EIxZnLSmXwaXFpJoMZpRpKb8cSTTJbgSMv3Dq2LcNKYXdNBhgKgPSc/XipXt9
-ZdT36KWipV+PzW691kUiWHtA8/+E0LCi4Y7rlcBMz9PgDNXK4XMMZOVKxDqPcHSJ
-P6y01ku7T2X+abUiJ334Hg6G
------END PRIVATE KEY-----
diff --git a/pulsar-client-tools-test/src/test/java/org/apache/pulsar/client/cli/PulsarClientToolTest.java b/pulsar-client-tools-test/src/test/java/org/apache/pulsar/client/cli/PulsarClientToolTest.java
index acda1b6f6a5..4ea70bd9af9 100644
--- a/pulsar-client-tools-test/src/test/java/org/apache/pulsar/client/cli/PulsarClientToolTest.java
+++ b/pulsar-client-tools-test/src/test/java/org/apache/pulsar/client/cli/PulsarClientToolTest.java
@@ -331,9 +331,8 @@ public class PulsarClientToolTest extends BrokerTestBase {
PulsarClientTool pulsarClientTool = new PulsarClientTool(new Properties());
final String url = "pulsar+ssl://localhost:6651";
final String authPlugin = "org.apache.pulsar.client.impl.auth.AuthenticationTls";
- final String authParams = "tlsCertFile:pulsar-broker/src/test/resources/authentication/tls/client-cert.pem," +
- "tlsKeyFile:pulsar-broker/src/test/resources/authentication/tls/client-key.pem";
- final String tlsTrustCertsFilePath = "pulsar/pulsar-broker/src/test/resources/authentication/tls/cacert.pem";
+ final String authParams = String.format("tlsCertFile:%s,tlsKeyFile:%s", getTlsFileForClient("admin.cert"),
+ getTlsFileForClient("admin.key-pk8"));
final String message = "test msg";
final int numberOfMessages = 1;
final String topicName = getTopicWithRandomSuffix("test-topic");
@@ -341,11 +340,11 @@ public class PulsarClientToolTest extends BrokerTestBase {
String[] args = {"--url", url,
"--auth-plugin", authPlugin,
"--auth-params", authParams,
- "--tlsTrustCertsFilePath", tlsTrustCertsFilePath,
+ "--tlsTrustCertsFilePath", CA_CERT_FILE_PATH,
"produce", "-m", message,
"-n", Integer.toString(numberOfMessages), topicName};
pulsarClientTool.jcommander.parse(args);
- assertEquals(pulsarClientTool.rootParams.getTlsTrustCertsFilePath(), tlsTrustCertsFilePath);
+ assertEquals(pulsarClientTool.rootParams.getTlsTrustCertsFilePath(), CA_CERT_FILE_PATH);
assertEquals(pulsarClientTool.rootParams.getAuthParams(), authParams);
assertEquals(pulsarClientTool.rootParams.getAuthPluginClassName(), authPlugin);
assertEquals(pulsarClientTool.rootParams.getServiceURL(), url);
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java
index 0bc7c525384..01c06fbf52f 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java
@@ -47,10 +47,6 @@ import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertTrue;
public class ProxyServiceTlsStarterTest extends MockedPulsarServiceBaseTest {
-
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- private final String TLS_PROXY_CERT_FILE_PATH = "./src/test/resources/authentication/tls/server-cert.pem";
- private final String TLS_PROXY_KEY_FILE_PATH = "./src/test/resources/authentication/tls/server-key.pem";
private ProxyServiceStarter serviceStarter;
private String serviceUrl;
private int webPort;
@@ -63,14 +59,14 @@ public class ProxyServiceTlsStarterTest extends MockedPulsarServiceBaseTest {
serviceStarter.getConfig().setBrokerServiceURL(pulsar.getBrokerServiceUrl());
serviceStarter.getConfig().setBrokerServiceURLTLS(pulsar.getBrokerServiceUrlTls());
serviceStarter.getConfig().setBrokerWebServiceURL(pulsar.getWebServiceAddress());
- serviceStarter.getConfig().setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ serviceStarter.getConfig().setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
serviceStarter.getConfig().setServicePort(Optional.empty());
serviceStarter.getConfig().setServicePortTls(Optional.of(0));
serviceStarter.getConfig().setWebServicePort(Optional.of(0));
serviceStarter.getConfig().setTlsEnabledWithBroker(true);
serviceStarter.getConfig().setWebSocketServiceEnabled(true);
- serviceStarter.getConfig().setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
- serviceStarter.getConfig().setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
+ serviceStarter.getConfig().setTlsCertificateFilePath(PROXY_CERT_FILE_PATH);
+ serviceStarter.getConfig().setTlsKeyFilePath(PROXY_KEY_FILE_PATH);
serviceStarter.getConfig().setBrokerProxyAllowedTargetPorts("*");
serviceStarter.start();
serviceUrl = serviceStarter.getProxyService().getServiceUrlTls();
@@ -79,8 +75,8 @@ public class ProxyServiceTlsStarterTest extends MockedPulsarServiceBaseTest {
protected void doInitConf() throws Exception {
super.doInitConf();
- this.conf.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
- this.conf.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
+ this.conf.setTlsCertificateFilePath(PROXY_CERT_FILE_PATH);
+ this.conf.setTlsKeyFilePath(PROXY_KEY_FILE_PATH);
}
@Override
@@ -94,7 +90,7 @@ public class ProxyServiceTlsStarterTest extends MockedPulsarServiceBaseTest {
public void testProducer() throws Exception {
@Cleanup
PulsarClient client = PulsarClient.builder().serviceUrl(serviceUrl)
- .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
+ .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.build();
@Cleanup
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTest.java
index e1cf62aafa8..64b0cd6b1a6 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTest.java
@@ -43,10 +43,6 @@ import org.testng.annotations.Test;
public class ProxyTlsTest extends MockedPulsarServiceBaseTest {
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- private final String TLS_PROXY_CERT_FILE_PATH = "./src/test/resources/authentication/tls/server-cert.pem";
- private final String TLS_PROXY_KEY_FILE_PATH = "./src/test/resources/authentication/tls/server-key.pem";
-
private ProxyService proxyService;
private ProxyConfiguration proxyConfig = new ProxyConfiguration();
@@ -61,8 +57,8 @@ public class ProxyTlsTest extends MockedPulsarServiceBaseTest {
proxyConfig.setWebServicePort(Optional.of(0));
proxyConfig.setWebServicePortTls(Optional.of(0));
proxyConfig.setTlsEnabledWithBroker(false);
- proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
- proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
+ proxyConfig.setTlsCertificateFilePath(PROXY_CERT_FILE_PATH);
+ proxyConfig.setTlsKeyFilePath(PROXY_KEY_FILE_PATH);
proxyConfig.setMetadataStoreUrl(DUMMY_VALUE);
proxyConfig.setConfigurationMetadataStoreUrl(GLOBAL_DUMMY_VALUE);
@@ -87,7 +83,7 @@ public class ProxyTlsTest extends MockedPulsarServiceBaseTest {
@Cleanup
PulsarClient client = PulsarClient.builder()
.serviceUrl(proxyService.getServiceUrlTls())
- .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).build();
+ .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
Producer<byte[]> producer = client.newProducer(Schema.BYTES).topic("persistent://sample/test/local/topic").create();
for (int i = 0; i < 10; i++) {
@@ -100,7 +96,7 @@ public class ProxyTlsTest extends MockedPulsarServiceBaseTest {
@Cleanup
PulsarClient client = PulsarClient.builder()
.serviceUrl(proxyService.getServiceUrlTls())
- .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).build();
+ .allowTlsInsecureConnection(false).tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
TenantInfoImpl tenantInfo = createDefaultTenantInfo();
admin.tenants().createTenant("sample", tenantInfo);
admin.topics().createPartitionedTopic("persistent://sample/test/local/partitioned-topic", 2);
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTestWithAuth.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTestWithAuth.java
index ca35d81d80e..0f1fa74a209 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTestWithAuth.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyTlsTestWithAuth.java
@@ -36,10 +36,6 @@ import org.testng.annotations.Test;
public class ProxyTlsTestWithAuth extends MockedPulsarServiceBaseTest {
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- private final String TLS_PROXY_CERT_FILE_PATH = "./src/test/resources/authentication/tls/server-cert.pem";
- private final String TLS_PROXY_KEY_FILE_PATH = "./src/test/resources/authentication/tls/server-key.pem";
-
private ProxyService proxyService;
private ProxyConfiguration proxyConfig = new ProxyConfiguration();
@@ -68,8 +64,8 @@ public class ProxyTlsTestWithAuth extends MockedPulsarServiceBaseTest {
proxyConfig.setWebServicePort(Optional.of(0));
proxyConfig.setWebServicePortTls(Optional.of(0));
proxyConfig.setTlsEnabledWithBroker(true);
- proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH);
- proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH);
+ proxyConfig.setTlsCertificateFilePath(PROXY_CERT_FILE_PATH);
+ proxyConfig.setTlsKeyFilePath(PROXY_KEY_FILE_PATH);
proxyConfig.setMetadataStoreUrl(DUMMY_VALUE);
proxyConfig.setConfigurationMetadataStoreUrl(GLOBAL_DUMMY_VALUE);
proxyConfig.setBrokerClientAuthenticationPlugin("org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2");
(pulsar) 08/11: [fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21633)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 1fc5cf1495417bc89f650b816c0906b9a1103697
Author: Cong Zhao <zh...@apache.org>
AuthorDate: Tue Dec 5 20:18:53 2023 +0800
[fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21633)
Co-authored-by: Jiwe Guo <te...@apache.org>
(cherry picked from commit f8067b50c0d68cb723e5e5cd681b1697329ae012)
---
.../pulsar/broker/loadbalance/NoopLoadManager.java | 2 +-
.../loadbalance/extensions/BrokerRegistryImpl.java | 2 +-
.../loadbalance/impl/ModularLoadManagerImpl.java | 4 +-
.../loadbalance/impl/SimpleLoadManagerImpl.java | 4 +-
.../pulsar/broker/namespace/OwnershipCache.java | 6 +--
.../pulsar/broker/web/PulsarWebResource.java | 2 +-
.../loadbalance/SimpleLoadManagerImplTest.java | 58 ++++++++++++++++++++--
7 files changed, 63 insertions(+), 15 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
index 0de2ae92db6..80f887d394d 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/NoopLoadManager.java
@@ -61,7 +61,7 @@ public class NoopLoadManager implements LoadManager {
localResourceUnit = new SimpleResourceUnit(String.format("http://%s", lookupServiceAddress),
new PulsarResourceDescription());
- LocalBrokerData localData = new LocalBrokerData(pulsar.getSafeWebServiceAddress(),
+ LocalBrokerData localData = new LocalBrokerData(pulsar.getWebServiceAddress(),
pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls(), pulsar.getAdvertisedListeners());
localData.setProtocols(pulsar.getProtocolDataToAdvertise());
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
index 921ce35b5c6..bfdaa078f19 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/extensions/BrokerRegistryImpl.java
@@ -84,7 +84,7 @@ public class BrokerRegistryImpl implements BrokerRegistry {
this.listeners = new ArrayList<>();
this.brokerId = pulsar.getLookupServiceAddress();
this.brokerLookupData = new BrokerLookupData(
- pulsar.getSafeWebServiceAddress(),
+ pulsar.getWebServiceAddress(),
pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(),
pulsar.getBrokerServiceUrlTls(),
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
index b664b1ca2ba..255d7aa77af 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImpl.java
@@ -980,14 +980,14 @@ public class ModularLoadManagerImpl implements ModularLoadManager {
// At this point, the ports will be updated with the real port number that the server was assigned
Map<String, String> protocolData = pulsar.getProtocolDataToAdvertise();
- lastData = new LocalBrokerData(pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ lastData = new LocalBrokerData(pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls(), pulsar.getAdvertisedListeners());
lastData.setProtocols(protocolData);
// configure broker-topic mode
lastData.setPersistentTopicsEnabled(pulsar.getConfiguration().isEnablePersistentTopics());
lastData.setNonPersistentTopicsEnabled(pulsar.getConfiguration().isEnableNonPersistentTopics());
- localData = new LocalBrokerData(pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ localData = new LocalBrokerData(pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls(), pulsar.getAdvertisedListeners());
localData.setProtocols(protocolData);
localData.setBrokerVersionString(pulsar.getBrokerVersion());
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
index 5e994569711..d54579a2861 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/SimpleLoadManagerImpl.java
@@ -234,7 +234,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
brokerHostUsage = new GenericBrokerHostUsageImpl(pulsar);
}
this.policies = new SimpleResourceAllocationPolicies(pulsar);
- lastLoadReport = new LoadReport(pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ lastLoadReport = new LoadReport(pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
pulsar.getBrokerServiceUrl(), pulsar.getBrokerServiceUrlTls());
lastLoadReport.setProtocols(pulsar.getProtocolDataToAdvertise());
lastLoadReport.setPersistentTopicsEnabled(pulsar.getConfiguration().isEnablePersistentTopics());
@@ -1072,7 +1072,7 @@ public class SimpleLoadManagerImpl implements LoadManager, Consumer<Notification
private LoadReport generateLoadReportForcefully() throws Exception {
synchronized (bundleGainsCache) {
try {
- LoadReport loadReport = new LoadReport(pulsar.getSafeWebServiceAddress(),
+ LoadReport loadReport = new LoadReport(pulsar.getWebServiceAddress(),
pulsar.getWebServiceAddressTls(), pulsar.getBrokerServiceUrl(),
pulsar.getBrokerServiceUrlTls());
loadReport.setProtocols(pulsar.getProtocolDataToAdvertise());
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java
index 86003153714..0033abf36c7 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/namespace/OwnershipCache.java
@@ -122,10 +122,10 @@ public class OwnershipCache {
this.ownerBrokerUrl = pulsar.getBrokerServiceUrl();
this.ownerBrokerUrlTls = pulsar.getBrokerServiceUrlTls();
this.selfOwnerInfo = new NamespaceEphemeralData(ownerBrokerUrl, ownerBrokerUrlTls,
- pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
false, pulsar.getAdvertisedListeners());
this.selfOwnerInfoDisabled = new NamespaceEphemeralData(ownerBrokerUrl, ownerBrokerUrlTls,
- pulsar.getSafeWebServiceAddress(), pulsar.getWebServiceAddressTls(),
+ pulsar.getWebServiceAddress(), pulsar.getWebServiceAddressTls(),
true, pulsar.getAdvertisedListeners());
this.lockManager = pulsar.getCoordinationService().getLockManager(NamespaceEphemeralData.class);
this.locallyAcquiredLocks = new ConcurrentHashMap<>();
@@ -336,7 +336,7 @@ public class OwnershipCache {
public synchronized boolean refreshSelfOwnerInfo() {
this.selfOwnerInfo = new NamespaceEphemeralData(pulsar.getBrokerServiceUrl(),
- pulsar.getBrokerServiceUrlTls(), pulsar.getSafeWebServiceAddress(),
+ pulsar.getBrokerServiceUrlTls(), pulsar.getWebServiceAddress(),
pulsar.getWebServiceAddressTls(), false, pulsar.getAdvertisedListeners());
return selfOwnerInfo.getNativeUrl() != null || selfOwnerInfo.getNativeUrlTls() != null;
}
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
index bdb052d7b9e..de1296dbdd8 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/web/PulsarWebResource.java
@@ -1205,7 +1205,7 @@ public abstract class PulsarWebResource {
protected void validateBrokerName(String broker) {
String brokerUrl = String.format("http://%s", broker);
String brokerUrlTls = String.format("https://%s", broker);
- if (!brokerUrl.equals(pulsar().getSafeWebServiceAddress())
+ if (!brokerUrl.equals(pulsar().getWebServiceAddress())
&& !brokerUrlTls.equals(pulsar().getWebServiceAddressTls())) {
String[] parts = broker.split(":");
checkArgument(parts.length == 2, String.format("Invalid broker url %s", broker));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
index 6303c70b4dc..820d966f62d 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
@@ -24,7 +24,7 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertNotEquals;
+import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertNull;
import static org.testng.Assert.assertTrue;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -55,12 +55,16 @@ import org.apache.pulsar.broker.loadbalance.impl.SimpleLoadManagerImpl;
import org.apache.pulsar.broker.loadbalance.impl.SimpleResourceUnit;
import org.apache.pulsar.client.admin.BrokerStats;
import org.apache.pulsar.client.admin.PulsarAdmin;
+import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.common.naming.NamespaceBundle;
import org.apache.pulsar.common.naming.NamespaceName;
import org.apache.pulsar.common.policies.data.AutoFailoverPolicyData;
import org.apache.pulsar.common.policies.data.AutoFailoverPolicyType;
+import org.apache.pulsar.common.policies.data.ClusterData;
import org.apache.pulsar.common.policies.data.NamespaceIsolationData;
import org.apache.pulsar.common.policies.data.ResourceQuota;
+import org.apache.pulsar.common.policies.data.TenantInfoImpl;
+import org.apache.pulsar.common.policies.data.TopicStats;
import org.apache.pulsar.common.policies.impl.NamespaceIsolationPolicies;
import org.apache.pulsar.common.util.ObjectMapperFactory;
import org.apache.pulsar.metadata.api.MetadataStoreException.BadVersionException;
@@ -71,6 +75,7 @@ import org.apache.pulsar.policies.data.loadbalancer.ResourceUnitRanking;
import org.apache.pulsar.policies.data.loadbalancer.ResourceUsage;
import org.apache.pulsar.policies.data.loadbalancer.SystemResourceUsage;
import org.apache.pulsar.zookeeper.LocalBookkeeperEnsemble;
+import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
@@ -92,8 +97,14 @@ public class SimpleLoadManagerImplTest {
BrokerStats brokerStatsClient2;
String primaryHost;
+
+ String primaryTlsHost;
+
String secondaryHost;
+ private String defaultNamespace;
+ private String defaultTenant;
+
ExecutorService executor = new ThreadPoolExecutor(5, 20, 30, TimeUnit.SECONDS, new LinkedBlockingQueue<>());
@BeforeMethod
@@ -107,6 +118,7 @@ public class SimpleLoadManagerImplTest {
ServiceConfiguration config1 = new ServiceConfiguration();
config1.setClusterName("use");
config1.setWebServicePort(Optional.of(0));
+ config1.setWebServicePortTls(Optional.of(0));
config1.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config1.setBrokerShutdownTimeoutMs(0L);
config1.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
@@ -121,11 +133,13 @@ public class SimpleLoadManagerImplTest {
admin1 = PulsarAdmin.builder().serviceHttpUrl(url1.toString()).build();
brokerStatsClient1 = admin1.brokerStats();
primaryHost = pulsar1.getWebServiceAddress();
+ primaryTlsHost = pulsar1.getWebServiceAddressTls();
// Start broker 2
ServiceConfiguration config2 = new ServiceConfiguration();
config2.setClusterName("use");
config2.setWebServicePort(Optional.of(0));
+ config2.setWebServicePortTls(Optional.of(0));
config2.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config2.setBrokerShutdownTimeoutMs(0L);
config2.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
@@ -142,6 +156,8 @@ public class SimpleLoadManagerImplTest {
brokerStatsClient2 = admin2.brokerStats();
secondaryHost = pulsar2.getWebServiceAddress();
Thread.sleep(100);
+
+ setupClusters();
}
@AfterMethod(alwaysRun = true)
@@ -253,10 +269,9 @@ public class SimpleLoadManagerImplTest {
sortedRankingsInstance.get().put(lr.getRank(rd), rus);
setObjectField(SimpleLoadManagerImpl.class, loadManager, "sortedRankings", sortedRankingsInstance);
- ResourceUnit found = loadManager
- .getLeastLoaded(NamespaceName.get("pulsar/use/primary-ns.10")).get();
+ final Optional<ResourceUnit> leastLoaded = loadManager.getLeastLoaded(NamespaceName.get("pulsar/use/primary-ns.10"));
// broker is not active so found should be null
- assertNotEquals(found, null, "did not find a broker when expected one to be found");
+ assertFalse(leastLoaded.isPresent());
}
@@ -394,7 +409,7 @@ public class SimpleLoadManagerImplTest {
final SimpleLoadManagerImpl loadManager = (SimpleLoadManagerImpl) pulsar1.getLoadManager().get();
for (final NamespaceBundle bundle : bundles) {
- if (loadManager.getLeastLoaded(bundle).get().getResourceId().equals(primaryHost)) {
+ if (loadManager.getLeastLoaded(bundle).get().getResourceId().equals(getAddress(primaryTlsHost))) {
++numAssignedToPrimary;
} else {
++numAssignedToSecondary;
@@ -406,6 +421,10 @@ public class SimpleLoadManagerImplTest {
}
}
+ private static String getAddress(String url) {
+ return url.replaceAll("https", "http");
+ }
+
@Test
public void testNamespaceBundleStats() {
NamespaceBundleStats nsb1 = new NamespaceBundleStats();
@@ -474,4 +493,33 @@ public class SimpleLoadManagerImplTest {
assertEquals(usage.getBandwidthIn().usage, usageLimit);
}
+ @Test
+ public void testGetWebSerUrl() throws PulsarAdminException {
+ String webServiceUrl = admin1.brokerStats().getLoadReport().getWebServiceUrl();
+ Assert.assertEquals(webServiceUrl, pulsar1.getWebServiceAddress());
+
+ String webServiceUrl2 = admin2.brokerStats().getLoadReport().getWebServiceUrl();
+ Assert.assertEquals(webServiceUrl2, pulsar2.getWebServiceAddress());
+ }
+
+ @Test
+ public void testRedirectOwner() throws PulsarAdminException {
+ final String topicName = "persistent://" + defaultNamespace + "/" + "test-topic";
+ admin1.topics().createNonPartitionedTopic(topicName);
+ TopicStats stats = admin1.topics().getStats(topicName);
+ Assert.assertNotNull(stats);
+
+ TopicStats stats2 = admin2.topics().getStats(topicName);
+ Assert.assertNotNull(stats2);
+ }
+
+ private void setupClusters() throws PulsarAdminException {
+ admin1.clusters().createCluster("use", ClusterData.builder().serviceUrl(pulsar1.getWebServiceAddress()).build());
+ TenantInfoImpl tenantInfo = new TenantInfoImpl(Set.of("role1", "role2"), Set.of("use"));
+ defaultTenant = "prop-xyz";
+ admin1.tenants().createTenant(defaultTenant, tenantInfo);
+ defaultNamespace = defaultTenant + "/ns1";
+ admin1.namespaces().createNamespace(defaultNamespace, Set.of("use"));
+ }
+
}
(pulsar) 05/11: [fix][test] ProxyWithoutServiceDiscoveryTest should enable authz (#20348)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit d510b1d1013c86c62ccdb2d9671dd0e560ab2c48
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Thu May 18 13:13:13 2023 -0500
[fix][test] ProxyWithoutServiceDiscoveryTest should enable authz (#20348)
(cherry picked from commit 2ebb3797c3f371c3ca22cbc8002a8110e3e3fa47)
---
.../server/ProxyWithoutServiceDiscoveryTest.java | 52 +++++++++++-----------
1 file changed, 25 insertions(+), 27 deletions(-)
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
index d47d09b8b85..ec1412b021d 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithoutServiceDiscoveryTest.java
@@ -54,13 +54,6 @@ import org.testng.collections.Maps;
public class ProxyWithoutServiceDiscoveryTest extends ProducerConsumerBase {
private static final Logger log = LoggerFactory.getLogger(ProxyWithoutServiceDiscoveryTest.class);
-
- private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem";
