You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/09/14 06:52:27 UTC

[GitHub] [pulsar] momo-jun commented on a diff in pull request #17615: [improve][doc] Improve the information architecture of the security chapter

momo-jun commented on code in PR #17615:
URL: https://github.com/apache/pulsar/pull/17615#discussion_r970391607


##########
site2/docs/security-athenz.md:
##########
@@ -65,13 +65,41 @@ brokerClientAuthenticationParameters={"tenantDomain":"shopping","tenantService":
 > A full listing of parameters is available in the `conf/broker.conf` file, you can also find the default
 > values for those parameters in [Broker Configuration](reference-configuration.md#broker).
 
-## Configure clients for Athenz
+## Configure Athenz authentication in Pulsar clients
 
-For more information on Pulsar client authentication using Athenz, see the following language-specific docs:
+To use Athenz as an authentication provider, you need to [use TLS](#tls-authentication.md) and provide values for four parameters in a hash:
+* `tenantDomain`
+* `tenantService`
+* `providerDomain`
+* `privateKey`
 
-* [Java client](client-libraries-java.md#athenz)
+You can also set an optional `keyId`. The following is an example.
 
-## Configure CLI tools for Athenz
+```java
+Map<String, String> authParams = new HashMap();
+authParams.put("tenantDomain", "shopping"); // Tenant domain name
+authParams.put("tenantService", "some_app"); // Tenant service name
+authParams.put("providerDomain", "pulsar"); // Provider domain name
+authParams.put("privateKey", "file:///path/to/private.pem"); // Tenant private key path
+authParams.put("keyId", "v1"); // Key id for the tenant private key (optional, default: "0")
+
+Authentication athenzAuth = AuthenticationFactory
+        .create(AuthenticationAthenz.class.getName(), authParams);
+
+PulsarClient client = PulsarClient.builder()
+        .serviceUrl("pulsar+ssl://my-broker.com:6651")
+        .tlsTrustCertsFilePath("/path/to/cacert.pem")
+        .authentication(athenzAuth)
+        .build();
+```
+
+#### Supported pattern formats

Review Comment:
   It's copied and pasted here from another topic. I guess the intention was kind of to be a reference sub-topic so that's why `####` was used (not shown in the hot links). Thanks for the reminder. It will be evaluated in a further review throughout the topic.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org