[GitHub] [pulsar] momo-jun opened a new pull request, #16134: [improve][doc] Add info to introduce commands

[GitBox <gi...@apache.org>]

momo-jun opened a new pull request, #16134:
URL: https://github.com/apache/pulsar/pull/16134

   ### Modifications
   
   1. Fix #14463 - Add a tip to introduce the health check command for beginners.
   
   
   ### Documentation
   
   - [ ] `doc` 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] dave2wave commented on pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

dave2wave commented on PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#issuecomment-1179350094

   @momo-jun I'm not clear about why you are adding `.md` to links. In the Algolia crawler I see a large number of bad links to `,md` urls.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] momo-jun commented on a diff in pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

momo-jun commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r902421851


##########
site2/docs/security-jwt.md:
##########
@@ -219,9 +219,21 @@ $ bin/pulsar tokens create-key-pair --output-private-key my-private.key --output
  * Store `my-private.key` in a safe location and only administrator can use `my-private.key` to generate new tokens.
  * `my-public.key` is distributed to all Pulsar brokers. You can publicly share this file without any security concern.
 
-### Generate tokens
 
-A token is the credential associated with a user. The association is done through the "principal" or "role". In the case of JWT tokens, this field is typically referred as **subject**, though they are exactly the same concept.
+### Generate an admin role token
+
+Run the following command to create an admin role token, and use the generated token string as the value of `brokerClientAuthenticationParameters` in the `conf/broker.conf` or `conf/standalone.conf` file.

Review Comment:
   Updated in a note. PTAL.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nodece commented on a diff in pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

nodece commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r915592554


##########
site2/docs/client-libraries-cgo.md:
##########
@@ -4,7 +4,7 @@ title: Pulsar CGo client
 sidebar_label: "CGo(deprecated)"
 ---
 
-> The CGo client has been deprecated since version 2.7.0. If possible, use the [Go client](client-libraries-go) instead.
+> The CGo client has been deprecated since version 2.7.0. If possible, use the [Go client](client-libraries-go.md) instead.

Review Comment:
   Can you request the client-libraries-go page after changes?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nodece commented on a diff in pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

nodece commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r902357328


##########
site2/docs/security-jwt.md:
##########
@@ -219,9 +219,21 @@ $ bin/pulsar tokens create-key-pair --output-private-key my-private.key --output
  * Store `my-private.key` in a safe location and only administrator can use `my-private.key` to generate new tokens.
  * `my-public.key` is distributed to all Pulsar brokers. You can publicly share this file without any security concern.
 
-### Generate tokens
 
-A token is the credential associated with a user. The association is done through the "principal" or "role". In the case of JWT tokens, this field is typically referred as **subject**, though they are exactly the same concept.
+### Generate an admin role token
+
+Run the following command to create an admin role token, and use the generated token string as the value of `brokerClientAuthenticationParameters` in the `conf/broker.conf` or `conf/standalone.conf` file.

Review Comment:
   We also set up this token to `client.conf`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] Anonymitaet commented on a diff in pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

Anonymitaet commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r902670626


##########
site2/docs/getting-started-helm.md:
##########
@@ -422,12 +428,12 @@ Then you can proceed with the following steps:
 
 3. In Pulsar Manager UI, you can create an environment. 
 
-   - Click `New Environment` button in the top-left corner.
+   - Click the `New Environment` button in the top-left corner.
    - Type `pulsar-mini` for the field `Environment Name` in the popup window.
    - Type `http://pulsar-mini-broker:8080` for the field `Service URL` in the popup window.
-   - Click `Confirm` button in the popup window.
+   - Click the `Confirm` button in the popup window.