- private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/server-cert.pem";
- private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/server-key.pem";
- private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem";
- private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem";
-
private ProxyService proxyService;
private ProxyConfiguration proxyConfig = new ProxyConfiguration();
@@ -73,22 +66,27 @@ public class ProxyWithoutServiceDiscoveryTest extends ProducerConsumerBase {
// enable tls and auth&auth at broker
conf.setAuthenticationEnabled(true);
- conf.setAuthorizationEnabled(false);
+ conf.setAuthorizationEnabled(true);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
- conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- conf.setTlsAllowInsecureConnection(true);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
Set<String> superUserRoles = new HashSet<>();
- superUserRoles.add("superUser");
+ superUserRoles.add("admin");
+ superUserRoles.add("superproxy");
conf.setSuperUserRoles(superUserRoles);
+ Set<String> proxyRoles = new HashSet<>();
+ proxyRoles.add("superproxy");
+ conf.setProxyRoles(proxyRoles);
+
+ conf.setBrokerClientTlsEnabled(true);
conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
- conf.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH);
+ conf.setBrokerClientAuthenticationParameters(String.format("tlsCertFile:%s,tlsKeyFile:%s",
+ getTlsFileForClient("admin.cert"), getTlsFileForClient("admin.key-pk8")));
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
@@ -113,14 +111,14 @@ public class ProxyWithoutServiceDiscoveryTest extends ProducerConsumerBase {
proxyConfig.setTlsEnabledWithBroker(true);
// enable tls and auth&auth at proxy
- proxyConfig.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH);
- proxyConfig.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH);
- proxyConfig.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ proxyConfig.setTlsCertificateFilePath(PROXY_CERT_FILE_PATH);
+ proxyConfig.setTlsKeyFilePath(PROXY_KEY_FILE_PATH);
+ proxyConfig.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
- proxyConfig.setBrokerClientAuthenticationParameters(
- "tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_CLIENT_KEY_FILE_PATH);
- proxyConfig.setBrokerClientTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH);
+ proxyConfig.setBrokerClientAuthenticationParameters(String.format("tlsCertFile:%s,tlsKeyFile:%s",
+ getTlsFileForClient("superproxy.cert"), getTlsFileForClient("superproxy.key-pk8")));
+ proxyConfig.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
proxyConfig.setAuthenticationProviders(providers);
@@ -140,7 +138,7 @@ public class ProxyWithoutServiceDiscoveryTest extends ProducerConsumerBase {
/**
* <pre>
- * It verifies e2e tls + Authentication + Authorization (client -> proxy -> broker>
+ * It verifies e2e tls + Authentication + Authorization (client -> proxy -> broker)
*
* 1. client connects to proxy over tls and pass auth-data
* 2. proxy authenticate client and retrieve client-role
@@ -157,8 +155,8 @@ public class ProxyWithoutServiceDiscoveryTest extends ProducerConsumerBase {
log.info("-- Starting {} test --", methodName);
Map<String, String> authParams = Maps.newHashMap();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
// create a client which connects to proxy over tls and pass authData
@@ -201,10 +199,10 @@ public class ProxyWithoutServiceDiscoveryTest extends ProducerConsumerBase {
}
protected final PulsarClient createPulsarClient(Authentication auth, String lookupUrl) throws Exception {
- admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString()).tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH)
- .allowTlsInsecureConnection(true).authentication(auth).build());
+ admin = spy(PulsarAdmin.builder().serviceHttpUrl(brokerUrlTls.toString()).tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
+ .authentication(auth).build());
return PulsarClient.builder().serviceUrl(lookupUrl).statsInterval(0, TimeUnit.SECONDS)
- .tlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH).allowTlsInsecureConnection(true).authentication(auth)
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).authentication(auth)
.enableTls(true).build();
}
(pulsar) 09/11: [fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21842)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 5fc4f3d5acea53bb1b368623101381733e9af787
Author: Jiwei Guo <te...@apache.org>
AuthorDate: Wed Jan 3 22:01:28 2024 +0800
[fix][broker] Fix returns wrong webServiceUrl when both webServicePort and webServicePortTls are set (#21842)
(cherry picked from commit e10d318d60aab55532ab256a705a90780354cdc6)
---
.../impl/ModularLoadManagerWrapper.java | 4 +--
.../impl/ModularLoadManagerImplTest.java | 31 +++++++++++++++++-----
2 files changed, 26 insertions(+), 9 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java
index c61d39cf315..63bc7ab07fe 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerWrapper.java
@@ -78,8 +78,8 @@ public class ModularLoadManagerWrapper implements LoadManager {
private String getBrokerWebServiceUrl(String broker) {
LocalBrokerData localData = (loadManager).getBrokerLocalData(broker);
if (localData != null) {
- return localData.getWebServiceUrl() != null ? localData.getWebServiceUrl()
- : localData.getWebServiceUrlTls();
+ return localData.getWebServiceUrlTls() != null ? localData.getWebServiceUrlTls()
+ : localData.getWebServiceUrl();
}
return String.format("http://%s", broker);
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
index d8acb6d24e9..6959d21cbe9 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
@@ -62,6 +62,7 @@ import org.apache.pulsar.broker.ServiceConfiguration;
import org.apache.pulsar.broker.loadbalance.LoadBalancerTestingUtils;
import org.apache.pulsar.broker.loadbalance.LoadData;
import org.apache.pulsar.broker.loadbalance.LoadManager;
+import org.apache.pulsar.broker.loadbalance.ResourceUnit;
import org.apache.pulsar.broker.loadbalance.impl.LoadManagerShared.BrokerTopicLoadingPredicate;
import org.apache.pulsar.client.admin.Namespaces;
import org.apache.pulsar.client.admin.PulsarAdmin;
@@ -116,8 +117,12 @@ public class ModularLoadManagerImplTest {
private PulsarService pulsar3;
private String primaryHost;
+
+ private String primaryTlsHost;
private String secondaryHost;
+ private String secondaryTlsHost;
+
private NamespaceBundleFactory nsFactory;
private ModularLoadManagerImpl primaryLoadManager;
@@ -163,16 +168,19 @@ public class ModularLoadManagerImplTest {
config1.setLoadBalancerLoadSheddingStrategy("org.apache.pulsar.broker.loadbalance.impl.OverloadShedder");
config1.setClusterName("use");
config1.setWebServicePort(Optional.of(0));
+ config1.setWebServicePortTls(Optional.of(0));
config1.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config1.setAdvertisedAddress("localhost");
config1.setBrokerShutdownTimeoutMs(0L);
config1.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
config1.setBrokerServicePort(Optional.of(0));
+ config1.setBrokerServicePortTls(Optional.of(0));
pulsar1 = new PulsarService(config1);
pulsar1.start();
primaryHost = String.format("%s:%d", "localhost", pulsar1.getListenPortHTTP().get());
+ primaryTlsHost = String.format("%s:%d", "localhost", pulsar1.getListenPortHTTPS().get());
url1 = new URL(pulsar1.getWebServiceAddress());
admin1 = PulsarAdmin.builder().serviceHttpUrl(url1.toString()).build();
@@ -182,11 +190,13 @@ public class ModularLoadManagerImplTest {
config2.setLoadBalancerLoadSheddingStrategy("org.apache.pulsar.broker.loadbalance.impl.OverloadShedder");
config2.setClusterName("use");
config2.setWebServicePort(Optional.of(0));
+ config2.setWebServicePortTls(Optional.of(0));
config2.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config2.setAdvertisedAddress("localhost");
config2.setBrokerShutdownTimeoutMs(0L);
config2.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
config2.setBrokerServicePort(Optional.of(0));
+ config2.setBrokerServicePortTls(Optional.of(0));
pulsar2 = new PulsarService(config2);
pulsar2.start();
@@ -195,14 +205,17 @@ public class ModularLoadManagerImplTest {
config.setLoadBalancerLoadSheddingStrategy("org.apache.pulsar.broker.loadbalance.impl.OverloadShedder");
config.setClusterName("use");
config.setWebServicePort(Optional.of(0));
+ config.setWebServicePortTls(Optional.of(0));
config.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config.setAdvertisedAddress("localhost");
config.setBrokerShutdownTimeoutMs(0L);
config.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
config.setBrokerServicePort(Optional.of(0));
+ config.setBrokerServicePortTls(Optional.of(0));
pulsar3 = new PulsarService(config);
secondaryHost = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTP().get());
+ secondaryTlsHost = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTPS().get());
url2 = new URL(pulsar2.getWebServiceAddress());
admin2 = PulsarAdmin.builder().serviceHttpUrl(url2.toString()).build();
@@ -427,9 +440,9 @@ public class ModularLoadManagerImplTest {
pulsar1.getConfiguration().setLoadBalancerEnabled(true);
final LoadData loadData = (LoadData) getField(primaryLoadManagerSpy, "loadData");
final Map<String, BrokerData> brokerDataMap = loadData.getBrokerData();
- final BrokerData brokerDataSpy1 = spy(brokerDataMap.get(primaryHost));
+ final BrokerData brokerDataSpy1 = spy(brokerDataMap.get(primaryTlsHost));
when(brokerDataSpy1.getLocalData()).thenReturn(localBrokerData);
- brokerDataMap.put(primaryHost, brokerDataSpy1);
+ brokerDataMap.put(primaryTlsHost, brokerDataSpy1);
// Need to update all the bundle data for the shredder to see the spy.
primaryLoadManagerSpy.handleDataNotification(new Notification(NotificationType.Created, LoadManager.LOADBALANCE_BROKERS_ROOT + "/broker:8080"));
@@ -447,7 +460,7 @@ public class ModularLoadManagerImplTest {
verify(namespacesSpy1, Mockito.times(1))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
assertEquals(bundleReference.get(), mockBundleName(2));
- assertEquals(selectedBrokerRef.get().get(), secondaryHost);
+ assertEquals(selectedBrokerRef.get().get(), secondaryTlsHost);
primaryLoadManagerSpy.doLoadShedding();
// Now less expensive bundle will be unloaded (normally other bundle would move off and nothing would be
@@ -455,13 +468,13 @@ public class ModularLoadManagerImplTest {
verify(namespacesSpy1, Mockito.times(2))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
assertEquals(bundleReference.get(), mockBundleName(1));
- assertEquals(selectedBrokerRef.get().get(), secondaryHost);
+ assertEquals(selectedBrokerRef.get().get(), secondaryTlsHost);
primaryLoadManagerSpy.doLoadShedding();
// Now both are in grace period: neither should be unloaded.
verify(namespacesSpy1, Mockito.times(2))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
- assertEquals(selectedBrokerRef.get().get(), secondaryHost);
+ assertEquals(selectedBrokerRef.get().get(), secondaryTlsHost);
// Test bundle transfer to same broker
@@ -474,7 +487,7 @@ public class ModularLoadManagerImplTest {
loadData.getRecentlyUnloadedBundles().clear();
primaryLoadManagerSpy.doLoadShedding();
// The bundle shouldn't be unloaded because the broker is the same.
- verify(namespacesSpy1, Mockito.times(3))
+ verify(namespacesSpy1, Mockito.times(4))
.unloadNamespaceBundle(Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
}
@@ -701,7 +714,7 @@ public class ModularLoadManagerImplTest {
admin1.namespaces().createNamespace(namespace);
@Cleanup
- PulsarClient pulsarClient = PulsarClient.builder().serviceUrl(pulsar1.getSafeWebServiceAddress()).build();
+ PulsarClient pulsarClient = PulsarClient.builder().serviceUrl(pulsar1.getWebServiceAddress()).build();
Producer<byte[]> producer = pulsarClient.newProducer().topic("persistent://" + namespace + "/my-topic1")
.create();
ModularLoadManagerImpl loadManager = (ModularLoadManagerImpl) ((ModularLoadManagerWrapper) pulsar1
@@ -843,6 +856,10 @@ public class ModularLoadManagerImplTest {
String topicToFindBundle = topicName + 0;
NamespaceBundle bundleWillBeSplit = pulsar1.getNamespaceService().getBundle(TopicName.get(topicToFindBundle));
+ final Optional<ResourceUnit> leastLoaded = loadManagerWrapper.getLeastLoaded(bundleWillBeSplit);
+ assertFalse(leastLoaded.isEmpty());
+ assertTrue(leastLoaded.get().getResourceId().startsWith("https"));
+
String bundleDataPath = ModularLoadManagerImpl.BUNDLE_DATA_PATH + "/" + tenant + "/" + namespace;
CompletableFuture<List<String>> children = bundlesCache.getChildren(bundleDataPath);
List<String> bundles = children.join();
(pulsar) 02/11: [cleanup] Deduplicate test certificates to simplify management (#20289)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 57b73027a87c850b680b0eace48605291e9832b0
Author: Michael Marshall <mm...@apache.org>
AuthorDate: Wed May 10 09:52:45 2023 -0500
[cleanup] Deduplicate test certificates to simplify management (#20289)
(cherry picked from commit 96367e1c2bfd64ec0f72602321ae6ede4bed96cd)
---
.../pulsar/broker/admin/AdminApiTlsAuthTest.java | 38 ++++++++++------------
.../broker/admin/BrokerAdminClientTlsAuthTest.java | 18 ++++------
.../broker/auth/MockedPulsarServiceBaseTest.java | 15 +++++++++
.../authentication/tls-http/admin.cert.pem | 26 ---------------
.../authentication/tls-http/admin.key-pk8.pem | 28 ----------------
.../authentication/tls-http/broker.cert.pem | 27 ---------------
.../authentication/tls-http/broker.key-pk8.pem | 28 ----------------
.../resources/authentication/tls-http/ca.cert.pem | 29 -----------------
.../authentication/tls-http/proxy.cert.pem | 26 ---------------
.../authentication/tls-http/proxy.key-pk8.pem | 28 ----------------
.../authentication/tls-http/superproxy.cert.pem | 26 ---------------
.../authentication/tls-http/superproxy.key-pk8.pem | 28 ----------------
.../authentication/tls-http/user1.cert.pem | 26 ---------------
.../authentication/tls-http/user1.key-pk8.pem | 28 ----------------
.../proxy/server/AuthedAdminProxyHandlerTest.java | 32 ++++++++----------
.../SuperUserAuthedAdminProxyHandlerTest.java | 26 +++++++--------
.../authentication/tls-admin-proxy/admin.cert.pem | 26 ---------------
.../tls-admin-proxy/admin.key-pk8.pem | 28 ----------------
.../authentication/tls-admin-proxy/broker.cert.pem | 27 ---------------
.../tls-admin-proxy/broker.key-pk8.pem | 28 ----------------
.../authentication/tls-admin-proxy/ca.cert.pem | 29 -----------------
.../authentication/tls-admin-proxy/proxy.cert.pem | 26 ---------------
.../tls-admin-proxy/proxy.key-pk8.pem | 28 ----------------
.../tls-admin-proxy/randouser.cert.pem | 19 -----------
.../tls-admin-proxy/randouser.key-pk8.pem | 28 ----------------
.../tls-admin-proxy/superproxy.cert.pem | 26 ---------------
.../tls-admin-proxy/superproxy.key-pk8.pem | 28 ----------------
.../authentication/tls-admin-proxy/user1.cert.pem | 26 ---------------
.../tls-admin-proxy/user1.key-pk8.pem | 28 ----------------
29 files changed, 64 insertions(+), 712 deletions(-)
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
index bd23e0d7e4e..2b7b9101a81 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTlsAuthTest.java
@@ -65,19 +65,15 @@ import org.testng.annotations.Test;
@Test(groups = "broker-admin")
public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
- private static String getTLSFile(String name) {
- return String.format("./src/test/resources/authentication/tls-http/%s.pem", name);
- }
-
@BeforeMethod
@Override
public void setup() throws Exception {
conf.setLoadBalancerEnabled(true);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsCertificateFilePath(getTLSFile("broker.cert"));
- conf.setTlsKeyFilePath(getTLSFile("broker.key-pk8"));
- conf.setTlsTrustCertsFilePath(getTLSFile("ca.cert"));
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setAuthenticationEnabled(true);
conf.setAuthenticationProviders(
Set.of("org.apache.pulsar.broker.authentication.AuthenticationProviderTls"));
@@ -87,8 +83,8 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
conf.setBrokerClientAuthenticationPlugin("org.apache.pulsar.client.impl.auth.AuthenticationTls");
conf.setBrokerClientAuthenticationParameters(
- String.format("tlsCertFile:%s,tlsKeyFile:%s", getTLSFile("admin.cert"), getTLSFile("admin.key-pk8")));
- conf.setBrokerClientTrustCertsFilePath(getTLSFile("ca.cert"));
+ String.format("tlsCertFile:%s,tlsKeyFile:%s", getTlsFileForClient("admin.cert"), getTlsFileForClient("admin.key-pk8")));
+ conf.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setBrokerClientTlsEnabled(true);
conf.setNumExecutorThreadPoolSize(5);
@@ -115,11 +111,11 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
.register(JacksonConfigurator.class).register(JacksonFeature.class);
X509Certificate trustCertificates[] = SecurityUtility.loadCertificatesFromPemFile(
- getTLSFile("ca.cert"));
+ CA_CERT_FILE_PATH);
SSLContext sslCtx = SecurityUtility.createSslContext(
false, trustCertificates,
- SecurityUtility.loadCertificatesFromPemFile(getTLSFile(user + ".cert")),
- SecurityUtility.loadPrivateKeyFromPemFile(getTLSFile(user + ".key-pk8")));
+ SecurityUtility.loadCertificatesFromPemFile(getTlsFileForClient(user + ".cert")),
+ SecurityUtility.loadPrivateKeyFromPemFile(getTlsFileForClient(user + ".key-pk8")));
clientBuilder.sslContext(sslCtx).hostnameVerifier(NoopHostnameVerifier.INSTANCE);
Client client = clientBuilder.build();
@@ -133,8 +129,8 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
.serviceHttpUrl(brokerUrlTls.toString())
.authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
String.format("tlsCertFile:%s,tlsKeyFile:%s",
- getTLSFile(user + ".cert"), getTLSFile(user + ".key-pk8")))
- .tlsTrustCertsFilePath(getTLSFile("ca.cert")).build();
+ getTlsFileForClient(user + ".cert"), getTlsFileForClient(user + ".key-pk8")))
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
}
PulsarClient buildClient(String user) throws Exception {
@@ -143,8 +139,8 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
.enableTlsHostnameVerification(false)
.authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
String.format("tlsCertFile:%s,tlsKeyFile:%s",
- getTLSFile(user + ".cert"), getTLSFile(user + ".key-pk8")))
- .tlsTrustCertsFilePath(getTLSFile("ca.cert")).build();
+ getTlsFileForClient(user + ".cert"), getTlsFileForClient(user + ".key-pk8")))
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
}
@Test
@@ -471,11 +467,11 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
public void testCertRefreshForPulsarAdmin() throws Exception {
String adminUser = "admin";
String user2 = "user1";
- File keyFile = new File(getTLSFile("temp" + ".key-pk8"));
+ File keyFile = File.createTempFile("temp", ".key-pk8");
Path keyFilePath = Paths.get(keyFile.getAbsolutePath());
int autoCertRefreshTimeSec = 1;
try {
- Files.copy(Paths.get(getTLSFile(user2 + ".key-pk8")), keyFilePath, StandardCopyOption.REPLACE_EXISTING);
+ Files.copy(Paths.get(getTlsFileForClient(user2 + ".key-pk8")), keyFilePath, StandardCopyOption.REPLACE_EXISTING);
PulsarAdmin admin = PulsarAdmin.builder()
.allowTlsInsecureConnection(false)
.enableTlsHostnameVerification(false)
@@ -483,8 +479,8 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
.autoCertRefreshTime(autoCertRefreshTimeSec, TimeUnit.SECONDS)
.authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
String.format("tlsCertFile:%s,tlsKeyFile:%s",
- getTLSFile(adminUser + ".cert"), keyFile))
- .tlsTrustCertsFilePath(getTLSFile("ca.cert")).build();
+ getTlsFileForClient(adminUser + ".cert"), keyFile))
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
// try to call admin-api which should fail due to incorrect key-cert
try {
admin.tenants().createTenant("tenantX",
@@ -496,7 +492,7 @@ public class AdminApiTlsAuthTest extends MockedPulsarServiceBaseTest {
// replace correct key file
Files.delete(keyFile.toPath());
Thread.sleep(2 * autoCertRefreshTimeSec * 1000);
- Files.copy(Paths.get(getTLSFile(adminUser + ".key-pk8")), keyFilePath);
+ Files.copy(Paths.get(getTlsFileForClient(adminUser + ".key-pk8")), keyFilePath);
MutableBoolean success = new MutableBoolean(false);
retryStrategically((test) -> {
try {
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
index 54164c3d40e..19a550457a4 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
@@ -48,10 +48,6 @@ public class BrokerAdminClientTlsAuthTest extends MockedPulsarServiceBaseTest {
methodName = m.getName();
}
- private static String getTLSFile(String name) {
- return String.format("./src/test/resources/authentication/tls-http/%s.pem", name);
- }
-
@BeforeMethod
@Override
public void setup() throws Exception {
@@ -63,19 +59,19 @@ public class BrokerAdminClientTlsAuthTest extends MockedPulsarServiceBaseTest {
private void buildConf(ServiceConfiguration conf) {
conf.setLoadBalancerEnabled(true);
- conf.setTlsCertificateFilePath(getTLSFile("broker.cert"));
- conf.setTlsKeyFilePath(getTLSFile("broker.key-pk8"));
- conf.setTlsTrustCertsFilePath(getTLSFile("ca.cert"));
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setAuthenticationEnabled(true);
conf.setSuperUserRoles(Set.of("superproxy", "broker.pulsar.apache.org"));
conf.setAuthenticationProviders(
Set.of("org.apache.pulsar.broker.authentication.AuthenticationProviderTls"));
conf.setAuthorizationEnabled(true);
conf.setBrokerClientTlsEnabled(true);
- String str = String.format("tlsCertFile:%s,tlsKeyFile:%s", getTLSFile("broker.cert"), getTLSFile("broker.key-pk8"));
+ String str = String.format("tlsCertFile:%s,tlsKeyFile:%s", BROKER_CERT_FILE_PATH, BROKER_KEY_FILE_PATH);
conf.setBrokerClientAuthenticationParameters(str);
conf.setBrokerClientAuthenticationPlugin("org.apache.pulsar.client.impl.auth.AuthenticationTls");
- conf.setBrokerClientTrustCertsFilePath(getTLSFile("ca.cert"));
+ conf.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
conf.setTlsAllowInsecureConnection(true);
conf.setNumExecutorThreadPoolSize(5);
}
@@ -93,8 +89,8 @@ public class BrokerAdminClientTlsAuthTest extends MockedPulsarServiceBaseTest {
.serviceHttpUrl(brokerUrlTls.toString())
.authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
String.format("tlsCertFile:%s,tlsKeyFile:%s",
- getTLSFile(user + ".cert"), getTLSFile(user + ".key-pk8")))
- .tlsTrustCertsFilePath(getTLSFile("ca.cert")).build();
+ getTlsFileForClient(user + ".cert"), getTlsFileForClient(user + ".key-pk8")))
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH).build();
}
/**
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java
index ab663b5b483..16db0f48480 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java
@@ -75,6 +75,21 @@ import org.testng.annotations.DataProvider;
* Base class for all tests that need a Pulsar instance without a ZK and BK cluster.
