You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by eo...@apache.org on 2021/05/03 10:09:51 UTC
[pulsar] branch branch-2.7 updated: Upgrade athenz version and
remove yahoo.bintray.com repository (#10079) (#10471)
This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.7 by this push:
new a695aee Upgrade athenz version and remove yahoo.bintray.com repository (#10079) (#10471)
a695aee is described below
commit a695aee1bd538ea5fa13405fdf89a22c0809fcba
Author: Lari Hotari <lh...@users.noreply.github.com>
AuthorDate: Mon May 3 13:09:18 2021 +0300
Upgrade athenz version and remove yahoo.bintray.com repository (#10079) (#10471)
- also upgrade links from https://github.com/yahoo/athenz to
https://github.com/AthenZ/athenz
---
pom.xml | 10 +---------
.../apache/pulsar/client/impl/auth/AuthenticationAthenz.java | 2 +-
site2/docs/security-athenz.md | 10 +++++-----
.../versioned_docs/version-2.1.0-incubating/security-athenz.md | 10 +++++-----
site2/website/versioned_docs/version-2.4.1/security-athenz.md | 10 +++++-----
site2/website/versioned_docs/version-2.4.2/security-athenz.md | 10 +++++-----
site2/website/versioned_docs/version-2.6.0/security-athenz.md | 10 +++++-----
site2/website/versioned_docs/version-2.6.1/security-athenz.md | 10 +++++-----
site2/website/versioned_docs/version-2.6.2/security-athenz.md | 10 +++++-----
9 files changed, 37 insertions(+), 45 deletions(-)
diff --git a/pom.xml b/pom.xml
index 6544e9d..eb35a96 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,7 +104,7 @@ flexible messaging model and an intuitive client API.</description>
<netty-tc-native.version>2.0.36.Final</netty-tc-native.version>
<jetty.version>9.4.39.v20210325</jetty.version>
<jersey.version>2.31</jersey.version>
- <athenz.version>1.8.38</athenz.version>
+ <athenz.version>1.10.9</athenz.version>
<prometheus.version>0.5.0</prometheus.version>
<aspectj.version>1.9.2</aspectj.version>
<vertx.version>3.5.3</vertx.version>
@@ -1730,14 +1730,6 @@ flexible messaging model and an intuitive client API.</description>
<url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
- <snapshots>
- <enabled>false</enabled>
- </snapshots>
- <id>bintray-yahoo-maven</id>
- <name>bintray</name>
- <url>https://yahoo.bintray.com/maven</url>
- </repository>
- <repository>
<id>confluent</id>
<url>http://packages.confluent.io/maven/</url>
</repository>
diff --git a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
index cf93064..1a22cfb 100644
--- a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
+++ b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
@@ -62,7 +62,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
private String roleHeader = null;
// If auto prefetching is enabled, application will not complete until the static method
// ZTSClient.cancelPrefetch() is called.
- // cf. https://github.com/yahoo/athenz/issues/544
+ // cf. https://github.com/AthenZ/athenz/issues/544
private boolean autoPrefetchEnabled = false;
private long cachedRoleTokenTimestamp;
private String roleToken;
diff --git a/site2/docs/security-athenz.md b/site2/docs/security-athenz.md
index 737d9d1..a59953d 100644
--- a/site2/docs/security-athenz.md
+++ b/site2/docs/security-athenz.md
@@ -4,11 +4,11 @@ title: Authentication using Athenz
sidebar_label: Authentication using Athenz
---
-[Athenz](https://github.com/yahoo/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
+[Athenz](https://github.com/AthenZ/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
## Athenz authentication settings
-A [decentralized Athenz system](https://github.com/yahoo/athenz/blob/master/docs/dev_decentralized_access.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
+A [decentralized Athenz system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
To begin, you need to set up Athenz service access control. You need to create domains for the *provider* (which provides some resources to other services with some authentication/authorization policies) and the *tenant* (which is provisioned to access some resources in a provider). In this case, the provider corresponds to the Pulsar service itself and the tenant corresponds to each application using Pulsar (typically, a [tenant](reference-terminology.md#tenant) in Pulsar).