Review Comment:
   ```suggestion
      - Click **Confirm** in the popup window.
   ```



##########
site2/docs/getting-started-standalone.md:
##########
@@ -257,15 +257,14 @@ If you have started Pulsar successfully, you will see `INFO`-level log messages
 
 :::tip
 
-* The service is running on your terminal, which is under your direct control. If you need to run other commands, open a new terminal window.  
+* The service is running on your terminal, which is under your direct control. If you need to run other commands, open a new terminal window. 
+* To run the service as a background process, you can use the `bin/pulsar-daemon start standalone` command. For more information, see [pulsar-daemon](/docs/en/reference-cli-tools/#pulsar-daemon).
+* To perform a health check, you can use the `bin/pulsar-admin brokers healthcheck` command. For more information, see [Pulsar-admin docs](/tools/pulsar-admin/).
+* When you start a local standalone cluster, a `public/default` [namespace](concepts-messaging.md#namespaces) is created automatically. The namespace is used for development purposes. All Pulsar topics are managed within namespaces. For more information, see [Topics](concepts-messaging.md#topics).
+* By default, there is no encryption, authentication, or authorization configured. Apache Pulsar can be accessed from a remote server without any authorization. Refer to [Security Overview](security-overview) document to secure your deployment. 

Review Comment:
   ```suggestion
   * To run the service as a background process, you can use the `bin/pulsar-daemon start standalone` command. For more information, see [pulsar-daemon](/docs/en/reference-cli-tools/#pulsar-daemon).
   * To perform a health check, you can use the `bin/pulsar-admin brokers healthcheck` command. For more information, see [Pulsar-admin docs](/tools/pulsar-admin/).
   * When you start a local standalone cluster, a `public/default` [namespace](concepts-messaging.md#namespaces) is created automatically. The namespace is used for development purposes. All Pulsar topics are managed within namespaces. For more information, see [Topics](concepts-messaging.md#topics).
   * By default, there is no encryption, authentication, or authorization configured. Apache Pulsar can be accessed from a remote server without any authorization. For more information, see [Security Overview](security-overview) document to secure your deployment. 
   ```
   keep consistent



##########
site2/docs/security-jwt.md:
##########
@@ -29,9 +29,11 @@ eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJKb2UifQ.ipevRNuRP6HflG8cFKnmUPtypruRC4fb1DWtoLL6
 
 Application specifies the token when you create the client instance. An alternative is to pass a "token supplier" (a function that returns the token when the client library needs one).
 
-> #### Always use TLS transport encryption
-> Sending a token is equivalent to sending a password over the wire. You had better use TLS encryption all the time when you connect to the Pulsar service. See
-> [Transport Encryption using TLS](security-tls-transport) for more details.
+:::note
+
+Always use TLS transport encryption when you connect to the Pulsar service, because sending a token is equivalent to sending a password over the wire. See [Transport Encryption using TLS](security-tls-transport) for more details.

Review Comment:
   ```suggestion
   Always use TLS transport encryption when you connect to the Pulsar service because sending a token is equivalent to sending a password over the wire. See [Transport Encryption using TLS](security-tls-transport) for more details.
   ```



##########
site2/docs/security-jwt.md:
##########
@@ -298,29 +293,31 @@ tokenSecretKey=file:///path/to/secret.key
 
 ```
 
-### Enable token authentication on Proxies
+:::note
+
+Equivalent to `brokerClientAuthenticationParameters`, you need to configure `authParams` in the `conf/client.conf` file. 
 
-To configure proxies to authenticate clients, add the following parameters to `proxy.conf`:
+:::
 
-The proxy uses its own token when connecting to brokers. You need to configure the role token for this key pair in the `proxyRoles` of the brokers. For more details, see the [authorization guide](security-authorization).
+### Enable token authentication on Proxies
+
+To configure proxies to authenticate clients, add the following parameters to the `conf/proxy.conf` file.
 