*/
public abstract class MockedPulsarServiceBaseTest extends TestRetrySupport {
+ // All certificate-authority files are copied from the tests/certificate-authority directory and all share the same
+ // root CA.
+ protected static String getTlsFileForClient(String name) {
+ return ResourceUtils.getAbsolutePath(String.format("certificate-authority/client-keys/%s.pem", name));
+ }
+ public final static String CA_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/certs/ca.cert.pem");
+ public final static String BROKER_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.cert.pem");
+ public final static String BROKER_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/broker.key-pk8.pem");
+ public final static String PROXY_CERT_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/proxy.cert.pem");
+ public final static String PROXY_KEY_FILE_PATH =
+ ResourceUtils.getAbsolutePath("certificate-authority/server-keys/proxy.key-pk8.pem");
public final static String BROKER_KEYSTORE_FILE_PATH =
ResourceUtils.getAbsolutePath("certificate-authority/jks/broker.keystore.jks");
public final static String BROKER_TRUSTSTORE_FILE_PATH =
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/admin.cert.pem b/pulsar-broker/src/test/resources/authentication/tls-http/admin.cert.pem
deleted file mode 100644
index 0665edbdc12..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/admin.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZTCCAk2gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyMjA4NTcwNloYDzIyOTIwNDA2MDg1NzA2WjAQMQ4wDAYDVQQD
-DAVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJw3Jfbn0xkW
-36kqQjES6Hn+YTZ2jXS5Co2MzsGBsIY0qJ2BbWHSSaMrja4IERUaCQp16SWxPmZ0
-srMm6ErDoap+O70CWXLT3ybYMV5aVwv3ca4uxsedzaw9MpFXfUDsJJ3yre1JpO+t
-A/QzJEGq1d6NN49InUP5kB1Rpay3vaxx8hduzqTO+E/Lptv92p6GjOpXi2icSjiA
-pgaan2ldGGKEKv2Sc2bfdIDkTq1yDyNmuPET0yD2dci106EW/mPyj81umPKG/o4K
-5W18yG/IhXw5W1zlgO1fWCuqva8NCBdu7s1c7hUX8DBx7km4/I7dllz/nYHIfCEQ
-Dmj38oQjYk8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
-oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBQTMzAAOJ9gXvQSS7Be3+qmrb1kVDAfBgNVHSMEGDAW
-gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQAwy8f6hsG0
-85e3SOIztbUnaVxS7wzDeDzR3vCjpXpm4vTToYzN9zx3JHKSdJrB12emVxItwW/7
-bXqBk0n2EdQjRHCuebnY05eFMNGagMEEMVmSLOproQD7VsyALNxCss1JAyRikh70
-W7wgOVeAhqE53UqqrkzTE7Q+8Bag9t3FytHxApY17XglbWkiVcFpQwSURe9Emi3E
-aCJCryGJXrBNuCFXGzetSygDEy27+2FeH8S2XsMwUEGLqDDehzvMenVz1xjXtq+s
-KPkofAde52NHd4lLkSeBMSFnKe3V7Xxax2OEUsoQRF3bkbpcJSWsKS9ZAA2yrtuy
-Nz/aA1F42LuSFPAYQr1kcZ8eSS918RWz+BiJYU2JuUOPd1XUmJXVvZ4CJurWaC7+
-ZD51YdD8E245xd55fsA6/qLx3eE/Kp0dVq+Hxuz6b4yLET0zkGunOe4A3hnRgkOA
-XolXCL+VthhWtFGXn8CjpxDnzjahq69Io+dINehqd5aJEgvnHZIK2s7FTqqBBodU
-HhyAE94f64z7ziuRhEG54bmBF+MoGyPf6dVn1Mp3+o+YeQ5q6XlKgh+u8jMgmqRO
-ikdsVdMqopt/FXh9eFzvQrwOZFLK6JE/edUgb6xvS1jMF5zi2lIlIkq1RBQOr4HT
-XDwX4vRtfpDxpsetGVpeq9O07fbMvp+mkw==
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/admin.key-pk8.pem b/pulsar-broker/src/test/resources/authentication/tls-http/admin.key-pk8.pem
deleted file mode 100644
index 6aaa22c44d7..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/admin.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCcNyX259MZFt+p
-KkIxEuh5/mE2do10uQqNjM7BgbCGNKidgW1h0kmjK42uCBEVGgkKdeklsT5mdLKz
-JuhKw6Gqfju9Ally098m2DFeWlcL93GuLsbHnc2sPTKRV31A7CSd8q3tSaTvrQP0
-MyRBqtXejTePSJ1D+ZAdUaWst72scfIXbs6kzvhPy6bb/dqehozqV4tonEo4gKYG
-mp9pXRhihCr9knNm33SA5E6tcg8jZrjxE9Mg9nXItdOhFv5j8o/Nbpjyhv6OCuVt
-fMhvyIV8OVtc5YDtX1grqr2vDQgXbu7NXO4VF/Awce5JuPyO3ZZc/52ByHwhEA5o
-9/KEI2JPAgMBAAECggEAP+Ipq2Q4puz8wGBgu1LhMWp+9Nfcl1xI3YQ01VulBe0o
-+2h/g96McKcSBJaV7cw84ENB+kEWpK2amrsRiemhBmkjIvOAAv50Jp2I6u4E5Qbn
-PXUxo1Z8UrCgKmHd/hvUCafByuUwBzf5AvebHyOu3JlhnD302mSHtAW8u/pUHd3D
-sxJaw1zwQvmlD5ryM2IVYSji7NYCXF0H6V7HfyohTCrQFEWEAdqEDcFR1BUwbPCE
-raq7sAiEy+cBUnfV3IOEAffOZy0vSR90/WwERcwrzCdZmpWpTqtbcqtdBPqsSQzX
-shDvXd0e43+FSJzCtQsSQ8WzIrp3rgKJUDA1pJQW4QKBgQDJdTcB6qZz8r+4q9gc
-q1KAJyMy01Vio1yaqYzXr0C9Z5FW1GhL+4fwer2y9JyD45sb/lP4reFj9S193BNR
-C8cdxM5GrWEpzaQ0Dt1s8P1UbU8G6r4NqwI6ORF3CxXZKfXivQcgqBurJGrBdjIC
-NwqAzSkX5flBbhfTlJuUH87k3wKBgQDGgjzdIWXab7FZfdUzzrtEwNooBiSEFixm
-UAwP5sxL8VkM9wzAKPEVDDQBBoKIga9OESif4S9UUo4tu65AYfxF9Om26K4QrVj8
-HT/U+lfT7xFmPd/GINIbeTSmW0w7Ehpj8SbcQI4Sb2lVE562FlHh7QbHZd0/X/2J
-nbgT9MRAkQKBgQCVPAN3o/+SPOzRPFtnQXJoBJYKfIrv+twKpjbzP5vRsvrzO33X
-a4kUF5iXDKU0/lJUtl42BXjFt0Xvyit1CiiCYNv9d0pW0UMmXSyiGxNOi3rTQOlw
-7pFD2Cqb6NZSfMbtI+I3ytBUQzHiBlCdW3CoYVJjpbSzR37W+WsWm0mEOQKBgQCq
-ANObFYUjA1DBMZCrY7rhcL/kUw5myI6RuK/71k7UIwd+oP0cfHOq8N6AmlCkE1xM
-4UkHU1SzRFhbNkZPARuJ1etqJ+8afTqd/3axMQyShkVCaG8CQQ1vVegPKFUqqaBM
-QzRioC6L/zoYEEt16buKXvHVRpmqMszxVE9XV+HS4QKBgDvs5qloOowS5kcWInrj
-yecu5MJvFf2IZpMw7EiKV8VUPeKaiUlqgFj9d9cotUIMauXgBq6f5NBRg7Ike60t
-/JJrPtqXY+gdFLjxcKMUVYhomFlQYYg/RJZUBrtkyKBP68abopCYmb59r3ixeNNf
-qA1F36mmFtzdjSdtH/dTTecN
------END PRIVATE KEY-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/broker.cert.pem b/pulsar-broker/src/test/resources/authentication/tls-http/broker.cert.pem
deleted file mode 100644
index b5c7a5dc709..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/broker.cert.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyMjA4NTUzMloYDzIyOTIwNDA2MDg1NTMyWjAjMSEwHwYDVQQD
-DBhicm9rZXIucHVsc2FyLmFwYWNoZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDQouKhZah4hMCqmg4aS5RhQG/Y1gA+yP9DGF9mlw35tfhfWs63
-EvNjEK4L/ZWSEV45L/wc6YV14RmM6bJ0V/0vXo4xmISbqptND/2kRIspkLZQ5F0O
-OQXVicqZLOc6igZQhRg8ANDYdTJUTF65DqauX4OJt3YMhF2FSt7jQtlj06IQBa01
-+ARO9OotMJtBY+vIU5bV6JydfgkhQH9rIDI7AMeY5j02gGkJJrelfm+WoOsUez+X
-aqTN3/tF8+MBcFB3G04s1qc2CJPJM3YGxvxEtHqTGI14t9J8p5O7X9JHpcY8X00s
-bxa4FGbKgfDobbkJ+GgblWCkAcLN95sKTqtHAgMBAAGjgd0wgdowCQYDVR0TBAIw
-ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
-ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUaxFvJrkEGqk8azTA
-DyVyTyTbJAIwQQYDVR0jBDowOIAUVwvpyyPov0c+UHo/RX6hGEOdFSehFaQTMBEx
-DzANBgNVBAMMBmZvb2JhcoIJANfih0+geeIMMA4GA1UdDwEB/wQEAwIFoDATBgNV
-HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEA35QDGclHzQtHs3yQ
-ZzNOSKisg5srTiIoQgRzfHrXfkthNFCnBzhKjBxqk3EIasVtvyGuk0ThneC1ai3y
-ZK3BivnMZfm1SfyvieFoqWetsxohWfcpOSVkpvO37P6v/NmmaTIGkBN3gxKCx0QN
-zqApLQyNTM++X3wxetYH/afAGUrRmBGWZuJheQpB9yZ+FB6BRp8YuYIYBzANJyW9
-spvXW03TpqX2AIoRBoGMLzK72vbhAbLWiCIfEYREhbZVRkP+yvD338cWrILlOEur
-x/n8L/FTmbf7mXzHg4xaQ3zg/5+0OCPMDPUBE4xWDBAbZ82hgOcTqfVjwoPgo2V0
-fbbx6redq44J3Vn5d9Xhi59fkpqEjHpX4xebr5iMikZsNTJMeLh0h3uf7DstuO9d
-mfnF5j+yDXCKb9XzCsTSvGCN+spmUh6RfSrbkw8/LrRvBUpKVEM0GfKSnaFpOaSS
-efM4UEi72FRjszzHEkdvpiLhYvihINLJmDXszhc3fCi42be/DGmUhuhTZWynOPmp
-0N0V/8/sGT5gh4fGEtGzS/8xEvZwO9uDlccJiG8Pi+aO0/K9urB9nppd/xKWXv3C
-cib/QrW0Qow4TADWC1fnGYCpFzzaZ2esPL2MvzOYXnW4/AbEqmb6Weatluai64ZK
-3N2cGJWRyvpvvmbP2hKCa4eLgEc=
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/broker.key-pk8.pem b/pulsar-broker/src/test/resources/authentication/tls-http/broker.key-pk8.pem
deleted file mode 100644
index 2b51d015b8a..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/broker.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDQouKhZah4hMCq
-mg4aS5RhQG/Y1gA+yP9DGF9mlw35tfhfWs63EvNjEK4L/ZWSEV45L/wc6YV14RmM
-6bJ0V/0vXo4xmISbqptND/2kRIspkLZQ5F0OOQXVicqZLOc6igZQhRg8ANDYdTJU
-TF65DqauX4OJt3YMhF2FSt7jQtlj06IQBa01+ARO9OotMJtBY+vIU5bV6Jydfgkh
-QH9rIDI7AMeY5j02gGkJJrelfm+WoOsUez+XaqTN3/tF8+MBcFB3G04s1qc2CJPJ
-M3YGxvxEtHqTGI14t9J8p5O7X9JHpcY8X00sbxa4FGbKgfDobbkJ+GgblWCkAcLN
-95sKTqtHAgMBAAECggEBALE1eMtfnk3nbAI74bih84D7C0Ug14p8jJv/qqBnsx4j
-WrgbWDMVrJa7Rym2FQHBMMfgIwKnso0iSeJvaPz683j1lk833YKe0VQOPgD1m0IN
-wV1J6mQ3OOZcKDIcerY1IBHqSmBEzR7dxIbnaxlCAX9gb0hdBK6zCwA5TMG5OQ5Y
-3cGOmevK5i2PiejhpruA8h7E48P1ATaGHUZif9YD724oi6AcilQ8H/DlOjZTvlmK
-r4aJ30f72NwGM8Ecet5CE2wyflAGtY0k+nChYkPRfy54u64Z/T9B53AvneFaj8jv
-yFepZgRTs2cWhEl0KQGuBHQ4+IeOfMt2LebhvjWW8YkCgYEA7BXVsnqPHKRDd8wP
-eNkolY4Fjdq4wu9ad+DaFiZcJuv7ugr+Kplltq6e4aU36zEdBYdPp/6KM/HGE/Xj
-bo0CELNUKs/Ny9H/UJc8DDbVEmoF3XGiIbKKq1T8NTXTETFnwrGkBFD8nl7YTsOF
-M4FZmSok0MhhkpEULAqxBS6YpQsCgYEA4jxM1egTVSWjTreg2UdYo2507jKa7maP
-PRtoPsNJzWNbOpfj26l3/8pd6oYKWck6se6RxIUxUrk3ywhNJIIOvWEC7TaOH1c9
-T4NQNcweqBW9+A1x5gyzT14gDaBfl45gs82vI+kcpVv/w2N3HZOQZX3yAUqWpfw2
-yw1uQDXtgDUCgYEAiYPWbBXTkp1j5z3nrT7g0uxc89n5USLWkYlZvxktCEbg4+dP
-UUT06EoipdD1F3wOKZA9p98uZT9pX2sUxOpBz7SFTEKq3xQ9IZZWFc9CoW08aVat
-V++FsnLYTa5CeXtLsy6CGTmLTDx2xrpAtlWb+QmBVFPD8fmrxFOd9STFKS0CgYAt
-6ztVN3OlFqyc75yQPXD6SxMkvdTAisSMDKIOCylRrNb5f5baIP2gR3zkeyxiqPtm
-3htsHfSy67EtXpP50wQW4Dft2eLi7ZweJXMEWFfomfEjBeeWYAGNHHe5DFIauuVZ
-2WexDEGqNpAlIm0s7aSjVPrn1DHbouOkNyenlMqN+QKBgQDVYVhk9widShSnCmUA
-G30moXDgj3eRqCf5T7NEr9GXD1QBD/rQSPh5agnDV7IYLpV7/wkYLI7l9x7mDwu+
-I9mRXkyAmTVEctLTdXQHt0jdJa5SfUaVEDUzQbr0fUjkmythTvqZ809+d3ELPeLI
-5qJ7jxgksHWji4lYfL4r4J6Zaw==
------END PRIVATE KEY-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/ca.cert.pem b/pulsar-broker/src/test/resources/authentication/tls-http/ca.cert.pem
deleted file mode 100644
index 0446700135d..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/ca.cert.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFCDCCAvCgAwIBAgIJANfih0+geeIMMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV
-BAMMBmZvb2JhcjAeFw0xODA2MjIwODQ2MjFaFw0zODA2MTcwODQ2MjFaMBExDzAN
-BgNVBAMMBmZvb2JhcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOVU
-UpTPeXCeyfUiQS824l9s9krZd4R6TA4D97eQ9EWm2D7ppV4gPApHO8j5f+joo/b6
-Iso4aFlHpJ8VV2a5Ol7rjQw43MJHaBgwDxB1XWgsNdfoI7ebtp/BWg2nM3r8wm+Z
-gKenf9d1/1Ol+6yFUehkLkIXUvldiVegmmje8FnwhcDNE1eTrh66XqSJXEXqgBKu
-NqsoYcVak72OyOO1/N8CESoSdyBkbSiH5vJyo0AUCjn7tULga7fxojmqBZDog9Pg
-e5Fi/hbCrdinbxBrMgIxQ7wqXw2sw6iOWu4FU8Ih/CuF4xaQy2YP7MEk4Ff0LCY0
-KMhFMWU7550r/fz/C2l7fKhREyCQPa/bVE+dfxgZ/gCZ+p7vQ154hCCjpd+5bECv
-SN1bcVIPG6ngQu4vMXa7QRBi/Od40jSVGVJXYY6kXvrYatad7035w2GGGGkvMsQm
-y53yh4tqQfH7ulHqB0J5LebTQRp6nRizWigVCLjNkxJYI+Dj51qvT1zdyWEegKr1
-CthBfYzXlfjeH3xri1f0UABeC12n24Wkacd9af7zs7S3rYntEK444w/3fB0F62Lh
-SESfMLAmUH0dF5plRShrFUXz23nUeS8EYgWmnGkpf/HDzB67vdfAK0tfJEtmmY78
-q06OSgMr+AOOqaomh4Ez2ZQG592bS71G8MrE7r2/AgMBAAGjYzBhMB0GA1UdDgQW
-BBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAfBgNVHSMEGDAWgBRXC+nLI+i/Rz5Qej9F
-fqEYQ50VJzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
-9w0BAQsFAAOCAgEAYd2PxdV+YOaWcmMG1fK7CGwSzDOGsgC7hi4gWPiNsVbz6fwQ
-m5Ac7Zw76dzin8gzOPKST7B8WIoc7ZWrMnyh3G6A3u29Ec8iWahqGa91NPA3bOIl
-0ldXnXfa416+JL/Q5utpiV6W2XDaB53v9GqpMk4rOTS9kCFOiuH5ZU8P69jp9mq6
-7pI/+hWFr+21ibmXH6ANxRLd/5+AqojRUYowAu2997Z+xmbpwx/2Svciq3LNY/Vz
-s9DudUHCBHj/DPgNxsEUt8QNohjQkRbFTY0a1aXodJ/pm0Ehk2kf9KwYYYduR7ak
-6UmPIPrZg6FePNahxwMZ0RtgX7EXmpiiIH1q9BsulddWkrFQclevsWO3ONQVrDs2
-gwY0HQuCRCJ+xgS2cyGiGohW5MkIsg1aI0i0j5GIUSppCIYgirAGCairARbCjhcx
-pbMe8RTuBhCqO3R2wZ0wXu7P7/ArI/Ltm1dU6IeHUAUmeneVj5ie0SdA19mHTS2o
-lG77N0jy6eq2zyEwJE6tuS/tyP1xrxdzXCYY7f6X9aNfsuPVQTcnrFajvDv8R6uD
-YnRStVCdS6fZEP0JzsLrqp9bgLIRRsiqsVVBCgJdK1I/X59qk2EyCLXWSgk8T9XZ
-iux8LlPpskt30YYt1KhlWB9zVz7k0uYAwits5foU6RfCRDPAyOa1q/QOXk0=
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/proxy.cert.pem b/pulsar-broker/src/test/resources/authentication/tls-http/proxy.cert.pem
deleted file mode 100644
index 6c2f4295c9d..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/proxy.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZTCCAk2gAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyNTEzNTYwNFoYDzIyOTIwNDA5MTM1NjA0WjAQMQ4wDAYDVQQD
-DAVwcm94eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMieX78Yj8OW
-eBHAneRaCCoO8Qrpj8zGo7h9lCdmi1lBDh1uR2sDbotiHGfJzQn836WcYmyeAvfn
-qvgr9HCXmXdLgmJ3GT/LVu5GEm6msSDiZQPr9so5lQVioisK4UwJROQsE/J52cyR
-9o3H6M4FKb6QpoobKa62fSfTumwwulaYaDJuRRGoGIkcRuUQ59EWAaDkD3IcDpAn
-9mTbnE4Iz+JxSrsZ5DJ3X/m/AqyLWtj6GAfyK9a1dhNdlf2x4JZT1QNtojiBXt95
-OIZyRBNbHMFniq5gel6wdBkmJWutfcTct7wKa2LCxLpKoDIc1HWoL3+RUzOKxYIP
-0qXEQ3bmONkCAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
-oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBSgsgfmDbXEkrrpHUC9GnDDjxaKizAfBgNVHSMEGDAW
-gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQB+uZ2OWR+G
-sRqYHEeVqUI8G2p8Np8eC/onGpBL8Gj9SGxIQcIPtqHPUlCe9fd/96JOptOGRYEB
-BmUCaCmQ4IgMW6e6fArka5IB4XXIgHFXyQ6ImTvjDavzlVw06zn9S4dLwVzsRBg+
-GS9svtq23W+f5rEN5N+7LhtcbclfiG4VCCqDG5VhkzEok+SRamDI8rDRZtodMw0O
-/+L+xaaQPUPjX8KUlKn4uVpCDbxUzHonlCPzbkHHm5su0D4ysjJIy3/y3yow6JE/
-02L7PZkmkmw3/V+84T3X8/GD15sVUv/3v1gXEBxYwAs+RNTJ0APvMEMSvCq0AMfF
-bPMZBuAGNBG7lv7TovzHgGFKXT7du5OFF/qjAsEffhbo224CB96fgwvvndwHHBFh
-J06BvHZG1i9dDVhUKoB1owkWrE4RZv2ZKEtZYgizzSmzZRHtARo0t1Byc5djx1tX
-TkJOHshNqJZOY1ER0DPaVQgKI+PRTbEdj/xPGRX3ebSqDmilAfPXshqgElfch6Yl
-f2V58TyCnjXOibvkG9D5OyCdWLEECumOZgYar0KZgNfrvTOi1OKXnX1fsbh29fWA
-ICZRcdmjkz79zQXY2SuzCWlskuXPKAmW1AMqs+l6ormmKfzIUx3Yriy4LqIIYY1v
-uQD5vghZmd9HUg2KaXfSGD9stGCD8KhntA==
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/proxy.key-pk8.pem b/pulsar-broker/src/test/resources/authentication/tls-http/proxy.key-pk8.pem
deleted file mode 100644
index 70e0107f274..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/proxy.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDInl+/GI/DlngR
-wJ3kWggqDvEK6Y/MxqO4fZQnZotZQQ4dbkdrA26LYhxnyc0J/N+lnGJsngL356r4
-K/Rwl5l3S4Jidxk/y1buRhJuprEg4mUD6/bKOZUFYqIrCuFMCUTkLBPyednMkfaN
-x+jOBSm+kKaKGymutn0n07psMLpWmGgybkURqBiJHEblEOfRFgGg5A9yHA6QJ/Zk
-25xOCM/icUq7GeQyd1/5vwKsi1rY+hgH8ivWtXYTXZX9seCWU9UDbaI4gV7feTiG
-ckQTWxzBZ4quYHpesHQZJiVrrX3E3Le8CmtiwsS6SqAyHNR1qC9/kVMzisWCD9Kl
-xEN25jjZAgMBAAECggEAJJyCbKVW1yLGlrbIGbw0cTh41Lz6+SvnBOwl9WrJU2iD
-4usVLXpa2iT1ehthx8jWJ6r6a0gK0qL8mH2tBj8kSpkFGmMRwIqjOqifBIJ3IMEw
-Hh8Z0p3fjDQL1D8QDohCgkFpAn8qOCMLE6S/35khnR1Yxytd1/yFqpcBFm1uFA85
-dYisjPqWm/IZIU5rH0zgKAIhtvl9abnoi93443EHsKpRAW1gwRXx9Aak7TV768bZ