@@ -22,7 +22,7 @@ On the [tenant](reference-terminology.md#tenant) side, you need to do the follow
Note that you need to specify the private key generated in step 2 when the Pulsar client connects to the [broker](reference-terminology.md#broker) (see client configuration examples for [Java](client-libraries-java.md#tls-authentication) and [C++](client-libraries-cpp.md#tls-authentication)).
-For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
+For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
### Create the provider domain and add the tenant service to some role members
@@ -34,14 +34,14 @@ On the provider side, you need to do the following things:
Note that you can specify any action and resource in step 2 since they are not used on Pulsar. In other words, Pulsar uses the Athenz role token only for authentication, *not* for authorization.
-For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
+For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
## Configure the broker for Athenz
> ### TLS encryption
>
> Note that when you are using Athenz as an authentication provider, you had better use TLS encryption
-> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/yahoo/athenz/blob/master/docs/data_model.md)).
+> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/AthenZ/athenz/blob/master/docs/data_model.md)).
In the `conf/broker.conf` configuration file in your Pulsar installation, you need to provide the class name of the Athenz authentication provider as well as a comma-separated list of provider domain names.
diff --git a/site2/website/versioned_docs/version-2.1.0-incubating/security-athenz.md b/site2/website/versioned_docs/version-2.1.0-incubating/security-athenz.md
index 484115c..798254b 100644
--- a/site2/website/versioned_docs/version-2.1.0-incubating/security-athenz.md
+++ b/site2/website/versioned_docs/version-2.1.0-incubating/security-athenz.md
@@ -5,11 +5,11 @@ sidebar_label: Authentication using Athenz
original_id: security-athenz
---
-[Athenz](https://github.com/yahoo/athenz) is a role-based authentication/authorization system. In Pulsar, Athenz role tokens (aka *z-tokens*) can be used to establish the identify of the client.
+[Athenz](https://github.com/AthenZ/athenz) is a role-based authentication/authorization system. In Pulsar, Athenz role tokens (aka *z-tokens*) can be used to establish the identify of the client.
## Athenz authentication settings
-In a [decentralized Athenz system](https://github.com/yahoo/athenz/blob/master/docs/dev_decentralized_access.md) there is both an [authori**Z**ation **M**anagement **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
+In a [decentralized Athenz system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md) there is both an [authori**Z**ation **M**anagement **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
To begin, you need to set up Athenz service access control. You should create domains for the *provider* (which provides some resources to other services with some authentication/authorization policies) and the *tenant* (which is provisioned to access some resources in a provider). In this case, the provider corresponds to the Pulsar service itself and the tenant corresponds to each application using Pulsar (typically, a [tenant](reference-terminology.md#tenant) in Pulsar).
@@ -23,7 +23,7 @@ On the [tenant](reference-terminology.md#tenant) side, you need to:
Note that the private key generated in step 2 needs to be specified when the Pulsar client connects to the [broker](reference-terminology.md#broker) (see client configuration examples for [Java](client-libraries-java.md#tls-authentication) and [C++](client-libraries-cpp.md#tls-authentication)).
-For more specific steps involving the Athenz UI, please refer to [this doc](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
+For more specific steps involving the Athenz UI, please refer to [this doc](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
### Create the provider domain and add the tenant service to some role members
@@ -35,14 +35,14 @@ On the provider side, you need to:
Note that in step 2 any action and resource can be specified since they are not used on Pulsar. In other words, Pulsar uses the Athenz role token only for authentication, *not* for authorization.
-For more specific steps involving UI, please refer to [this doc](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
+For more specific steps involving UI, please refer to [this doc](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
## Configure the broker for Athenz
> ### TLS encryption strongly recommended
>
> Please note that using TLS encryption is strongly recommended when using Athenz as an authentication provider,
-> as it can protect role tokens from being intercepted and reused (see also [this doc](https://github.com/yahoo/athenz/blob/master/docs/data_model.md)).
+> as it can protect role tokens from being intercepted and reused (see also [this doc](https://github.com/AthenZ/athenz/blob/master/docs/data_model.md)).