 ```properties
 
 # For clients connecting to the proxy
 authenticationEnabled=true
-authorizationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken
 tokenSecretKey=file:///path/to/secret.key
 
 # For the proxy to connect to brokers
 brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
 brokerClientAuthenticationParameters={"token":"eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw"}
-# Or, alternatively, read token from file
-# brokerClientAuthenticationParameters={"file":"///path/to/proxy-token.txt"}
-
-# Whether client authorization credentials are forwarded to the broker for re-authorization.
-# Authentication must be enabled via authenticationEnabled=true for this to take effect.
-forwardAuthorizationCredentials=true
+# Either configure the token string or specify to read it from a file. The following three available formats are all valid:
+# brokerClientAuthenticationParameters={"token":"your-token-string"}
+# brokerClientAuthenticationParameters=token:your-token-string
+# brokerClientAuthenticationParameters=file:///path/to/token
 
 ```
 
+The proxy uses its own token when connecting to brokers. You need to configure the role token for this key pair in the `proxyRoles` of the brokers. For more details, refer to [authorization](security-authorization).

Review Comment:
   ```suggestion
   The proxy uses its own token when connecting to brokers. You need to configure the role token for this key pair in the `proxyRoles` of the brokers. For more information, see [authorization](security-authorization).
   ```
   same as above



##########
site2/docs/getting-started-helm.md:
##########
@@ -422,12 +428,12 @@ Then you can proceed with the following steps:
 
 3. In Pulsar Manager UI, you can create an environment. 
 
-   - Click `New Environment` button in the top-left corner.
+   - Click the `New Environment` button in the top-left corner.

Review Comment:
   ```suggestion
      - Click **New Environment** in the upper-left corner.
   ```
   no `the` and bold: https://docs.google.com/document/d/1lc5j4RtuLIzlEYCBo97AC8-U_3Erzs_lxpkDuseU0n4/edit#bookmark=kix.m5ccxnsf33mu
   
   upper-left: https://docs.google.com/document/d/1lc5j4RtuLIzlEYCBo97AC8-U_3Erzs_lxpkDuseU0n4/edit#bookmark=id.9erkgdfwfyp4



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] Anonymitaet merged pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

Anonymitaet merged PR #16134:
URL: https://github.com/apache/pulsar/pull/16134


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] nodece commented on a diff in pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

nodece commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r902357328


##########
site2/docs/security-jwt.md:
##########
@@ -219,9 +219,21 @@ $ bin/pulsar tokens create-key-pair --output-private-key my-private.key --output
  * Store `my-private.key` in a safe location and only administrator can use `my-private.key` to generate new tokens.
  * `my-public.key` is distributed to all Pulsar brokers. You can publicly share this file without any security concern.
 
-### Generate tokens
 
-A token is the credential associated with a user. The association is done through the "principal" or "role". In the case of JWT tokens, this field is typically referred as **subject**, though they are exactly the same concept.
+### Generate an admin role token
+
+Run the following command to create an admin role token, and use the generated token string as the value of `brokerClientAuthenticationParameters` in the `conf/broker.conf` or `conf/standalone.conf` file.

Review Comment:
   We also need to set up this token to `client.conf`.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] momo-jun commented on a diff in pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

momo-jun commented on code in PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#discussion_r915627548


##########
site2/docs/client-libraries-cgo.md:
##########
@@ -4,7 +4,7 @@ title: Pulsar CGo client
 sidebar_label: "CGo(deprecated)"
 ---
 
-> The CGo client has been deprecated since version 2.7.0. If possible, use the [Go client](client-libraries-go) instead.
+> The CGo client has been deprecated since version 2.7.0. If possible, use the [Go client](client-libraries-go.md) instead.

Review Comment:
   Yes, without `.md` the page cannot be accessed.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [pulsar] momo-jun commented on pull request #16134: [improve][doc] Add information for Get Started and clarify configurations for JWT

[GitBox <gi...@apache.org>]

momo-jun commented on PR #16134:
URL: https://github.com/apache/pulsar/pull/16134#issuecomment-1179856312

   @dave2wave this change is a follow-up clean-up of #16190 to fix the issue that doc page links without `.md` cannot be accessed on the website but return 404.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org