-tELBsaTnXnNzamDiaimmxEOlqR9O0W8JE/31KFL26JcVmsTRG7sMpoUxCEMjOuGZ
-J30bXFZUW6NrDpFsQ7uTqD6TNn2971N8KFCLnC/JYQKBgQDo82axC7L7n7BYTu18
-dupeT7n5dTBD/I3l0KtT05xiZA8GZr2i+pt+/aWzCzK4/Ee4jb4/o8CRQRB5v5mo
-c9lc+BaoAIQiwiw+aufT+UojrcijrOMEL5Zk3zdZ2rcEoAsVvqtejNnwLCGI9Rnl
-gp7n9oRhwDIv9Fu09snUougE3wKBgQDceAGKUB8pGd3eEya/0jU9J60LsKbcJSsN
-4v1S5LiPtHOyhr0g4x/LibMP2PJhG3tJ1bgpaGmn9du2D20M6ukRhIYyn/7G+N+A
-oqryyvO1MMYnhc4IEQvWrzDnBM0hV2bdjp4s/1ASVHVRwk8+orqxysIJ1D75nnRX
-Tyfl6HgBRwKBgQCfVlWIhiMPv6OkU6BXgRNAHTJs8f5okmgQqNF3jgequRwZ2c6e
-muIfU6myNNel9lGsZ6+Y4g4GjMWTMT4OHeewkrUUhv3atIwEyaT2tc5DZ0wUwF2r
-cE1jg9bdbB/BVyMd5YRcMOWlRNpPTq8+8EB3E4RrREZPzMmplyBohGFFawKBgGjc
-P0dM8nU3E1rj2wNTdPUAYQL1Y3fDyeWR+BEsLkhTeNAJ2/y/akkB1oQMGMRtMMee
-ejhfrBkyC+1dCu4g8PffA4EirihvCMcDF7HhK+cbKrRzpNobWXkj3GuU0ggwrQFm
-Kv+V87y0JRTdCZnuBkQ3/vBz3fwWDJnWUVC9sA5TAoGBAN4t2gJCZax5yInUgyWi
-Tgumb2qVWsGBBLMTKIsrkK/KphzgAhHcVhDCybA79TmIM2FfIlpf6TE7Mv4NI055
-ZJzHX+GMT5Czy2Ku9MJD3PLTFN5MjYb6g92fKViLDMI6fwzTHB8xPJ7Ob9bV2srS
-ZlmKNXTkZFk3/orK4WdCZufz
------END PRIVATE KEY-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/superproxy.cert.pem b/pulsar-broker/src/test/resources/authentication/tls-http/superproxy.cert.pem
deleted file mode 100644
index 9656e2c8ba0..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/superproxy.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEajCCAlKgAwIBAgICEAQwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyNjEzMjUxN1oYDzIyOTIwNDEwMTMyNTE3WjAVMRMwEQYDVQQD
-DApzdXBlcnByb3h5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43Sn
-ys/h3wxJ/IBEzbJdQAKCxU4of5KgTDzFoOaS8C63Nwbjgy0qcWYdRDceP4lJIKSA
-1+JZ+R1opyrfVIC2D9oDJFIJTFfXy9G9VYDccwAONPgAamvRzBnYcEu8fqM+Ohle
-kZltKktAHnX3WtG3RyxEL5nYzlMlGwUXJu3Rxc9SlkYSxERzjWHikGqGmXLX2qB0
-k6oyxTrK+4+EHk3khbEIqyQZSOFbD7NMfnRy0CWFv/9T1shgjAIBCake6jY7lwaT
-S7JvbLfG6ABf5xHMxoWLXa2qwb+Ar43Ff9g8kKZwFOxMeGcwkzyJPBbWytFxaWn+
-R2RHhTaVCGc22CjdfQIDAQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEB
-BAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQg
-Q2VydGlmaWNhdGUwHQYDVR0OBBYEFHEgLhfH0Z1QlLxeQbG7YZyBlz1MMB8GA1Ud
-IwQYMBaAFFcL6csj6L9HPlB6P0V+oRhDnRUnMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBAK9q
-3YnEa99Cq3Vo3g6PE/A/xOE97seVNuavqyBcVv9PrTydb5XG4jPkYU3xOYXIc8rA
-A4gzd+AsGO9rjGMPGGjQJI3JO/3BCeBJMkn50C/rM1yWVMHnVyFcJlg16xaWtj1e
-2Jk8egJW2gSYyF+N2TdzI7tOb002GNr36posnqO+IOoLapyHFBxxUjsPDRoo8fJn
-myWsV1Y9oRUZyJlfIAJsu85ew7gDBY2jaiEiopzour3uU3C0N7gYni2OmVwfr6J8
-R2/Jp43BSD5sYOW9RAJIEEXef+InYtz9HTJvKu2LsWwIBkaztk29tJcDE+1La6Sw
-0dF0YkUwnXoGQFjiV+8pXX3TF5glXKj1rU8WfNazF6lqslB6DmdgR3/FQ6Z2sE86
-d9hVtayZIGlzU0rWmBBtr++7Wo88nmzAtd/xbZMFG8U//+Q2AvJT2oVGtqM48+al
-rnsN/gYrLDr7RC14bHIuO1v6ZL/rAi7SPKrKYAyQVTAcRuW516SxxR6S1Xa1ITnh
-rwgKg13eQuwu3iigguIS9XL6nAXabBIxBxMl6o2YlyIPekKYIcQmpqhkavJ6VOgX
-iq9VdY6fIJVfmxNZuwM3/28k7UeUAfhI2SSVH4ZURbPiGGH2wukc1QkmtZ2cNa35
-C1y79aqJbIa3ErqLFPj/fM+34x8L7QHPq6RfaODa
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/superproxy.key-pk8.pem b/pulsar-broker/src/test/resources/authentication/tls-http/superproxy.key-pk8.pem
deleted file mode 100644
index 2e4140b8fb3..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/superproxy.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDjdKfKz+HfDEn8
-gETNsl1AAoLFTih/kqBMPMWg5pLwLrc3BuODLSpxZh1ENx4/iUkgpIDX4ln5HWin
-Kt9UgLYP2gMkUglMV9fL0b1VgNxzAA40+ABqa9HMGdhwS7x+oz46GV6RmW0qS0Ae
-dfda0bdHLEQvmdjOUyUbBRcm7dHFz1KWRhLERHONYeKQaoaZctfaoHSTqjLFOsr7
-j4QeTeSFsQirJBlI4VsPs0x+dHLQJYW//1PWyGCMAgEJqR7qNjuXBpNLsm9st8bo
-AF/nEczGhYtdrarBv4CvjcV/2DyQpnAU7Ex4ZzCTPIk8FtbK0XFpaf5HZEeFNpUI
-ZzbYKN19AgMBAAECggEBAM1JAwuD1drmj3wKFI8F1S2pVndXFCwXnP9RthiDIckO
-kKNkX0CMKgtQ20cu6+jyMgL5FaRCkWvJxCNkCU6OIENsQ3urYuL5QTWeZeBevhg4
-y5m43z8tcptgFD09zbEKCmaLcRO9wo3yfrs/QvE/58efxyajFs8YsZuSW5Px/msl
-AFN8qGY0q0lQbQPK8cPYT4OnW9isqEjkvHq1Q+ryv4cxsGWtBZYmJVeLVHzClihi
-lODdN6YsDcu9jLwsA8o2WSBRsbLHK6caW4FdEwgOLckc0EGGEU64VEB9ZOwgcwYQ
-M9mZDs2w7qk63YnDH4KmpoP0Oc8N+bG7Pkifd7f8HqECgYEA8esMQya6Qln4O7Qo
-aI8X9t5gCpq+bh/P+7vYdBR/9St5VtE/P0yuaQdT2e5t+Ei4ujqHvJ0GTPmqYIJf
-2DNvJMu8EnXv+nqKQCsyMc/nqQN1CcRGqZssH1V/ZIQLRUA0cN4hzE0eHITwp6U9
-vD/WaE3mKX/XHthIjc8hnuoajOkCgYEA8LIYMgyD3wClWOKe5TkBumI0KvA9tP90
-IFHu1wLNl0tKBpsXkzzxiav1FMX3K7B29vxukrs946KRESHzRg4c5ULPnMmwcQyx
-AortKJWrGVsna/QDWPRutXSN1XmnjKWsHmTpQQqLfaRvLW+Hd34+EVdVh9sVt/y9
-RucnBvxcX3UCgYBebm/U7pMaP2BkfcigN+sU1G0M9qaK+iQHkaXGehIQs62js/5K
-STZzjQawNR/8IPbqytodR/YjqflVvs6G6FzkMhrx4dORJLA+qB3pz8wP72eKLnGe
-1xF8EbWumNSFbbCKtkrfIuM0IriF2Dym9QxOnsnPPTXNtoNrx4TKMXu3sQKBgBq9
-noSI8WmoF7adTsvmnnOHj4YptKFUNCGXGLLYg+DII4xCVMct4SPLb+oD6Gb5Lu5X
-sy0oEkMk/3roy68/yCQMXSZtHeYhY9UFfD2jCyRBBUswC+MpHNeaAFv0LRIqIcoq
-qeNo+YBW8WcZ2fIDm3+vtTfntiz/rkOfUK2tAdI1AoGAL2LVDF5e1meSRocEoy8e
-gqrshrhg+KBqYmcjtd4Iup4WvR6uyH4qE9yFLLHFZ04pZzXLHcPfqgOSP8qTxgH3
-h0uqtcYmejS/yl6PbC9OPXcSkMgntRkTbU9Ug05ijfN9NRnW+8WXvi8Z6DKed1P1
-9PxwA75P9o0h00mMk8PQitQ=
------END PRIVATE KEY-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/user1.cert.pem b/pulsar-broker/src/test/resources/authentication/tls-http/user1.cert.pem
deleted file mode 100644
index 072f2867fe6..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/user1.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZTCCAk2gAwIBAgICEAUwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyNzA4NDAyNVoYDzIyOTIwNDExMDg0MDI1WjAQMQ4wDAYDVQQD
-DAV1c2VyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5iqgr4PUUZ
-AW9MDGP5cBaSJALSPV63m6M/IoovrMWJ9CGtcQfZTUHwDorIlXgQ6H/KufmsHW0Y
-OQbChLSTDB14D0jSMtyv6+ibSoE1ZEl2SbB1miLd0P5AS9YmzzEW2+bx0zJORLYD
-PzJ1Nh3/kQlRs04IECki291WZiVRzX2JRoL7kMtOAoKJqQfsT14Oi9EAw39VhLeB
-uc/Mx6Jsutq/YdXakoZtQbfZka2MMfLXgMDLIPDqbU+09q7au2dq8RjGzrWnxnOX
-o/XQssrIbwzJJYASBsgAAtnAw7bPzCX6+cL6PZVRyiEZov0HKXyRyvrbQ5hyEMuS
-3dHqoKt0fKMCAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
-oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBQ7NSD6lx6Vq38cEoD5l7FHs1Ej8DAfBgNVHSMEGDAW
-gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQC+cU7ctY7o
-eTW+oHTq9EGJUMwW1fOww4QDrHtgZT4OYkO88zxQV2Cr050p8eaV5dHXZBf9/bRV
-7hPNV5+HpQhb9TZ9xK2WRZ2QV7a/UDyUnksVKGSK9tNZMZPueOEB19e4bIBcgnQa
-5i9sgZr93na7pFOY7lBQy6gfaOcnejYHmvVqIGaZBVH8rkEsGhhkJxy7qkpFNKgf
-PGiIRo9L0WYqDCSiaICeCiteJwIfjsUFJKF0YnpXZq1kFfQscnleg60MWZAXvacp
-tAciE51Ow60cqQWER66iwqnBSPD4l91SxAaGQAmalgCioGsYSbojXcOvRidhYJ2T
-3YwCpqlC0qC9D2ZmNoukb1a0Pi03MuSJwD/8v9eqwEW9dFAzdnWDzTZMN9CfdjVh
-2qiO5o5Si/X1Dmjdk2F/EM62YJQBAlkZBetFJ0o2QPGTSD+zrpfITIW8Pu+/5zcC
-MZdzyUf0p1GO2Kn7wmqPQjz59zABagmxCNks8HeqPnzmWuADMaggb0nOmrBACE2x
-b9XR6/xaXpwTRf0h5N3evivzUHo6XVw8A3gVUNoBm9Of3PlAsjM4I4SWFb6nrwYv
-RnI04c+R95Su1fMc2wky0PmW+iWRTaEN/cUdX1SF6jo1nRLELGcbMSGUI6UI8kff
-crvCz7uLu7Lr5/CKnEm2bSCZ4eIQpOs4nQ==
------END CERTIFICATE-----
diff --git a/pulsar-broker/src/test/resources/authentication/tls-http/user1.key-pk8.pem b/pulsar-broker/src/test/resources/authentication/tls-http/user1.key-pk8.pem
deleted file mode 100644
index eec5c94c066..00000000000
--- a/pulsar-broker/src/test/resources/authentication/tls-http/user1.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDOYqoK+D1FGQFv
-TAxj+XAWkiQC0j1et5ujPyKKL6zFifQhrXEH2U1B8A6KyJV4EOh/yrn5rB1tGDkG
-woS0kwwdeA9I0jLcr+vom0qBNWRJdkmwdZoi3dD+QEvWJs8xFtvm8dMyTkS2Az8y
-dTYd/5EJUbNOCBApItvdVmYlUc19iUaC+5DLTgKCiakH7E9eDovRAMN/VYS3gbnP
-zMeibLrav2HV2pKGbUG32ZGtjDHy14DAyyDw6m1PtPau2rtnavEYxs61p8Zzl6P1
-0LLKyG8MySWAEgbIAALZwMO2z8wl+vnC+j2VUcohGaL9Byl8kcr620OYchDLkt3R
-6qCrdHyjAgMBAAECggEBAK8J8QvytAxJg/T/+7ZC1PTfp1kZNGGDuaV/o2ytuIul
-T//MGQQ+IY8d6Ud9jX9SX84agxalCiP/mkYIbgK0gF7x94yccfTH433ZTxw8yzye
-7SqS41JU7K7mmysaqTkKGSFK0gNlbFMud8f0rxxMJ5dOypMQtZwd63lSkLlwIqcn
-YhKcAdXM4WGv07MFdwAXvrK2trhBBkCA08ZzyVy4lWE+cVfEkwH6O8EdGchl7g4U
-LqIkYzufQWKdH9frt6N3qEV/qs0s1qipVzV07GaPpEdK/G5exJ7NjZaXJkHOuMbt
-7ae1zJBexW41/++fjzsWSYljvSEphjqwrGYrr+tMGNECgYEA+Sg1sHcYO4Bg16qG
-c8XM9g8DFL396X4MnMh+AFrDV8dbdz39x9fFtpKEfqaAZrG6I8fW3RkMLsJvJ4GI
-KDJNz2ezEMbNKlXE9UzvAsrdvWNWDGJvrDu0CbJg2wtBeVEBIUYetSdNHoEwY7ZJ
-QHnwbxYYrUFIJ34rI0SQ17/Z4vsCgYEA1A27jYTWr86JmvjQDUiJcJsbhpa/6OzZ
-n3KTu0n0oCvl7uvvjUfhlzmcq7kyY0oO1C5TQHLiqBaI5hXw+iYwnESLIn7BwhMX
-dcxglvXx95h1NqHYX9GnURl2QtrjmuY5yx+itfmZCRkRPO3c5e9uZyf01CeE4uwl
-hDNh0RrSXHkCgYBvlQhmXQ+nJhk4vI+2LXFbCOISWfvqo562YDu9oOg22Xsm7cZH
-x2QuHXPk3GBInXOFLqwVHHCOSFlLUgFOLykVp5VUABRFz1+Dk86+a2fetywEI9lr
-QtmgNhiWQHY0BIkDA8ogytcIwEaRgUNQ8sswlK68eK39sc1T4BMV7D+CHQKBgG3g
-+8lWBwSsKgOCYBQx/P27caTo4mJosE99yG0o4jhI5ulJmiSEFbINqVAWM7TdQBfU
-NVFU9nuQybknr2l/dnrSzaG/Otk8mVBx6a7vnETm2/3GGV91PJS6c9wqnfu6xkGp
-j99piVH8ikEfI/KFgZi0TJnOLH6FTN9W3J3EnzJJAoGAE4ZLLi+2RP4ZYXI11CJC
-BSM1AEpqemgTUSidZyTiJJMGGrC7tyEba+4TIqeGgvD74p57XFbN7LOJWmnAiK8b
-BLhQqPgOCXqrna00GnNKKx7AzgYHqlq03tGlX858aH18rkSRVk3UhkTkGTSr3iQn
-aJeN/0HbpGr67bimf4bqlCY=
------END PRIVATE KEY-----
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java
index de168284ab4..af70276aed9 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/AuthedAdminProxyHandlerTest.java
@@ -55,10 +55,6 @@ public class AuthedAdminProxyHandlerTest extends MockedPulsarServiceBaseTest {
private BrokerDiscoveryProvider discoveryProvider;
private PulsarResources resource;
- static String getTlsFile(String name) {
- return String.format("./src/test/resources/authentication/tls-admin-proxy/%s.pem", name);
- }
-
@BeforeMethod
@Override
protected void setup() throws Exception {
@@ -67,9 +63,9 @@ public class AuthedAdminProxyHandlerTest extends MockedPulsarServiceBaseTest {
conf.setAuthorizationEnabled(true);
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsTrustCertsFilePath(getTlsFile("ca.cert"));
- conf.setTlsCertificateFilePath(getTlsFile("broker.cert"));
- conf.setTlsKeyFilePath(getTlsFile("broker.key-pk8"));
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(false);
conf.setSuperUserRoles(ImmutableSet.of("admin"));
conf.setProxyRoles(ImmutableSet.of("proxy"));
@@ -91,15 +87,15 @@ public class AuthedAdminProxyHandlerTest extends MockedPulsarServiceBaseTest {
proxyConfig.setHttpMaxRequestHeaderSize(20000);
// enable tls and auth&auth at proxy
- proxyConfig.setTlsCertificateFilePath(getTlsFile("broker.cert"));
- proxyConfig.setTlsKeyFilePath(getTlsFile("broker.key-pk8"));
- proxyConfig.setTlsTrustCertsFilePath(getTlsFile("ca.cert"));
+ proxyConfig.setTlsCertificateFilePath(PROXY_CERT_FILE_PATH);
+ proxyConfig.setTlsKeyFilePath(PROXY_KEY_FILE_PATH);
+ proxyConfig.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
String.format("tlsCertFile:%s,tlsKeyFile:%s",
- getTlsFile("proxy.cert"), getTlsFile("proxy.key-pk8")));
- proxyConfig.setBrokerClientTrustCertsFilePath(getTlsFile("ca.cert"));
+ getTlsFileForClient("proxy.cert"), getTlsFileForClient("proxy.key-pk8")));
+ proxyConfig.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
proxyConfig.setAuthenticationProviders(ImmutableSet.of(AuthenticationProviderTls.class.getName()));
resource = new PulsarResources(new ZKMetadataStore(mockZooKeeper),
@@ -128,22 +124,22 @@ public class AuthedAdminProxyHandlerTest extends MockedPulsarServiceBaseTest {
PulsarAdmin getDirectToBrokerAdminClient(String user) throws Exception {
return PulsarAdmin.builder()
.serviceHttpUrl(brokerUrlTls.toString())
- .tlsTrustCertsFilePath(getTlsFile("ca.cert"))
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.allowTlsInsecureConnection(false)
.authentication(AuthenticationTls.class.getName(),
- ImmutableMap.of("tlsCertFile", getTlsFile(user + ".cert"),
- "tlsKeyFile", getTlsFile(user + ".key-pk8")))
+ ImmutableMap.of("tlsCertFile", getTlsFileForClient(user + ".cert"),
+ "tlsKeyFile", getTlsFileForClient(user + ".key-pk8")))
.build();
}
PulsarAdmin getAdminClient(String user) throws Exception {
return PulsarAdmin.builder()
.serviceHttpUrl("https://localhost:" + webServer.getListenPortHTTPS().get())
- .tlsTrustCertsFilePath(getTlsFile("ca.cert"))
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.allowTlsInsecureConnection(false)
.authentication(AuthenticationTls.class.getName(),
- ImmutableMap.of("tlsCertFile", getTlsFile(user + ".cert"),
- "tlsKeyFile", getTlsFile(user + ".key-pk8")))
+ ImmutableMap.of("tlsCertFile", getTlsFileForClient(user + ".cert"),
+ "tlsKeyFile", getTlsFileForClient(user + ".key-pk8")))
.build();
}
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java
index 5b7cb88f982..d3291c8fb91 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/SuperUserAuthedAdminProxyHandlerTest.java
@@ -51,10 +51,6 @@ public class SuperUserAuthedAdminProxyHandlerTest extends MockedPulsarServiceBas
private BrokerDiscoveryProvider discoveryProvider;
private PulsarResources resource;
- static String getTlsFile(String name) {
- return String.format("./src/test/resources/authentication/tls-admin-proxy/%s.pem", name);
- }
-
@BeforeMethod
@Override
protected void setup() throws Exception {
@@ -64,9 +60,9 @@ public class SuperUserAuthedAdminProxyHandlerTest extends MockedPulsarServiceBas
conf.setBrokerServicePortTls(Optional.of(0));
conf.setWebServicePortTls(Optional.of(0));
- conf.setTlsTrustCertsFilePath(getTlsFile("ca.cert"));
- conf.setTlsCertificateFilePath(getTlsFile("broker.cert"));
- conf.setTlsKeyFilePath(getTlsFile("broker.key-pk8"));
+ conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
+ conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsAllowInsecureConnection(false);
conf.setSuperUserRoles(ImmutableSet.of("admin", "superproxy"));
conf.setProxyRoles(ImmutableSet.of("superproxy"));
@@ -86,15 +82,15 @@ public class SuperUserAuthedAdminProxyHandlerTest extends MockedPulsarServiceBas
proxyConfig.setTlsEnabledWithBroker(true);
// enable tls and auth&auth at proxy
- proxyConfig.setTlsCertificateFilePath(getTlsFile("broker.cert"));