In the `conf/broker.conf` configuration file in your Pulsar installation, you need to provide the class name of the Athenz authentication provider as well as a comma-separated list of provider domain names.
diff --git a/site2/website/versioned_docs/version-2.4.1/security-athenz.md b/site2/website/versioned_docs/version-2.4.1/security-athenz.md
index fe10a9d..af1412c 100644
--- a/site2/website/versioned_docs/version-2.4.1/security-athenz.md
+++ b/site2/website/versioned_docs/version-2.4.1/security-athenz.md
@@ -5,11 +5,11 @@ sidebar_label: Authentication using Athenz
original_id: security-athenz
---
-[Athenz](https://github.com/yahoo/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
+[Athenz](https://github.com/AthenZ/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
## Athenz authentication settings
-A [decentralized Athenz system](https://github.com/yahoo/athenz/blob/master/docs/dev_decentralized_access.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
+A [decentralized Athenz system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
To begin, you need to set up Athenz service access control. You need to create domains for the *provider* (which provides some resources to other services with some authentication/authorization policies) and the *tenant* (which is provisioned to access some resources in a provider). In this case, the provider corresponds to the Pulsar service itself and the tenant corresponds to each application using Pulsar (typically, a [tenant](reference-terminology.md#tenant) in Pulsar).
@@ -23,7 +23,7 @@ On the [tenant](reference-terminology.md#tenant) side, you need to do the follow
Note that you need to specify the private key generated in step 2 when the Pulsar client connects to the [broker](reference-terminology.md#broker) (see client configuration examples for [Java](client-libraries-java.md#tls-authentication) and [C++](client-libraries-cpp.md#tls-authentication)).
-For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
+For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
### Create the provider domain and add the tenant service to some role members
@@ -35,14 +35,14 @@ On the provider side, you need to do the following things:
Note that you can specify any action and resource in step 2 since they are not used on Pulsar. In other words, Pulsar uses the Athenz role token only for authentication, *not* for authorization.
-For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
+For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
## Configure the broker for Athenz
> ### TLS encryption
>
> Note that when you are using Athenz as an authentication provider, you had better use TLS encryption
-> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/yahoo/athenz/blob/master/docs/data_model.md)).
+> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/AthenZ/athenz/blob/master/docs/data_model.md)).
In the `conf/broker.conf` configuration file in your Pulsar installation, you need to provide the class name of the Athenz authentication provider as well as a comma-separated list of provider domain names.
diff --git a/site2/website/versioned_docs/version-2.4.2/security-athenz.md b/site2/website/versioned_docs/version-2.4.2/security-athenz.md
index a4117b6..c59af51 100644
--- a/site2/website/versioned_docs/version-2.4.2/security-athenz.md
+++ b/site2/website/versioned_docs/version-2.4.2/security-athenz.md
@@ -5,11 +5,11 @@ sidebar_label: Authentication using Athenz
original_id: security-athenz
---
-[Athenz](https://github.com/yahoo/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
+[Athenz](https://github.com/AthenZ/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
## Athenz authentication settings
-A [decentralized Athenz system](https://github.com/yahoo/athenz/blob/master/docs/dev_decentralized_access.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
+A [decentralized Athenz system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
To begin, you need to set up Athenz service access control. You need to create domains for the *provider* (which provides some resources to other services with some authentication/authorization policies) and the *tenant* (which is provisioned to access some resources in a provider). In this case, the provider corresponds to the Pulsar service itself and the tenant corresponds to each application using Pulsar (typically, a [tenant](reference-terminology.md#tenant) in Pulsar).
@@ -23,7 +23,7 @@ On the [tenant](reference-terminology.md#tenant) side, you need to do the follow
Note that you need to specify the private key generated in step 2 when the Pulsar client connects to the [broker](reference-terminology.md#broker) (see client configuration examples for [Java](client-libraries-java.md#tls-authentication) and [C++](client-libraries-cpp.md#tls-authentication)).