- proxyConfig.setTlsKeyFilePath(getTlsFile("broker.key-pk8"));
- proxyConfig.setTlsTrustCertsFilePath(getTlsFile("ca.cert"));
+ proxyConfig.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
+ proxyConfig.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
+ proxyConfig.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName());
proxyConfig.setBrokerClientAuthenticationParameters(
String.format("tlsCertFile:%s,tlsKeyFile:%s",
- getTlsFile("superproxy.cert"), getTlsFile("superproxy.key-pk8")));
- proxyConfig.setBrokerClientTrustCertsFilePath(getTlsFile("ca.cert"));
+ getTlsFileForClient("superproxy.cert"), getTlsFileForClient("superproxy.key-pk8")));
+ proxyConfig.setBrokerClientTrustCertsFilePath(CA_CERT_FILE_PATH);
proxyConfig.setAuthenticationProviders(ImmutableSet.of(AuthenticationProviderTls.class.getName()));
resource = new PulsarResources(new ZKMetadataStore(mockZooKeeper),
@@ -123,11 +119,11 @@ public class SuperUserAuthedAdminProxyHandlerTest extends MockedPulsarServiceBas
PulsarAdmin getAdminClient(String user) throws Exception {
return PulsarAdmin.builder()
.serviceHttpUrl("https://localhost:" + webServer.getListenPortHTTPS().get())
- .tlsTrustCertsFilePath(getTlsFile("ca.cert"))
+ .tlsTrustCertsFilePath(CA_CERT_FILE_PATH)
.allowTlsInsecureConnection(false)
.authentication(AuthenticationTls.class.getName(),
- ImmutableMap.of("tlsCertFile", getTlsFile(user + ".cert"),
- "tlsKeyFile", getTlsFile(user + ".key-pk8")))
+ ImmutableMap.of("tlsCertFile", getTlsFileForClient(user + ".cert"),
+ "tlsKeyFile", getTlsFileForClient(user + ".key-pk8")))
.build();
}
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.cert.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.cert.pem
deleted file mode 100644
index 0665edbdc12..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZTCCAk2gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyMjA4NTcwNloYDzIyOTIwNDA2MDg1NzA2WjAQMQ4wDAYDVQQD
-DAVhZG1pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJw3Jfbn0xkW
-36kqQjES6Hn+YTZ2jXS5Co2MzsGBsIY0qJ2BbWHSSaMrja4IERUaCQp16SWxPmZ0
-srMm6ErDoap+O70CWXLT3ybYMV5aVwv3ca4uxsedzaw9MpFXfUDsJJ3yre1JpO+t
-A/QzJEGq1d6NN49InUP5kB1Rpay3vaxx8hduzqTO+E/Lptv92p6GjOpXi2icSjiA
-pgaan2ldGGKEKv2Sc2bfdIDkTq1yDyNmuPET0yD2dci106EW/mPyj81umPKG/o4K
-5W18yG/IhXw5W1zlgO1fWCuqva8NCBdu7s1c7hUX8DBx7km4/I7dllz/nYHIfCEQ
-Dmj38oQjYk8CAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
-oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBQTMzAAOJ9gXvQSS7Be3+qmrb1kVDAfBgNVHSMEGDAW
-gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQAwy8f6hsG0
-85e3SOIztbUnaVxS7wzDeDzR3vCjpXpm4vTToYzN9zx3JHKSdJrB12emVxItwW/7
-bXqBk0n2EdQjRHCuebnY05eFMNGagMEEMVmSLOproQD7VsyALNxCss1JAyRikh70
-W7wgOVeAhqE53UqqrkzTE7Q+8Bag9t3FytHxApY17XglbWkiVcFpQwSURe9Emi3E
-aCJCryGJXrBNuCFXGzetSygDEy27+2FeH8S2XsMwUEGLqDDehzvMenVz1xjXtq+s
-KPkofAde52NHd4lLkSeBMSFnKe3V7Xxax2OEUsoQRF3bkbpcJSWsKS9ZAA2yrtuy
-Nz/aA1F42LuSFPAYQr1kcZ8eSS918RWz+BiJYU2JuUOPd1XUmJXVvZ4CJurWaC7+
-ZD51YdD8E245xd55fsA6/qLx3eE/Kp0dVq+Hxuz6b4yLET0zkGunOe4A3hnRgkOA
-XolXCL+VthhWtFGXn8CjpxDnzjahq69Io+dINehqd5aJEgvnHZIK2s7FTqqBBodU
-HhyAE94f64z7ziuRhEG54bmBF+MoGyPf6dVn1Mp3+o+YeQ5q6XlKgh+u8jMgmqRO
-ikdsVdMqopt/FXh9eFzvQrwOZFLK6JE/edUgb6xvS1jMF5zi2lIlIkq1RBQOr4HT
-XDwX4vRtfpDxpsetGVpeq9O07fbMvp+mkw==
------END CERTIFICATE-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.key-pk8.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.key-pk8.pem
deleted file mode 100644
index 6aaa22c44d7..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/admin.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCcNyX259MZFt+p
-KkIxEuh5/mE2do10uQqNjM7BgbCGNKidgW1h0kmjK42uCBEVGgkKdeklsT5mdLKz
-JuhKw6Gqfju9Ally098m2DFeWlcL93GuLsbHnc2sPTKRV31A7CSd8q3tSaTvrQP0
-MyRBqtXejTePSJ1D+ZAdUaWst72scfIXbs6kzvhPy6bb/dqehozqV4tonEo4gKYG
-mp9pXRhihCr9knNm33SA5E6tcg8jZrjxE9Mg9nXItdOhFv5j8o/Nbpjyhv6OCuVt
-fMhvyIV8OVtc5YDtX1grqr2vDQgXbu7NXO4VF/Awce5JuPyO3ZZc/52ByHwhEA5o
-9/KEI2JPAgMBAAECggEAP+Ipq2Q4puz8wGBgu1LhMWp+9Nfcl1xI3YQ01VulBe0o
-+2h/g96McKcSBJaV7cw84ENB+kEWpK2amrsRiemhBmkjIvOAAv50Jp2I6u4E5Qbn
-PXUxo1Z8UrCgKmHd/hvUCafByuUwBzf5AvebHyOu3JlhnD302mSHtAW8u/pUHd3D
-sxJaw1zwQvmlD5ryM2IVYSji7NYCXF0H6V7HfyohTCrQFEWEAdqEDcFR1BUwbPCE
-raq7sAiEy+cBUnfV3IOEAffOZy0vSR90/WwERcwrzCdZmpWpTqtbcqtdBPqsSQzX
-shDvXd0e43+FSJzCtQsSQ8WzIrp3rgKJUDA1pJQW4QKBgQDJdTcB6qZz8r+4q9gc
-q1KAJyMy01Vio1yaqYzXr0C9Z5FW1GhL+4fwer2y9JyD45sb/lP4reFj9S193BNR
-C8cdxM5GrWEpzaQ0Dt1s8P1UbU8G6r4NqwI6ORF3CxXZKfXivQcgqBurJGrBdjIC
-NwqAzSkX5flBbhfTlJuUH87k3wKBgQDGgjzdIWXab7FZfdUzzrtEwNooBiSEFixm
-UAwP5sxL8VkM9wzAKPEVDDQBBoKIga9OESif4S9UUo4tu65AYfxF9Om26K4QrVj8
-HT/U+lfT7xFmPd/GINIbeTSmW0w7Ehpj8SbcQI4Sb2lVE562FlHh7QbHZd0/X/2J
-nbgT9MRAkQKBgQCVPAN3o/+SPOzRPFtnQXJoBJYKfIrv+twKpjbzP5vRsvrzO33X
-a4kUF5iXDKU0/lJUtl42BXjFt0Xvyit1CiiCYNv9d0pW0UMmXSyiGxNOi3rTQOlw
-7pFD2Cqb6NZSfMbtI+I3ytBUQzHiBlCdW3CoYVJjpbSzR37W+WsWm0mEOQKBgQCq
-ANObFYUjA1DBMZCrY7rhcL/kUw5myI6RuK/71k7UIwd+oP0cfHOq8N6AmlCkE1xM
-4UkHU1SzRFhbNkZPARuJ1etqJ+8afTqd/3axMQyShkVCaG8CQQ1vVegPKFUqqaBM
-QzRioC6L/zoYEEt16buKXvHVRpmqMszxVE9XV+HS4QKBgDvs5qloOowS5kcWInrj
-yecu5MJvFf2IZpMw7EiKV8VUPeKaiUlqgFj9d9cotUIMauXgBq6f5NBRg7Ike60t
-/JJrPtqXY+gdFLjxcKMUVYhomFlQYYg/RJZUBrtkyKBP68abopCYmb59r3ixeNNf
-qA1F36mmFtzdjSdtH/dTTecN
------END PRIVATE KEY-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.cert.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.cert.pem
deleted file mode 100644
index b5c7a5dc709..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.cert.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEkDCCAnigAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyMjA4NTUzMloYDzIyOTIwNDA2MDg1NTMyWjAjMSEwHwYDVQQD
-DBhicm9rZXIucHVsc2FyLmFwYWNoZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDQouKhZah4hMCqmg4aS5RhQG/Y1gA+yP9DGF9mlw35tfhfWs63
-EvNjEK4L/ZWSEV45L/wc6YV14RmM6bJ0V/0vXo4xmISbqptND/2kRIspkLZQ5F0O
-OQXVicqZLOc6igZQhRg8ANDYdTJUTF65DqauX4OJt3YMhF2FSt7jQtlj06IQBa01
-+ARO9OotMJtBY+vIU5bV6JydfgkhQH9rIDI7AMeY5j02gGkJJrelfm+WoOsUez+X
-aqTN3/tF8+MBcFB3G04s1qc2CJPJM3YGxvxEtHqTGI14t9J8p5O7X9JHpcY8X00s
-bxa4FGbKgfDobbkJ+GgblWCkAcLN95sKTqtHAgMBAAGjgd0wgdowCQYDVR0TBAIw
-ADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2Vu
-ZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUaxFvJrkEGqk8azTA
-DyVyTyTbJAIwQQYDVR0jBDowOIAUVwvpyyPov0c+UHo/RX6hGEOdFSehFaQTMBEx
-DzANBgNVBAMMBmZvb2JhcoIJANfih0+geeIMMA4GA1UdDwEB/wQEAwIFoDATBgNV
-HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOCAgEA35QDGclHzQtHs3yQ
-ZzNOSKisg5srTiIoQgRzfHrXfkthNFCnBzhKjBxqk3EIasVtvyGuk0ThneC1ai3y
-ZK3BivnMZfm1SfyvieFoqWetsxohWfcpOSVkpvO37P6v/NmmaTIGkBN3gxKCx0QN
-zqApLQyNTM++X3wxetYH/afAGUrRmBGWZuJheQpB9yZ+FB6BRp8YuYIYBzANJyW9
-spvXW03TpqX2AIoRBoGMLzK72vbhAbLWiCIfEYREhbZVRkP+yvD338cWrILlOEur
-x/n8L/FTmbf7mXzHg4xaQ3zg/5+0OCPMDPUBE4xWDBAbZ82hgOcTqfVjwoPgo2V0
-fbbx6redq44J3Vn5d9Xhi59fkpqEjHpX4xebr5iMikZsNTJMeLh0h3uf7DstuO9d
-mfnF5j+yDXCKb9XzCsTSvGCN+spmUh6RfSrbkw8/LrRvBUpKVEM0GfKSnaFpOaSS
-efM4UEi72FRjszzHEkdvpiLhYvihINLJmDXszhc3fCi42be/DGmUhuhTZWynOPmp
-0N0V/8/sGT5gh4fGEtGzS/8xEvZwO9uDlccJiG8Pi+aO0/K9urB9nppd/xKWXv3C
-cib/QrW0Qow4TADWC1fnGYCpFzzaZ2esPL2MvzOYXnW4/AbEqmb6Weatluai64ZK
-3N2cGJWRyvpvvmbP2hKCa4eLgEc=
------END CERTIFICATE-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.key-pk8.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.key-pk8.pem
deleted file mode 100644
index 2b51d015b8a..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/broker.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDQouKhZah4hMCq
-mg4aS5RhQG/Y1gA+yP9DGF9mlw35tfhfWs63EvNjEK4L/ZWSEV45L/wc6YV14RmM
-6bJ0V/0vXo4xmISbqptND/2kRIspkLZQ5F0OOQXVicqZLOc6igZQhRg8ANDYdTJU
-TF65DqauX4OJt3YMhF2FSt7jQtlj06IQBa01+ARO9OotMJtBY+vIU5bV6Jydfgkh
-QH9rIDI7AMeY5j02gGkJJrelfm+WoOsUez+XaqTN3/tF8+MBcFB3G04s1qc2CJPJ
-M3YGxvxEtHqTGI14t9J8p5O7X9JHpcY8X00sbxa4FGbKgfDobbkJ+GgblWCkAcLN
-95sKTqtHAgMBAAECggEBALE1eMtfnk3nbAI74bih84D7C0Ug14p8jJv/qqBnsx4j
-WrgbWDMVrJa7Rym2FQHBMMfgIwKnso0iSeJvaPz683j1lk833YKe0VQOPgD1m0IN
-wV1J6mQ3OOZcKDIcerY1IBHqSmBEzR7dxIbnaxlCAX9gb0hdBK6zCwA5TMG5OQ5Y
-3cGOmevK5i2PiejhpruA8h7E48P1ATaGHUZif9YD724oi6AcilQ8H/DlOjZTvlmK
-r4aJ30f72NwGM8Ecet5CE2wyflAGtY0k+nChYkPRfy54u64Z/T9B53AvneFaj8jv
-yFepZgRTs2cWhEl0KQGuBHQ4+IeOfMt2LebhvjWW8YkCgYEA7BXVsnqPHKRDd8wP
-eNkolY4Fjdq4wu9ad+DaFiZcJuv7ugr+Kplltq6e4aU36zEdBYdPp/6KM/HGE/Xj
-bo0CELNUKs/Ny9H/UJc8DDbVEmoF3XGiIbKKq1T8NTXTETFnwrGkBFD8nl7YTsOF
-M4FZmSok0MhhkpEULAqxBS6YpQsCgYEA4jxM1egTVSWjTreg2UdYo2507jKa7maP
-PRtoPsNJzWNbOpfj26l3/8pd6oYKWck6se6RxIUxUrk3ywhNJIIOvWEC7TaOH1c9
-T4NQNcweqBW9+A1x5gyzT14gDaBfl45gs82vI+kcpVv/w2N3HZOQZX3yAUqWpfw2
-yw1uQDXtgDUCgYEAiYPWbBXTkp1j5z3nrT7g0uxc89n5USLWkYlZvxktCEbg4+dP
-UUT06EoipdD1F3wOKZA9p98uZT9pX2sUxOpBz7SFTEKq3xQ9IZZWFc9CoW08aVat
-V++FsnLYTa5CeXtLsy6CGTmLTDx2xrpAtlWb+QmBVFPD8fmrxFOd9STFKS0CgYAt
-6ztVN3OlFqyc75yQPXD6SxMkvdTAisSMDKIOCylRrNb5f5baIP2gR3zkeyxiqPtm
-3htsHfSy67EtXpP50wQW4Dft2eLi7ZweJXMEWFfomfEjBeeWYAGNHHe5DFIauuVZ
-2WexDEGqNpAlIm0s7aSjVPrn1DHbouOkNyenlMqN+QKBgQDVYVhk9widShSnCmUA
-G30moXDgj3eRqCf5T7NEr9GXD1QBD/rQSPh5agnDV7IYLpV7/wkYLI7l9x7mDwu+
-I9mRXkyAmTVEctLTdXQHt0jdJa5SfUaVEDUzQbr0fUjkmythTvqZ809+d3ELPeLI
-5qJ7jxgksHWji4lYfL4r4J6Zaw==
------END PRIVATE KEY-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/ca.cert.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/ca.cert.pem
deleted file mode 100644
index 0446700135d..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/ca.cert.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFCDCCAvCgAwIBAgIJANfih0+geeIMMA0GCSqGSIb3DQEBCwUAMBExDzANBgNV
-BAMMBmZvb2JhcjAeFw0xODA2MjIwODQ2MjFaFw0zODA2MTcwODQ2MjFaMBExDzAN
-BgNVBAMMBmZvb2JhcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOVU
-UpTPeXCeyfUiQS824l9s9krZd4R6TA4D97eQ9EWm2D7ppV4gPApHO8j5f+joo/b6
-Iso4aFlHpJ8VV2a5Ol7rjQw43MJHaBgwDxB1XWgsNdfoI7ebtp/BWg2nM3r8wm+Z
-gKenf9d1/1Ol+6yFUehkLkIXUvldiVegmmje8FnwhcDNE1eTrh66XqSJXEXqgBKu
-NqsoYcVak72OyOO1/N8CESoSdyBkbSiH5vJyo0AUCjn7tULga7fxojmqBZDog9Pg
-e5Fi/hbCrdinbxBrMgIxQ7wqXw2sw6iOWu4FU8Ih/CuF4xaQy2YP7MEk4Ff0LCY0
-KMhFMWU7550r/fz/C2l7fKhREyCQPa/bVE+dfxgZ/gCZ+p7vQ154hCCjpd+5bECv
-SN1bcVIPG6ngQu4vMXa7QRBi/Od40jSVGVJXYY6kXvrYatad7035w2GGGGkvMsQm
-y53yh4tqQfH7ulHqB0J5LebTQRp6nRizWigVCLjNkxJYI+Dj51qvT1zdyWEegKr1
-CthBfYzXlfjeH3xri1f0UABeC12n24Wkacd9af7zs7S3rYntEK444w/3fB0F62Lh
-SESfMLAmUH0dF5plRShrFUXz23nUeS8EYgWmnGkpf/HDzB67vdfAK0tfJEtmmY78
-q06OSgMr+AOOqaomh4Ez2ZQG592bS71G8MrE7r2/AgMBAAGjYzBhMB0GA1UdDgQW
-BBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAfBgNVHSMEGDAWgBRXC+nLI+i/Rz5Qej9F
-fqEYQ50VJzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG
-9w0BAQsFAAOCAgEAYd2PxdV+YOaWcmMG1fK7CGwSzDOGsgC7hi4gWPiNsVbz6fwQ
-m5Ac7Zw76dzin8gzOPKST7B8WIoc7ZWrMnyh3G6A3u29Ec8iWahqGa91NPA3bOIl
-0ldXnXfa416+JL/Q5utpiV6W2XDaB53v9GqpMk4rOTS9kCFOiuH5ZU8P69jp9mq6
-7pI/+hWFr+21ibmXH6ANxRLd/5+AqojRUYowAu2997Z+xmbpwx/2Svciq3LNY/Vz
-s9DudUHCBHj/DPgNxsEUt8QNohjQkRbFTY0a1aXodJ/pm0Ehk2kf9KwYYYduR7ak
-6UmPIPrZg6FePNahxwMZ0RtgX7EXmpiiIH1q9BsulddWkrFQclevsWO3ONQVrDs2
-gwY0HQuCRCJ+xgS2cyGiGohW5MkIsg1aI0i0j5GIUSppCIYgirAGCairARbCjhcx
-pbMe8RTuBhCqO3R2wZ0wXu7P7/ArI/Ltm1dU6IeHUAUmeneVj5ie0SdA19mHTS2o
-lG77N0jy6eq2zyEwJE6tuS/tyP1xrxdzXCYY7f6X9aNfsuPVQTcnrFajvDv8R6uD
-YnRStVCdS6fZEP0JzsLrqp9bgLIRRsiqsVVBCgJdK1I/X59qk2EyCLXWSgk8T9XZ
-iux8LlPpskt30YYt1KhlWB9zVz7k0uYAwits5foU6RfCRDPAyOa1q/QOXk0=
------END CERTIFICATE-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.cert.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.cert.pem
deleted file mode 100644
index 6c2f4295c9d..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZTCCAk2gAwIBAgICEAMwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyNTEzNTYwNFoYDzIyOTIwNDA5MTM1NjA0WjAQMQ4wDAYDVQQD
-DAVwcm94eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMieX78Yj8OW
-eBHAneRaCCoO8Qrpj8zGo7h9lCdmi1lBDh1uR2sDbotiHGfJzQn836WcYmyeAvfn
-qvgr9HCXmXdLgmJ3GT/LVu5GEm6msSDiZQPr9so5lQVioisK4UwJROQsE/J52cyR
-9o3H6M4FKb6QpoobKa62fSfTumwwulaYaDJuRRGoGIkcRuUQ59EWAaDkD3IcDpAn
-9mTbnE4Iz+JxSrsZ5DJ3X/m/AqyLWtj6GAfyK9a1dhNdlf2x4JZT1QNtojiBXt95
-OIZyRBNbHMFniq5gel6wdBkmJWutfcTct7wKa2LCxLpKoDIc1HWoL3+RUzOKxYIP
-0qXEQ3bmONkCAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
-oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBSgsgfmDbXEkrrpHUC9GnDDjxaKizAfBgNVHSMEGDAW
-gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQB+uZ2OWR+G
-sRqYHEeVqUI8G2p8Np8eC/onGpBL8Gj9SGxIQcIPtqHPUlCe9fd/96JOptOGRYEB
-BmUCaCmQ4IgMW6e6fArka5IB4XXIgHFXyQ6ImTvjDavzlVw06zn9S4dLwVzsRBg+
-GS9svtq23W+f5rEN5N+7LhtcbclfiG4VCCqDG5VhkzEok+SRamDI8rDRZtodMw0O
-/+L+xaaQPUPjX8KUlKn4uVpCDbxUzHonlCPzbkHHm5su0D4ysjJIy3/y3yow6JE/
-02L7PZkmkmw3/V+84T3X8/GD15sVUv/3v1gXEBxYwAs+RNTJ0APvMEMSvCq0AMfF
-bPMZBuAGNBG7lv7TovzHgGFKXT7du5OFF/qjAsEffhbo224CB96fgwvvndwHHBFh
-J06BvHZG1i9dDVhUKoB1owkWrE4RZv2ZKEtZYgizzSmzZRHtARo0t1Byc5djx1tX
-TkJOHshNqJZOY1ER0DPaVQgKI+PRTbEdj/xPGRX3ebSqDmilAfPXshqgElfch6Yl
-f2V58TyCnjXOibvkG9D5OyCdWLEECumOZgYar0KZgNfrvTOi1OKXnX1fsbh29fWA
-ICZRcdmjkz79zQXY2SuzCWlskuXPKAmW1AMqs+l6ormmKfzIUx3Yriy4LqIIYY1v
-uQD5vghZmd9HUg2KaXfSGD9stGCD8KhntA==
------END CERTIFICATE-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.key-pk8.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.key-pk8.pem
deleted file mode 100644
index 70e0107f274..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/proxy.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDInl+/GI/DlngR
-wJ3kWggqDvEK6Y/MxqO4fZQnZotZQQ4dbkdrA26LYhxnyc0J/N+lnGJsngL356r4
-K/Rwl5l3S4Jidxk/y1buRhJuprEg4mUD6/bKOZUFYqIrCuFMCUTkLBPyednMkfaN
-x+jOBSm+kKaKGymutn0n07psMLpWmGgybkURqBiJHEblEOfRFgGg5A9yHA6QJ/Zk
-25xOCM/icUq7GeQyd1/5vwKsi1rY+hgH8ivWtXYTXZX9seCWU9UDbaI4gV7feTiG
-ckQTWxzBZ4quYHpesHQZJiVrrX3E3Le8CmtiwsS6SqAyHNR1qC9/kVMzisWCD9Kl
-xEN25jjZAgMBAAECggEAJJyCbKVW1yLGlrbIGbw0cTh41Lz6+SvnBOwl9WrJU2iD
-4usVLXpa2iT1ehthx8jWJ6r6a0gK0qL8mH2tBj8kSpkFGmMRwIqjOqifBIJ3IMEw
-Hh8Z0p3fjDQL1D8QDohCgkFpAn8qOCMLE6S/35khnR1Yxytd1/yFqpcBFm1uFA85
-dYisjPqWm/IZIU5rH0zgKAIhtvl9abnoi93443EHsKpRAW1gwRXx9Aak7TV768bZ
-tELBsaTnXnNzamDiaimmxEOlqR9O0W8JE/31KFL26JcVmsTRG7sMpoUxCEMjOuGZ
-J30bXFZUW6NrDpFsQ7uTqD6TNn2971N8KFCLnC/JYQKBgQDo82axC7L7n7BYTu18
-dupeT7n5dTBD/I3l0KtT05xiZA8GZr2i+pt+/aWzCzK4/Ee4jb4/o8CRQRB5v5mo
-c9lc+BaoAIQiwiw+aufT+UojrcijrOMEL5Zk3zdZ2rcEoAsVvqtejNnwLCGI9Rnl
-gp7n9oRhwDIv9Fu09snUougE3wKBgQDceAGKUB8pGd3eEya/0jU9J60LsKbcJSsN
-4v1S5LiPtHOyhr0g4x/LibMP2PJhG3tJ1bgpaGmn9du2D20M6ukRhIYyn/7G+N+A
-oqryyvO1MMYnhc4IEQvWrzDnBM0hV2bdjp4s/1ASVHVRwk8+orqxysIJ1D75nnRX
-Tyfl6HgBRwKBgQCfVlWIhiMPv6OkU6BXgRNAHTJs8f5okmgQqNF3jgequRwZ2c6e
-muIfU6myNNel9lGsZ6+Y4g4GjMWTMT4OHeewkrUUhv3atIwEyaT2tc5DZ0wUwF2r
-cE1jg9bdbB/BVyMd5YRcMOWlRNpPTq8+8EB3E4RrREZPzMmplyBohGFFawKBgGjc
-P0dM8nU3E1rj2wNTdPUAYQL1Y3fDyeWR+BEsLkhTeNAJ2/y/akkB1oQMGMRtMMee
-ejhfrBkyC+1dCu4g8PffA4EirihvCMcDF7HhK+cbKrRzpNobWXkj3GuU0ggwrQFm
-Kv+V87y0JRTdCZnuBkQ3/vBz3fwWDJnWUVC9sA5TAoGBAN4t2gJCZax5yInUgyWi
-Tgumb2qVWsGBBLMTKIsrkK/KphzgAhHcVhDCybA79TmIM2FfIlpf6TE7Mv4NI055
-ZJzHX+GMT5Czy2Ku9MJD3PLTFN5MjYb6g92fKViLDMI6fwzTHB8xPJ7Ob9bV2srS
-ZlmKNXTkZFk3/orK4WdCZufz
------END PRIVATE KEY-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.cert.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.cert.pem
deleted file mode 100644
index 01b69eacc32..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDCDCCAfCgAwIBAgIJAMPzPm3QygzRMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV
-BAMMBXJhbmRvMCAXDTE4MDYyNzA5MDA0OVoYDzIyOTIwNDExMDkwMDQ5WjAQMQ4w
-DAYDVQQDDAVyYW5kbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKR
-nN1y/aBrhbNM6kDfBmWTaKFuANEZ+VST++AVImssN+FyOL2ukxuT74JW0b9g9scl
-aTYzUBbKuTrMIf77RPIJY6R5E6JWn12UhDpnLa9eYGOkyPyoSp5hdyJj3spElWkl
-eGRY8g9zsWJO6QDpTL4g2VAtWTjFIVI3l3enNgNp3hJnJkdvxyBuRN7Szg9hGPmQ
-Tp9rsKkZQD4SJ9/WMAlqSqeB6rSn20rydMJCnI92TT8hlv1wZcVXSVrJypzZb27t
-aAi5o9GEtag3aXalR8zL9DiUk64338A0fYgf2/GSjomZehcg17h8tElYMFV6hJqS
-95gM18nfwldttbihjKMCAwEAAaNjMGEwHQYDVR0OBBYEFAzmiWmqQIB10sSoSAzb
-claQvBPtMB8GA1UdIwQYMBaAFAzmiWmqQIB10sSoSAzbclaQvBPtMA8GA1UdEwEB
-/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQCN7nup
-rGd4sVuP2vvcRbhGo1JCWDS4Uwe7nbSR/4QTAlyUYK8KIwTvfxeEeO4yBGmiDzOE
-+W2y0i22qVnShNCBZ50Evm+FkIEcwlnLtAJt6zIrE4cWdqW1a6CMp9MJkONjACOx
-3Y560SlqQuoKa41PtXUnk8tFT8Asz7b3NtEfmrBlZJpSSM5exBOCH/Enwzac890u
-zJuweTz4aO8aefunkPMKlBPliJ6EkEYclrjJqxi+4VrEMtAIRxwKXPvnHnXESaF7
-yUE4qrjQa4B+Bn1DWqfLcHJCVDxqYrXiEAN/YtX0UOqxZvGd49eNIs2vQkET0+55
-J3hW25OLSnPjAO/j
------END CERTIFICATE-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.key-pk8.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.key-pk8.pem
deleted file mode 100644
index 86a7fa387a8..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/randouser.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCykZzdcv2ga4Wz
-TOpA3wZlk2ihbgDRGflUk/vgFSJrLDfhcji9rpMbk++CVtG/YPbHJWk2M1AWyrk6
-zCH++0TyCWOkeROiVp9dlIQ6Zy2vXmBjpMj8qEqeYXciY97KRJVpJXhkWPIPc7Fi
-TukA6Uy+INlQLVk4xSFSN5d3pzYDad4SZyZHb8cgbkTe0s4PYRj5kE6fa7CpGUA+
-Eiff1jAJakqngeq0p9tK8nTCQpyPdk0/IZb9cGXFV0laycqc2W9u7WgIuaPRhLWo
-N2l2pUfMy/Q4lJOuN9/ANH2IH9vxko6JmXoXINe4fLRJWDBVeoSakveYDNfJ38JX
-bbW4oYyjAgMBAAECggEAf8cSqKQQOSq3kYYIWkM9IJJK3LkKfJZJg+wg4Eg/SNFr
-azeAwrqZKbLCQFI/5OJNtFNg5hfxx11pDlnkOcEzpL5zPs4k7pVtlFkiBWivmD3A
-W40fBSynuI2l4kX0tmg9QfA+JhA/pi7zT5WHxc8ryyFWX7kTjzwAjASbrlNIo0d7
-e5SMGcZUeH7m/+pCw626nhpexAJ5Fm9/uc0Zwh4xrzS6j2xoqhOqvQb175V/Iv6/
-8nBq/VjE5LqoP57gqw/Cs4zwwBFayr/WaitGVikga2eZI3q/GFMtez27cdMxEZhI
-9ZP1y8kzlzs1QPjdJQUxIE+/zIm3w8IL4iO0SQE5AQKBgQDmSYazZBkmixUzvBhg
-8tGTWJOAG0NhgBamkbaR6s1L8ou9A5MGbFbRBbc5zRmiyMC2Q4D6Xu0ut2N93tUr
-DkxZa35dt3HWMRmNByjHtpMzapYnmDpuF4k7dy+81GkUbd2ZDYadnknjiaFaDZ7j
-9JxUENIwzzLhFMx7emBQ1+3zewKBgQDGgcewYthAsCTAcBtGKw6G39jAYCpr2N7X
-/B5W5n4VXVHKq35wK1bHRnHj7dkm4sH572XB1tPoMrnQ7j9i+XSkc1Ixo0iHr9H0
-QauVQKQqzkvI5cSaWS5N6ZRk6GOGxI0SwYcNNdqJzEEJuYHCTUpff4d6utMgpTZ6
-SQJw8u0O+QKBgE2VEcNYAr0geDkgslnfFEn+ulqbVL0BSSA+0PIh154xjXBVRvAQ
-CcOLmGnptixIU9xTq50t49wsPmGGc+x4ebJaa40pIznU+tWvRsbZtIfK7eFTAMRc
-O4iEI9oK+Ye/Z7uLegGZ9SyqDmjnU9NaclxD+nwlIfAAcM9csBwsUucHAoGABjJ7
-B3iug6Z8Hz3gvBoQBAns/GSELoXAv0FxuQjNGuGk8gzUj6/qr6H1YEZGpz4hDCp7
-JMgOKYub3XfypqZfC9tFz6LnWsUUaum575jrByMVnpn9v0vVdD08ksHmiYiNVu6P
-xsvNnMuxpBoUgPpkvgJ/Okem27gMsViiKOCMohECgYEAt3MwlVILN0t6RPBCpTKB
-nrh6cxx8kQ2TI1UP44WciBkGVvIQOEbl+1955lt/LAECzooiBJOkKubcPK22sJPS
-MZauEwdAqRQj/uUs3oRISUjo0H/IKGI3O23jhIAI2XC/zkQTE6dKjhXxJIl+5a8f
-v9VhnIlgSfaxu3R0l7SvQlo=
------END PRIVATE KEY-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.cert.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.cert.pem
deleted file mode 100644
index 9656e2c8ba0..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEajCCAlKgAwIBAgICEAQwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyNjEzMjUxN1oYDzIyOTIwNDEwMTMyNTE3WjAVMRMwEQYDVQQD
-DApzdXBlcnByb3h5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43Sn
-ys/h3wxJ/IBEzbJdQAKCxU4of5KgTDzFoOaS8C63Nwbjgy0qcWYdRDceP4lJIKSA
-1+JZ+R1opyrfVIC2D9oDJFIJTFfXy9G9VYDccwAONPgAamvRzBnYcEu8fqM+Ohle
-kZltKktAHnX3WtG3RyxEL5nYzlMlGwUXJu3Rxc9SlkYSxERzjWHikGqGmXLX2qB0
-k6oyxTrK+4+EHk3khbEIqyQZSOFbD7NMfnRy0CWFv/9T1shgjAIBCake6jY7lwaT
-S7JvbLfG6ABf5xHMxoWLXa2qwb+Ar43Ff9g8kKZwFOxMeGcwkzyJPBbWytFxaWn+
-R2RHhTaVCGc22CjdfQIDAQABo4HFMIHCMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEB
-BAQDAgWgMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBDbGllbnQg
-Q2VydGlmaWNhdGUwHQYDVR0OBBYEFHEgLhfH0Z1QlLxeQbG7YZyBlz1MMB8GA1Ud
-IwQYMBaAFFcL6csj6L9HPlB6P0V+oRhDnRUnMA4GA1UdDwEB/wQEAwIF4DAdBgNV
-HSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwDQYJKoZIhvcNAQELBQADggIBAK9q
-3YnEa99Cq3Vo3g6PE/A/xOE97seVNuavqyBcVv9PrTydb5XG4jPkYU3xOYXIc8rA
-A4gzd+AsGO9rjGMPGGjQJI3JO/3BCeBJMkn50C/rM1yWVMHnVyFcJlg16xaWtj1e
-2Jk8egJW2gSYyF+N2TdzI7tOb002GNr36posnqO+IOoLapyHFBxxUjsPDRoo8fJn
-myWsV1Y9oRUZyJlfIAJsu85ew7gDBY2jaiEiopzour3uU3C0N7gYni2OmVwfr6J8
-R2/Jp43BSD5sYOW9RAJIEEXef+InYtz9HTJvKu2LsWwIBkaztk29tJcDE+1La6Sw
-0dF0YkUwnXoGQFjiV+8pXX3TF5glXKj1rU8WfNazF6lqslB6DmdgR3/FQ6Z2sE86
-d9hVtayZIGlzU0rWmBBtr++7Wo88nmzAtd/xbZMFG8U//+Q2AvJT2oVGtqM48+al
-rnsN/gYrLDr7RC14bHIuO1v6ZL/rAi7SPKrKYAyQVTAcRuW516SxxR6S1Xa1ITnh
-rwgKg13eQuwu3iigguIS9XL6nAXabBIxBxMl6o2YlyIPekKYIcQmpqhkavJ6VOgX
-iq9VdY6fIJVfmxNZuwM3/28k7UeUAfhI2SSVH4ZURbPiGGH2wukc1QkmtZ2cNa35
-C1y79aqJbIa3ErqLFPj/fM+34x8L7QHPq6RfaODa
------END CERTIFICATE-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.key-pk8.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.key-pk8.pem
deleted file mode 100644
index 2e4140b8fb3..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/superproxy.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDjdKfKz+HfDEn8
-gETNsl1AAoLFTih/kqBMPMWg5pLwLrc3BuODLSpxZh1ENx4/iUkgpIDX4ln5HWin
-Kt9UgLYP2gMkUglMV9fL0b1VgNxzAA40+ABqa9HMGdhwS7x+oz46GV6RmW0qS0Ae
-dfda0bdHLEQvmdjOUyUbBRcm7dHFz1KWRhLERHONYeKQaoaZctfaoHSTqjLFOsr7
-j4QeTeSFsQirJBlI4VsPs0x+dHLQJYW//1PWyGCMAgEJqR7qNjuXBpNLsm9st8bo
-AF/nEczGhYtdrarBv4CvjcV/2DyQpnAU7Ex4ZzCTPIk8FtbK0XFpaf5HZEeFNpUI
-ZzbYKN19AgMBAAECggEBAM1JAwuD1drmj3wKFI8F1S2pVndXFCwXnP9RthiDIckO
-kKNkX0CMKgtQ20cu6+jyMgL5FaRCkWvJxCNkCU6OIENsQ3urYuL5QTWeZeBevhg4
-y5m43z8tcptgFD09zbEKCmaLcRO9wo3yfrs/QvE/58efxyajFs8YsZuSW5Px/msl
-AFN8qGY0q0lQbQPK8cPYT4OnW9isqEjkvHq1Q+ryv4cxsGWtBZYmJVeLVHzClihi
-lODdN6YsDcu9jLwsA8o2WSBRsbLHK6caW4FdEwgOLckc0EGGEU64VEB9ZOwgcwYQ
-M9mZDs2w7qk63YnDH4KmpoP0Oc8N+bG7Pkifd7f8HqECgYEA8esMQya6Qln4O7Qo
-aI8X9t5gCpq+bh/P+7vYdBR/9St5VtE/P0yuaQdT2e5t+Ei4ujqHvJ0GTPmqYIJf
-2DNvJMu8EnXv+nqKQCsyMc/nqQN1CcRGqZssH1V/ZIQLRUA0cN4hzE0eHITwp6U9
-vD/WaE3mKX/XHthIjc8hnuoajOkCgYEA8LIYMgyD3wClWOKe5TkBumI0KvA9tP90
-IFHu1wLNl0tKBpsXkzzxiav1FMX3K7B29vxukrs946KRESHzRg4c5ULPnMmwcQyx
-AortKJWrGVsna/QDWPRutXSN1XmnjKWsHmTpQQqLfaRvLW+Hd34+EVdVh9sVt/y9
-RucnBvxcX3UCgYBebm/U7pMaP2BkfcigN+sU1G0M9qaK+iQHkaXGehIQs62js/5K
-STZzjQawNR/8IPbqytodR/YjqflVvs6G6FzkMhrx4dORJLA+qB3pz8wP72eKLnGe
-1xF8EbWumNSFbbCKtkrfIuM0IriF2Dym9QxOnsnPPTXNtoNrx4TKMXu3sQKBgBq9
-noSI8WmoF7adTsvmnnOHj4YptKFUNCGXGLLYg+DII4xCVMct4SPLb+oD6Gb5Lu5X
-sy0oEkMk/3roy68/yCQMXSZtHeYhY9UFfD2jCyRBBUswC+MpHNeaAFv0LRIqIcoq
-qeNo+YBW8WcZ2fIDm3+vtTfntiz/rkOfUK2tAdI1AoGAL2LVDF5e1meSRocEoy8e
-gqrshrhg+KBqYmcjtd4Iup4WvR6uyH4qE9yFLLHFZ04pZzXLHcPfqgOSP8qTxgH3
-h0uqtcYmejS/yl6PbC9OPXcSkMgntRkTbU9Ug05ijfN9NRnW+8WXvi8Z6DKed1P1
-9PxwA75P9o0h00mMk8PQitQ=
------END PRIVATE KEY-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.cert.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.cert.pem
deleted file mode 100644
index 072f2867fe6..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.cert.pem
+++ /dev/null
@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEZTCCAk2gAwIBAgICEAUwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGZm9v
-YmFyMCAXDTE4MDYyNzA4NDAyNVoYDzIyOTIwNDExMDg0MDI1WjAQMQ4wDAYDVQQD
-DAV1c2VyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM5iqgr4PUUZ
-AW9MDGP5cBaSJALSPV63m6M/IoovrMWJ9CGtcQfZTUHwDorIlXgQ6H/KufmsHW0Y
-OQbChLSTDB14D0jSMtyv6+ibSoE1ZEl2SbB1miLd0P5AS9YmzzEW2+bx0zJORLYD
-PzJ1Nh3/kQlRs04IECki291WZiVRzX2JRoL7kMtOAoKJqQfsT14Oi9EAw39VhLeB
-uc/Mx6Jsutq/YdXakoZtQbfZka2MMfLXgMDLIPDqbU+09q7au2dq8RjGzrWnxnOX
-o/XQssrIbwzJJYASBsgAAtnAw7bPzCX6+cL6PZVRyiEZov0HKXyRyvrbQ5hyEMuS
-3dHqoKt0fKMCAwEAAaOBxTCBwjAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
-oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
-ZmljYXRlMB0GA1UdDgQWBBQ7NSD6lx6Vq38cEoD5l7FHs1Ej8DAfBgNVHSMEGDAW
-gBRXC+nLI+i/Rz5Qej9FfqEYQ50VJzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQC+cU7ctY7o
-eTW+oHTq9EGJUMwW1fOww4QDrHtgZT4OYkO88zxQV2Cr050p8eaV5dHXZBf9/bRV
-7hPNV5+HpQhb9TZ9xK2WRZ2QV7a/UDyUnksVKGSK9tNZMZPueOEB19e4bIBcgnQa
-5i9sgZr93na7pFOY7lBQy6gfaOcnejYHmvVqIGaZBVH8rkEsGhhkJxy7qkpFNKgf
-PGiIRo9L0WYqDCSiaICeCiteJwIfjsUFJKF0YnpXZq1kFfQscnleg60MWZAXvacp
-tAciE51Ow60cqQWER66iwqnBSPD4l91SxAaGQAmalgCioGsYSbojXcOvRidhYJ2T
-3YwCpqlC0qC9D2ZmNoukb1a0Pi03MuSJwD/8v9eqwEW9dFAzdnWDzTZMN9CfdjVh
-2qiO5o5Si/X1Dmjdk2F/EM62YJQBAlkZBetFJ0o2QPGTSD+zrpfITIW8Pu+/5zcC
-MZdzyUf0p1GO2Kn7wmqPQjz59zABagmxCNks8HeqPnzmWuADMaggb0nOmrBACE2x
-b9XR6/xaXpwTRf0h5N3evivzUHo6XVw8A3gVUNoBm9Of3PlAsjM4I4SWFb6nrwYv
-RnI04c+R95Su1fMc2wky0PmW+iWRTaEN/cUdX1SF6jo1nRLELGcbMSGUI6UI8kff
-crvCz7uLu7Lr5/CKnEm2bSCZ4eIQpOs4nQ==
------END CERTIFICATE-----
diff --git a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.key-pk8.pem b/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.key-pk8.pem
deleted file mode 100644
index eec5c94c066..00000000000
--- a/pulsar-proxy/src/test/resources/authentication/tls-admin-proxy/user1.key-pk8.pem
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDOYqoK+D1FGQFv
-TAxj+XAWkiQC0j1et5ujPyKKL6zFifQhrXEH2U1B8A6KyJV4EOh/yrn5rB1tGDkG
-woS0kwwdeA9I0jLcr+vom0qBNWRJdkmwdZoi3dD+QEvWJs8xFtvm8dMyTkS2Az8y
-dTYd/5EJUbNOCBApItvdVmYlUc19iUaC+5DLTgKCiakH7E9eDovRAMN/VYS3gbnP
-zMeibLrav2HV2pKGbUG32ZGtjDHy14DAyyDw6m1PtPau2rtnavEYxs61p8Zzl6P1
-0LLKyG8MySWAEgbIAALZwMO2z8wl+vnC+j2VUcohGaL9Byl8kcr620OYchDLkt3R
-6qCrdHyjAgMBAAECggEBAK8J8QvytAxJg/T/+7ZC1PTfp1kZNGGDuaV/o2ytuIul
-T//MGQQ+IY8d6Ud9jX9SX84agxalCiP/mkYIbgK0gF7x94yccfTH433ZTxw8yzye
-7SqS41JU7K7mmysaqTkKGSFK0gNlbFMud8f0rxxMJ5dOypMQtZwd63lSkLlwIqcn
-YhKcAdXM4WGv07MFdwAXvrK2trhBBkCA08ZzyVy4lWE+cVfEkwH6O8EdGchl7g4U
-LqIkYzufQWKdH9frt6N3qEV/qs0s1qipVzV07GaPpEdK/G5exJ7NjZaXJkHOuMbt
-7ae1zJBexW41/++fjzsWSYljvSEphjqwrGYrr+tMGNECgYEA+Sg1sHcYO4Bg16qG
-c8XM9g8DFL396X4MnMh+AFrDV8dbdz39x9fFtpKEfqaAZrG6I8fW3RkMLsJvJ4GI
-KDJNz2ezEMbNKlXE9UzvAsrdvWNWDGJvrDu0CbJg2wtBeVEBIUYetSdNHoEwY7ZJ
-QHnwbxYYrUFIJ34rI0SQ17/Z4vsCgYEA1A27jYTWr86JmvjQDUiJcJsbhpa/6OzZ
-n3KTu0n0oCvl7uvvjUfhlzmcq7kyY0oO1C5TQHLiqBaI5hXw+iYwnESLIn7BwhMX
-dcxglvXx95h1NqHYX9GnURl2QtrjmuY5yx+itfmZCRkRPO3c5e9uZyf01CeE4uwl
-hDNh0RrSXHkCgYBvlQhmXQ+nJhk4vI+2LXFbCOISWfvqo562YDu9oOg22Xsm7cZH
-x2QuHXPk3GBInXOFLqwVHHCOSFlLUgFOLykVp5VUABRFz1+Dk86+a2fetywEI9lr
-QtmgNhiWQHY0BIkDA8ogytcIwEaRgUNQ8sswlK68eK39sc1T4BMV7D+CHQKBgG3g
-+8lWBwSsKgOCYBQx/P27caTo4mJosE99yG0o4jhI5ulJmiSEFbINqVAWM7TdQBfU
-NVFU9nuQybknr2l/dnrSzaG/Otk8mVBx6a7vnETm2/3GGV91PJS6c9wqnfu6xkGp
-j99piVH8ikEfI/KFgZi0TJnOLH6FTN9W3J3EnzJJAoGAE4ZLLi+2RP4ZYXI11CJC
-BSM1AEpqemgTUSidZyTiJJMGGrC7tyEba+4TIqeGgvD74p57XFbN7LOJWmnAiK8b
-BLhQqPgOCXqrna00GnNKKx7AzgYHqlq03tGlX858aH18rkSRVk3UhkTkGTSr3iQn
-aJeN/0HbpGr67bimf4bqlCY=
------END PRIVATE KEY-----
(pulsar) 07/11: [fix][broker] Fix PulsarService.getLookupServiceAddress returns wrong port if TLS is enabled (#21015)
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 8e2eb50d9c93748e4426fcad1bfad28f69bb7faf
Author: Jiwei Guo <te...@apache.org>
AuthorDate: Sun Sep 17 20:44:13 2023 -0500
[fix][broker] Fix PulsarService.getLookupServiceAddress returns wrong port if TLS is enabled (#21015)
(cherry picked from commit 1363777918547b0f56bdbbf04cec28d050a43586)
---
.../org/apache/pulsar/broker/PulsarService.java | 10 +++---
.../apache/pulsar/broker/PulsarServiceTest.java | 2 ++
.../apache/pulsar/broker/admin/AdminApi2Test.java | 14 +++-----
.../apache/pulsar/broker/admin/AdminApiTest.java | 2 +-
.../broker/auth/MockedPulsarServiceBaseTest.java | 4 ---
.../loadbalance/AdvertisedListenersTest.java | 2 --
.../broker/loadbalance/LoadBalancerTest.java | 1 -
.../loadbalance/SimpleLoadManagerImplTest.java | 1 -
.../impl/ModularLoadManagerImplTest.java | 6 ----
.../OwnerShipForCurrentServerTestBase.java | 2 --
.../pulsar/broker/service/BrokerServiceTest.java | 9 +++++
.../broker/service/ClusterMigrationTest.java | 9 +++++