-For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
+For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
### Create the provider domain and add the tenant service to some role members
@@ -35,14 +35,14 @@ On the provider side, you need to do the following things:
Note that you can specify any action and resource in step 2 since they are not used on Pulsar. In other words, Pulsar uses the Athenz role token only for authentication, *not* for authorization.
-For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
+For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
## Configure the broker for Athenz
> ### TLS encryption
>
> Note that when you are using Athenz as an authentication provider, you had better use TLS encryption
-> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/yahoo/athenz/blob/master/docs/data_model.md)).
+> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/AthenZ/athenz/blob/master/docs/data_model.md)).
In the `conf/broker.conf` configuration file in your Pulsar installation, you need to provide the class name of the Athenz authentication provider as well as a comma-separated list of provider domain names.
diff --git a/site2/website/versioned_docs/version-2.6.0/security-athenz.md b/site2/website/versioned_docs/version-2.6.0/security-athenz.md
index 44ea1d2..e26baf58 100644
--- a/site2/website/versioned_docs/version-2.6.0/security-athenz.md
+++ b/site2/website/versioned_docs/version-2.6.0/security-athenz.md
@@ -5,11 +5,11 @@ sidebar_label: Authentication using Athenz
original_id: security-athenz
---
-[Athenz](https://github.com/yahoo/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
+[Athenz](https://github.com/AthenZ/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
## Athenz authentication settings
-A [decentralized Athenz system](https://github.com/yahoo/athenz/blob/master/docs/dev_decentralized_access.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
+A [decentralized Athenz system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
To begin, you need to set up Athenz service access control. You need to create domains for the *provider* (which provides some resources to other services with some authentication/authorization policies) and the *tenant* (which is provisioned to access some resources in a provider). In this case, the provider corresponds to the Pulsar service itself and the tenant corresponds to each application using Pulsar (typically, a [tenant](reference-terminology.md#tenant) in Pulsar).
@@ -23,7 +23,7 @@ On the [tenant](reference-terminology.md#tenant) side, you need to do the follow
Note that you need to specify the private key generated in step 2 when the Pulsar client connects to the [broker](reference-terminology.md#broker) (see client configuration examples for [Java](client-libraries-java.md#tls-authentication) and [C++](client-libraries-cpp.md#tls-authentication)).
-For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
+For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
### Create the provider domain and add the tenant service to some role members
@@ -35,14 +35,14 @@ On the provider side, you need to do the following things:
Note that you can specify any action and resource in step 2 since they are not used on Pulsar. In other words, Pulsar uses the Athenz role token only for authentication, *not* for authorization.
-For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
+For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
## Configure the broker for Athenz
> ### TLS encryption
>
> Note that when you are using Athenz as an authentication provider, you had better use TLS encryption
-> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/yahoo/athenz/blob/master/docs/data_model.md)).
+> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/AthenZ/athenz/blob/master/docs/data_model.md)).
In the `conf/broker.conf` configuration file in your Pulsar installation, you need to provide the class name of the Athenz authentication provider as well as a comma-separated list of provider domain names.
diff --git a/site2/website/versioned_docs/version-2.6.1/security-athenz.md b/site2/website/versioned_docs/version-2.6.1/security-athenz.md
index 50f819e..5fb1bc2 100644
--- a/site2/website/versioned_docs/version-2.6.1/security-athenz.md
+++ b/site2/website/versioned_docs/version-2.6.1/security-athenz.md
@@ -5,11 +5,11 @@ sidebar_label: Authentication using Athenz
original_id: security-athenz
---
-[Athenz](https://github.com/yahoo/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
+[Athenz](https://github.com/AthenZ/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
## Athenz authentication settings
-A [decentralized Athenz system](https://github.com/yahoo/athenz/blob/master/docs/dev_decentralized_access.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
+A [decentralized Athenz system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
To begin, you need to set up Athenz service access control. You need to create domains for the *provider* (which provides some resources to other services with some authentication/authorization policies) and the *tenant* (which is provisioned to access some resources in a provider). In this case, the provider corresponds to the Pulsar service itself and the tenant corresponds to each application using Pulsar (typically, a [tenant](reference-terminology.md#tenant) in Pulsar).
@@ -23,7 +23,7 @@ On the [tenant](reference-terminology.md#tenant) side, you need to do the follow
Note that you need to specify the private key generated in step 2 when the Pulsar client connects to the [broker](reference-terminology.md#broker) (see client configuration examples for [Java](client-libraries-java.md#tls-authentication) and [C++](client-libraries-cpp.md#tls-authentication)).
-For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
+For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
### Create the provider domain and add the tenant service to some role members
@@ -35,14 +35,14 @@ On the provider side, you need to do the following things:
Note that you can specify any action and resource in step 2 since they are not used on Pulsar. In other words, Pulsar uses the Athenz role token only for authentication, *not* for authorization.
-For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
+For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
## Configure the broker for Athenz
> ### TLS encryption
>
> Note that when you are using Athenz as an authentication provider, you had better use TLS encryption
-> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/yahoo/athenz/blob/master/docs/data_model.md)).
+> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/AthenZ/athenz/blob/master/docs/data_model.md)).
In the `conf/broker.conf` configuration file in your Pulsar installation, you need to provide the class name of the Athenz authentication provider as well as a comma-separated list of provider domain names.
diff --git a/site2/website/versioned_docs/version-2.6.2/security-athenz.md b/site2/website/versioned_docs/version-2.6.2/security-athenz.md
index 78996c7..81cf181 100644
--- a/site2/website/versioned_docs/version-2.6.2/security-athenz.md
+++ b/site2/website/versioned_docs/version-2.6.2/security-athenz.md
@@ -5,11 +5,11 @@ sidebar_label: Authentication using Athenz
original_id: security-athenz
---
-[Athenz](https://github.com/yahoo/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
+[Athenz](https://github.com/AthenZ/athenz) is a role-based authentication/authorization system. In Pulsar, you can use Athenz role tokens (also known as *z-tokens*) to establish the identify of the client.
## Athenz authentication settings
-A [decentralized Athenz system](https://github.com/yahoo/athenz/blob/master/docs/dev_decentralized_access.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/yahoo/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
+A [decentralized Athenz system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md) contains an [authori**Z**ation **M**anagement **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md) (ZMS) server and an [authori**Z**ation **T**oken **S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts.md) (ZTS) server.
To begin, you need to set up Athenz service access control. You need to create domains for the *provider* (which provides some resources to other services with some authentication/authorization policies) and the *tenant* (which is provisioned to access some resources in a provider). In this case, the provider corresponds to the Pulsar service itself and the tenant corresponds to each application using Pulsar (typically, a [tenant](reference-terminology.md#tenant) in Pulsar).
@@ -23,7 +23,7 @@ On the [tenant](reference-terminology.md#tenant) side, you need to do the follow
Note that you need to specify the private key generated in step 2 when the Pulsar client connects to the [broker](reference-terminology.md#broker) (see client configuration examples for [Java](client-libraries-java.md#tls-authentication) and [C++](client-libraries-cpp.md#tls-authentication)).
-For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
+For more specific steps involving the Athenz UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#client-tenant-domain).
### Create the provider domain and add the tenant service to some role members
@@ -35,14 +35,14 @@ On the provider side, you need to do the following things:
Note that you can specify any action and resource in step 2 since they are not used on Pulsar. In other words, Pulsar uses the Athenz role token only for authentication, *not* for authorization.
-For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/yahoo/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
+For more specific steps involving UI, refer to [Example Service Access Control Setup](https://github.com/AthenZ/athenz/blob/master/docs/example_service_athenz_setup.md#server-provider-domain).
## Configure the broker for Athenz
> ### TLS encryption
>
> Note that when you are using Athenz as an authentication provider, you had better use TLS encryption
-> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/yahoo/athenz/blob/master/docs/data_model.md)).
+> as it can protect role tokens from being intercepted and reused. (for more details involving TLS encrption see [Architecture - Data Model](https://github.com/AthenZ/athenz/blob/master/docs/data_model.md)).
In the `conf/broker.conf` configuration file in your Pulsar installation, you need to provide the class name of the Athenz authentication provider as well as a comma-separated list of provider domain names.