.../pulsar/broker/service/ReplicatorTest.java | 2 +-
.../broker/transaction/TransactionTestBase.java | 2 --
.../pulsar/client/api/BrokerServiceLookupTest.java | 7 +++-
.../client/api/ClientAuthenticationTlsTest.java | 4 ++-
.../pulsar/proxy/server/ProxyRefreshAuthTest.java | 1 +
.../proxy/server/ProxyServiceTlsStarterTest.java | 1 +
.../integration/containers/BrokerContainer.java | 9 +++--
.../integration/containers/ProxyContainer.java | 9 +++--
.../tests/integration/tls/ClientTlsTest.java | 9 +++++
.../integration/topologies/PulsarCluster.java | 40 +++++++++++++++-------
.../integration/topologies/PulsarClusterSpec.java | 6 ++++
23 files changed, 98 insertions(+), 54 deletions(-)
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
index edcc83df2b8..f1f630316a1 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/PulsarService.java
@@ -1734,18 +1734,18 @@ public class PulsarService implements AutoCloseable, ShutdownService {
}
public String getSafeWebServiceAddress() {
- return webServiceAddress != null ? webServiceAddress : webServiceAddressTls;
+ return webServiceAddressTls != null ? webServiceAddressTls : webServiceAddress;
}
@Deprecated
public String getSafeBrokerServiceUrl() {
- return brokerServiceUrl != null ? brokerServiceUrl : brokerServiceUrlTls;
+ return brokerServiceUrlTls != null ? brokerServiceUrlTls : brokerServiceUrl;
}
public String getLookupServiceAddress() {
- return String.format("%s:%s", advertisedAddress, config.getWebServicePort().isPresent()
- ? config.getWebServicePort().get()
- : config.getWebServicePortTls().get());
+ return String.format("%s:%s", advertisedAddress, config.getWebServicePortTls().isPresent()
+ ? config.getWebServicePortTls().get()
+ : config.getWebServicePort().orElseThrow());
}
public TopicPoliciesService getTopicPoliciesService() {
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/PulsarServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/PulsarServiceTest.java
index 37a7310ae17..3e0887646e1 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/PulsarServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/PulsarServiceTest.java
@@ -54,6 +54,8 @@ public class PulsarServiceTest extends MockedPulsarServiceBaseTest {
@Override
protected void doInitConf() throws Exception {
super.doInitConf();
+ conf.setBrokerServicePortTls(Optional.of(0));
+ conf.setWebServicePortTls(Optional.of(0));
if (useStaticPorts) {
conf.setBrokerServicePortTls(Optional.of(6651));
conf.setBrokerServicePort(Optional.of(6660));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java
index ba1a4f36b17..0f94a8813c0 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApi2Test.java
@@ -439,19 +439,13 @@ public class AdminApi2Test extends MockedPulsarServiceBaseTest {
String tenantName = newUniqueName("prop-xyz2");
admin.tenants().createTenant(tenantName, tenantInfo);
admin.namespaces().createNamespace(tenantName + "/ns1", Set.of("test"));
- conf.setBrokerServicePort(Optional.of(1024));
- conf.setBrokerServicePortTls(Optional.of(1025));
- conf.setWebServicePort(Optional.of(1026));
- conf.setWebServicePortTls(Optional.of(1027));
+ ServiceConfiguration config2 = super.getDefaultConf();
@Cleanup
- PulsarTestContext pulsarTestContext2 = createAdditionalPulsarTestContext(conf);
+ PulsarTestContext pulsarTestContext2 = createAdditionalPulsarTestContext(config2);
PulsarService pulsar2 = pulsarTestContext2.getPulsarService();
- conf.setBrokerServicePort(Optional.of(2048));
- conf.setBrokerServicePortTls(Optional.of(2049));
- conf.setWebServicePort(Optional.of(2050));
- conf.setWebServicePortTls(Optional.of(2051));
+ ServiceConfiguration config3 = super.getDefaultConf();
@Cleanup
- PulsarTestContext pulsarTestContext3 = createAdditionalPulsarTestContext(conf);
+ PulsarTestContext pulsarTestContext3 = createAdditionalPulsarTestContext(config3);
PulsarService pulsar3 = pulsarTestContext.getPulsarService();
@Cleanup
PulsarAdmin admin2 = PulsarAdmin.builder().serviceHttpUrl(pulsar2.getWebServiceAddress()).build();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
index 5cf95dbdc8c..b72f1b697f7 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiTest.java
@@ -930,7 +930,7 @@ public class AdminApiTest extends MockedPulsarServiceBaseTest {
assertEquals(topicStats.getSubscriptions().get(subName).getMsgBacklog(), 10);
assertEquals(topicStats.getPublishers().size(), 0);
assertEquals(topicStats.getOwnerBroker(),
- pulsar.getAdvertisedAddress() + ":" + pulsar.getConfiguration().getWebServicePort().get());
+ pulsar.getAdvertisedAddress() + ":" + pulsar.getConfiguration().getWebServicePortTls().get());
PersistentTopicInternalStats internalStats = admin.topics().getInternalStats(persistentTopicName, false);
assertEquals(internalStats.cursors.keySet(), Set.of(Codec.encode(subName)));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java
index 16db0f48480..62d2b2aafa7 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockedPulsarServiceBaseTest.java
@@ -230,10 +230,8 @@ public abstract class MockedPulsarServiceBaseTest extends TestRetrySupport {
this.conf.setBrokerShutdownTimeoutMs(0L);
this.conf.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
this.conf.setBrokerServicePort(Optional.of(0));
- this.conf.setBrokerServicePortTls(Optional.of(0));
this.conf.setAdvertisedAddress("localhost");
this.conf.setWebServicePort(Optional.of(0));
- this.conf.setWebServicePortTls(Optional.of(0));
this.conf.setNumExecutorThreadPoolSize(5);
this.conf.setExposeBundlesMetricsInPrometheus(true);
}
@@ -473,9 +471,7 @@ public abstract class MockedPulsarServiceBaseTest extends TestRetrySupport {
configuration.setBrokerShutdownTimeoutMs(0L);
configuration.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
configuration.setBrokerServicePort(Optional.of(0));
- configuration.setBrokerServicePortTls(Optional.of(0));
configuration.setWebServicePort(Optional.of(0));
- configuration.setWebServicePortTls(Optional.of(0));
configuration.setBookkeeperClientExposeStatsToPrometheus(true);
configuration.setNumExecutorThreadPoolSize(5);
configuration.setBrokerMaxConnections(0);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersTest.java
index 7a8154312e4..a88ccd60ae4 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/AdvertisedListenersTest.java
@@ -78,7 +78,6 @@ public class AdvertisedListenersTest extends MultiBrokerBaseTest {
",public_https:https://localhost:" + httpsPort);
conf.setBrokerServicePort(Optional.of(pulsarPort));
conf.setWebServicePort(Optional.of(httpPort));
- conf.setWebServicePortTls(Optional.of(httpsPort));
}
@Test
@@ -101,7 +100,6 @@ public class AdvertisedListenersTest extends MultiBrokerBaseTest {
assertEquals(new URI(ld.getBrokerUrl()).getHost(), "localhost");
assertEquals(new URI(ld.getHttpUrl()).getHost(), "localhost");
- assertEquals(new URI(ld.getHttpUrlTls()).getHost(), "localhost");
// Produce data
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
index 68902c73e57..7cc4499df97 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/LoadBalancerTest.java
@@ -124,7 +124,6 @@ public class LoadBalancerTest {
config.setAdvertisedAddress("localhost");
config.setWebServicePort(Optional.of(0));
config.setBrokerServicePortTls(Optional.of(0));
- config.setWebServicePortTls(Optional.of(0));
config.setMetadataStoreUrl("zk:127.0.0.1:" + bkEnsemble.getZookeeperPort());
config.setBrokerShutdownTimeoutMs(0L);
config.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
index c4898786e3e..6303c70b4dc 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/SimpleLoadManagerImplTest.java
@@ -113,7 +113,6 @@ public class SimpleLoadManagerImplTest {
config1.setBrokerServicePort(Optional.of(0));
config1.setLoadManagerClassName(SimpleLoadManagerImpl.class.getName());
config1.setBrokerServicePortTls(Optional.of(0));
- config1.setWebServicePortTls(Optional.of(0));
config1.setAdvertisedAddress("localhost");
pulsar1 = new PulsarService(config1);
pulsar1.start();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
index 786c9027c94..d8acb6d24e9 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/loadbalance/impl/ModularLoadManagerImplTest.java
@@ -169,8 +169,6 @@ public class ModularLoadManagerImplTest {
config1.setBrokerShutdownTimeoutMs(0L);
config1.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
config1.setBrokerServicePort(Optional.of(0));
- config1.setBrokerServicePortTls(Optional.of(0));
- config1.setWebServicePortTls(Optional.of(0));
pulsar1 = new PulsarService(config1);
pulsar1.start();
@@ -189,8 +187,6 @@ public class ModularLoadManagerImplTest {
config2.setBrokerShutdownTimeoutMs(0L);
config2.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
config2.setBrokerServicePort(Optional.of(0));
- config2.setBrokerServicePortTls(Optional.of(0));
- config2.setWebServicePortTls(Optional.of(0));
pulsar2 = new PulsarService(config2);
pulsar2.start();
@@ -204,8 +200,6 @@ public class ModularLoadManagerImplTest {
config.setBrokerShutdownTimeoutMs(0L);
config.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
config.setBrokerServicePort(Optional.of(0));
- config.setBrokerServicePortTls(Optional.of(0));
- config.setWebServicePortTls(Optional.of(0));
pulsar3 = new PulsarService(config);
secondaryHost = String.format("%s:%d", "localhost", pulsar2.getListenPortHTTP().get());
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/OwnerShipForCurrentServerTestBase.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/OwnerShipForCurrentServerTestBase.java
index 8dd4f53db82..46e8989ac3d 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/OwnerShipForCurrentServerTestBase.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/namespace/OwnerShipForCurrentServerTestBase.java
@@ -80,10 +80,8 @@ public abstract class OwnerShipForCurrentServerTestBase {
conf.setBrokerShutdownTimeoutMs(0L);
conf.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
conf.setBrokerServicePort(Optional.of(0));
- conf.setBrokerServicePortTls(Optional.of(0));
conf.setAdvertisedAddress("localhost");
conf.setWebServicePort(Optional.of(0));
- conf.setWebServicePortTls(Optional.of(0));
serviceConfigurationList.add(conf);
PulsarTestContext.Builder testContextBuilder =
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
index 10c90fd434d..f07a1b99c3d 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/BrokerServiceTest.java
@@ -1646,4 +1646,13 @@ public class BrokerServiceTest extends BrokerTestBase {
fail("Unsubscribe failed");
}
}
+
+ @Test
+ public void testGetLookupServiceAddress() throws Exception {
+ cleanup();
+ setup();
+ conf.setWebServicePortTls(Optional.of(8081));
+ assertEquals(pulsar.getLookupServiceAddress(), "localhost:8081");
+ resetState();
+ }
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ClusterMigrationTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ClusterMigrationTest.java
index cfa9a5f9b04..b36bf33aff4 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ClusterMigrationTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ClusterMigrationTest.java
@@ -28,6 +28,7 @@ import static org.testng.Assert.assertTrue;
import com.google.common.collect.Sets;
import java.lang.reflect.Method;
import java.net.URL;
+import java.util.Optional;
import java.util.concurrent.TimeUnit;
import lombok.Cleanup;
import org.apache.pulsar.broker.BrokerTestUtil;
@@ -477,6 +478,14 @@ public class ClusterMigrationTest {
super.setupWithClusterName(clusterName);
}
+ @Override
+ protected void doInitConf() throws Exception {
+ super.doInitConf();
+ this.conf.setWebServicePortTls(Optional.of(0));
+ this.conf.setBrokerServicePortTls(Optional.of(0));
+ }
+
+
public PulsarService getPulsarService() {
return pulsar;
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java
index d0fd3365f96..3d955250608 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/service/ReplicatorTest.java
@@ -248,7 +248,7 @@ public class ReplicatorTest extends ReplicatorTestBase {
-> admin2.clusters().getCluster(cluster2) != null);
List<String> list = admin1.brokers().getActiveBrokers(cluster2);
- assertEquals(list.get(0), url2.toString().replace("http://", ""));
+ assertEquals(list.get(0), urlTls2.toString().replace("https://", ""));
//restore configuration
pulsar1.getConfiguration().setAuthorizationEnabled(false);
}
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/transaction/TransactionTestBase.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/transaction/TransactionTestBase.java
index cd0c089ad41..3a83d2f95fe 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/transaction/TransactionTestBase.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/transaction/TransactionTestBase.java
@@ -156,10 +156,8 @@ public abstract class TransactionTestBase extends TestRetrySupport {
conf.setBrokerShutdownTimeoutMs(0L);
conf.setLoadBalancerOverrideBrokerNicSpeedGbps(Optional.of(1.0d));
conf.setBrokerServicePort(Optional.of(0));
- conf.setBrokerServicePortTls(Optional.of(0));
conf.setAdvertisedAddress("localhost");
conf.setWebServicePort(Optional.of(0));
- conf.setWebServicePortTls(Optional.of(0));
conf.setTransactionCoordinatorEnabled(true);
conf.setBrokerDeduplicationEnabled(true);
conf.setTransactionBufferSnapshotMaxTransactionCount(2);
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
index 3ab5e926054..a632608bf70 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/BrokerServiceLookupTest.java
@@ -485,7 +485,7 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
// request [3]
doReturn(true).when(loadManager1).isCentralized();
doReturn(true).when(loadManager2).isCentralized();
- SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getWebServiceAddress(), null);
+ SimpleResourceUnit resourceUnit = new SimpleResourceUnit(pulsar.getWebServiceAddressTls(), null);
doReturn(Optional.of(resourceUnit)).when(loadManager2).getLeastLoaded(any(ServiceUnitId.class));
doReturn(Optional.of(resourceUnit)).when(loadManager1).getLeastLoaded(any(ServiceUnitId.class));
@@ -518,6 +518,9 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
loadManager1 = null;
loadManager2 = null;
+
+ conf.setBrokerServicePortTls(Optional.empty());
+ conf.setWebServicePortTls(Optional.empty());
}
/**
@@ -949,6 +952,8 @@ public class BrokerServiceLookupTest extends ProducerConsumerBase {
admin.topics().createPartitionedTopic(dest.toString(), totalPartitions);
stopBroker();
+ conf.setBrokerServicePortTls(Optional.empty());
+ conf.setWebServicePortTls(Optional.empty());
conf.setClientLibraryVersionCheckEnabled(true);
startBroker();
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java
index c9b243257c4..d716d5a8063 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/ClientAuthenticationTlsTest.java
@@ -22,6 +22,7 @@ import static org.testng.Assert.assertThrows;
import static org.testng.Assert.assertTrue;
import static org.testng.Assert.expectThrows;
import java.util.HashSet;
+import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
@@ -50,7 +51,8 @@ public class ClientAuthenticationTlsTest extends ProducerConsumerBase {
Set<String> providers = new HashSet<>();
providers.add(AuthenticationProviderTls.class.getName());
conf.setAuthenticationProviders(providers);
-
+ conf.setWebServicePortTls(Optional.of(0));
+ conf.setBrokerServicePortTls(Optional.of(0));
conf.setTlsKeyFilePath(BROKER_KEY_FILE_PATH);
conf.setTlsCertificateFilePath(BROKER_CERT_FILE_PATH);
conf.setTlsTrustCertsFilePath(CA_CERT_FILE_PATH);
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyRefreshAuthTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyRefreshAuthTest.java
index bde989fc432..2f36cc679f1 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyRefreshAuthTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyRefreshAuthTest.java
@@ -69,6 +69,7 @@ public class ProxyRefreshAuthTest extends ProducerConsumerBase {
conf.setAdvertisedAddress(null);
conf.setAuthenticateOriginalAuthData(true);
conf.setBrokerServicePort(Optional.of(0));
+ conf.setWebServicePortTls(Optional.of(0));
conf.setWebServicePort(Optional.of(0));
Set<String> superUserRoles = new HashSet<>();
diff --git a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java
index 01c06fbf52f..6247c2a66e8 100644
--- a/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java
+++ b/pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyServiceTlsStarterTest.java
@@ -75,6 +75,7 @@ public class ProxyServiceTlsStarterTest extends MockedPulsarServiceBaseTest {
protected void doInitConf() throws Exception {
super.doInitConf();
+ this.conf.setBrokerServicePortTls(Optional.of(0));
this.conf.setTlsCertificateFilePath(PROXY_CERT_FILE_PATH);
this.conf.setTlsKeyFilePath(PROXY_KEY_FILE_PATH);
}
diff --git a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/BrokerContainer.java b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/BrokerContainer.java
index 616d45554d7..a51397050b9 100644
--- a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/BrokerContainer.java
+++ b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/BrokerContainer.java
@@ -28,8 +28,13 @@ public class BrokerContainer extends PulsarContainer<BrokerContainer> {
public static final String NAME = "pulsar-broker";
public BrokerContainer(String clusterName, String hostName) {
- super(clusterName, hostName, hostName, "bin/run-broker.sh", BROKER_PORT, BROKER_PORT_TLS,
- BROKER_HTTP_PORT, BROKER_HTTPS_PORT, DEFAULT_HTTP_PATH, DEFAULT_IMAGE_NAME);
+ this(clusterName, hostName, false);
+ }
+
+ public BrokerContainer(String clusterName, String hostName, boolean enableTls) {
+ super(clusterName, hostName, hostName, "bin/run-broker.sh", BROKER_PORT,
+ enableTls ? BROKER_PORT_TLS : 0, BROKER_HTTP_PORT,
+ enableTls ? BROKER_HTTPS_PORT : 0, DEFAULT_HTTP_PATH, DEFAULT_IMAGE_NAME);
tailContainerLog();
}
diff --git a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/ProxyContainer.java b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/ProxyContainer.java
index 53283447378..f3926878f37 100644
--- a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/ProxyContainer.java
+++ b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/containers/ProxyContainer.java
@@ -28,8 +28,13 @@ public class ProxyContainer extends PulsarContainer<ProxyContainer> {
public static final String NAME = "pulsar-proxy";
public ProxyContainer(String clusterName, String hostName) {
- super(clusterName, hostName, hostName, "bin/run-proxy.sh", BROKER_PORT, BROKER_PORT_TLS, BROKER_HTTP_PORT,
- BROKER_HTTPS_PORT, DEFAULT_HTTP_PATH, DEFAULT_IMAGE_NAME);
+ this(clusterName, hostName, false);
+ }
+
+ public ProxyContainer(String clusterName, String hostName, boolean enableTls) {
+ super(clusterName, hostName, hostName, "bin/run-proxy.sh", BROKER_PORT,
+ enableTls ? BROKER_PORT_TLS : 0, BROKER_HTTP_PORT,
+ enableTls ? BROKER_HTTPS_PORT : 0, DEFAULT_HTTP_PATH, DEFAULT_IMAGE_NAME);
}
@Override
diff --git a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/tls/ClientTlsTest.java b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/tls/ClientTlsTest.java
index 59ff978cafa..080912cd492 100644
--- a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/tls/ClientTlsTest.java
+++ b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/tls/ClientTlsTest.java
@@ -29,6 +29,7 @@ import org.apache.pulsar.client.api.Producer;
import org.apache.pulsar.client.api.PulsarClient;
import org.apache.pulsar.client.api.PulsarClientException;
import org.apache.pulsar.tests.integration.suites.PulsarTestSuite;
+import org.apache.pulsar.tests.integration.topologies.PulsarClusterSpec;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
@@ -41,6 +42,14 @@ public class ClientTlsTest extends PulsarTestSuite {
return Resources.getResource("certificate-authority/" + name).getPath();
}
+ @Override
+ protected PulsarClusterSpec.PulsarClusterSpecBuilder beforeSetupCluster(
+ String clusterName,
+ PulsarClusterSpec.PulsarClusterSpecBuilder specBuilder) {
+ specBuilder.enableTls(true);
+ return specBuilder;
+ }
+
@DataProvider(name = "adminUrls")
public Object[][] adminUrls() {
return new Object[][]{
diff --git a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarCluster.java b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarCluster.java
index ca5fe4b3852..ce308e4a386 100644
--- a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarCluster.java
+++ b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarCluster.java
@@ -38,6 +38,7 @@ import java.util.function.Function;
import lombok.Getter;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.io.IOUtils;
+import org.apache.pulsar.client.impl.auth.AuthenticationTls;
import org.apache.pulsar.tests.integration.containers.BKContainer;
import org.apache.pulsar.tests.integration.containers.BrokerContainer;
import org.apache.pulsar.tests.integration.containers.CSContainer;
@@ -132,14 +133,16 @@ public class PulsarCluster {
this.brokerContainers = Maps.newTreeMap();
this.workerContainers = Maps.newTreeMap();
- this.proxyContainer = new ProxyContainer(appendClusterName("pulsar-proxy"), ProxyContainer.NAME)
+ this.proxyContainer = new ProxyContainer(appendClusterName("pulsar-proxy"), ProxyContainer.NAME, spec.enableTls)
.withNetwork(network)
.withNetworkAliases(appendClusterName("pulsar-proxy"))
.withEnv("zkServers", appendClusterName(ZKContainer.NAME))
.withEnv("zookeeperServers", appendClusterName(ZKContainer.NAME))
.withEnv("configurationStoreServers", CSContainer.NAME + ":" + CS_PORT)
- .withEnv("clusterName", clusterName)
+ .withEnv("clusterName", clusterName);
// enable mTLS
+ if (spec.enableTls) {
+ proxyContainer
.withEnv("webServicePortTls", String.valueOf(BROKER_HTTPS_PORT))
.withEnv("servicePortTls", String.valueOf(BROKER_PORT_TLS))
.withEnv("forwardAuthorizationCredentials", "true")
@@ -147,7 +150,15 @@ public class PulsarCluster {
.withEnv("tlsAllowInsecureConnection", "false")
.withEnv("tlsCertificateFilePath", "/pulsar/certificate-authority/server-keys/proxy.cert.pem")
.withEnv("tlsKeyFilePath", "/pulsar/certificate-authority/server-keys/proxy.key-pk8.pem")
- .withEnv("tlsTrustCertsFilePath", "/pulsar/certificate-authority/certs/ca.cert.pem");
+ .withEnv("tlsTrustCertsFilePath", "/pulsar/certificate-authority/certs/ca.cert.pem")
+ .withEnv("brokerClientAuthenticationPlugin", AuthenticationTls.class.getName())
+ .withEnv("brokerClientAuthenticationParameters", String.format("tlsCertFile:%s,tlsKeyFile:%s", "/pulsar/certificate-authority/client-keys/admin.cert.pem", "/pulsar/certificate-authority/client-keys/admin.key-pk8.pem"))
+ .withEnv("tlsEnabledWithBroker", "true")
+ .withEnv("brokerClientTrustCertsFilePath", "/pulsar/certificate-authority/certs/ca.cert.pem")
+ .withEnv("brokerClientCertificateFilePath", "/pulsar/certificate-authority/server-keys/proxy.cert.pem")
+ .withEnv("brokerClientKeyFilePath", "/pulsar/certificate-authority/server-keys/proxy.key-pk8.pem");
+
+ }
if (spec.proxyEnvs != null) {
spec.proxyEnvs.forEach(this.proxyContainer::withEnv);
}
@@ -184,7 +195,7 @@ public class PulsarCluster {
// create brokers
brokerContainers.putAll(
runNumContainers("broker", spec.numBrokers(), (name) -> {
- BrokerContainer brokerContainer = new BrokerContainer(clusterName, appendClusterName(name))
+ BrokerContainer brokerContainer = new BrokerContainer(clusterName, appendClusterName(name), spec.enableTls)
.withNetwork(network)
.withNetworkAliases(appendClusterName(name))
.withEnv("zkServers", appendClusterName(ZKContainer.NAME))
@@ -195,16 +206,19 @@ public class PulsarCluster {
.withEnv("loadBalancerOverrideBrokerNicSpeedGbps", "1")
// used in s3 tests
.withEnv("AWS_ACCESS_KEY_ID", "accesskey").withEnv("AWS_SECRET_KEY", "secretkey")
- .withEnv("maxMessageSize", "" + spec.maxMessageSize)
+ .withEnv("maxMessageSize", "" + spec.maxMessageSize);
+ if (spec.enableTls) {
// enable mTLS
- .withEnv("webServicePortTls", String.valueOf(BROKER_HTTPS_PORT))
- .withEnv("brokerServicePortTls", String.valueOf(BROKER_PORT_TLS))
- .withEnv("authenticateOriginalAuthData", "true")
- .withEnv("tlsRequireTrustedClientCertOnConnect", "true")
- .withEnv("tlsAllowInsecureConnection", "false")
- .withEnv("tlsCertificateFilePath", "/pulsar/certificate-authority/server-keys/broker.cert.pem")
- .withEnv("tlsKeyFilePath", "/pulsar/certificate-authority/server-keys/broker.key-pk8.pem")
- .withEnv("tlsTrustCertsFilePath", "/pulsar/certificate-authority/certs/ca.cert.pem");
+ brokerContainer
+ .withEnv("webServicePortTls", String.valueOf(BROKER_HTTPS_PORT))
+ .withEnv("brokerServicePortTls", String.valueOf(BROKER_PORT_TLS))
+ .withEnv("authenticateOriginalAuthData", "true")
+ .withEnv("tlsAllowInsecureConnection", "false")
+ .withEnv("tlsRequireTrustedClientCertOnConnect", "true")
+ .withEnv("tlsTrustCertsFilePath", "/pulsar/certificate-authority/certs/ca.cert.pem")
+ .withEnv("tlsCertificateFilePath", "/pulsar/certificate-authority/server-keys/broker.cert.pem")
+ .withEnv("tlsKeyFilePath", "/pulsar/certificate-authority/server-keys/broker.key-pk8.pem");
+ }
if (spec.queryLastMessage) {
brokerContainer.withEnv("bookkeeperExplicitLacIntervalInMills", "10");
brokerContainer.withEnv("bookkeeperUseV2WireProtocol", "false");
diff --git a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarClusterSpec.java b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarClusterSpec.java
index fa28d20e6b3..c141e990d62 100644
--- a/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarClusterSpec.java
+++ b/tests/integration/src/test/java/org/apache/pulsar/tests/integration/topologies/PulsarClusterSpec.java
@@ -177,4 +177,10 @@ public class PulsarClusterSpec {
* Additional ports to expose on bookie containers.
*/
List<Integer> bookieAdditionalPorts;
+
+ /**
+ * Enable TLS for connection.
+ */
+ @Default
+ boolean enableTls = false;
}
(pulsar) 04/11: Revert "[fix][test][branch-3.0] fix testCleanupEmptySubscriptionAuthenticationMap (#21744)"
Posted by lh...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
lhotari pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 8bab1ecd720ff10bd001daff135b8414c696fc7c
Author: Lari Hotari <lh...@apache.org>
AuthorDate: Sat Jan 27 00:23:52 2024 +0200
Revert "[fix][test][branch-3.0] fix testCleanupEmptySubscriptionAuthenticationMap (#21744)"
This reverts commit 5b88f0b00538ca397b3746e5d8ff629181154ead.
---
.../apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
index 3e34305c244..a189940bee8 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/client/api/AuthenticatedProducerConsumerTest.java
@@ -507,8 +507,8 @@ public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase {
@Test
public void testCleanupEmptySubscriptionAuthenticationMap() throws Exception {
Map<String, String> authParams = new HashMap<>();
- authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH);
- authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH);
+ authParams.put("tlsCertFile", getTlsFileForClient("admin.cert"));
+ authParams.put("tlsKeyFile", getTlsFileForClient("admin.key-pk8"));
Authentication authTls = new AuthenticationTls();
authTls.configure(authParams);
internalSetup(authTls);