You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/04/12 13:58:07 UTC

[pulsar] branch master updated: [broker] fix parameter saslJaasBrokerSectionName in broker.conf (#15110)

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 8ff87ac9523 [broker] fix parameter saslJaasBrokerSectionName in broker.conf (#15110)
8ff87ac9523 is described below

commit 8ff87ac9523ac74f8a009cd89f3ace69e412eef1
Author: Dezhi LIiu <33...@users.noreply.github.com>
AuthorDate: Tue Apr 12 21:57:56 2022 +0800

    [broker] fix parameter saslJaasBrokerSectionName in broker.conf (#15110)
    
    ### Motivation
    when the parameter saslJaasBrokerSectionName is set, it does not take effect  , becase  `ServiceConfiguration` is saslJaasServerSectionName  not match.
    ```
     @FieldContext(
            category = CATEGORY_SASL_AUTH,
            doc = "Service Principal, for login context name. Default value is \"PulsarBroker\"."
        )
        private String saslJaasServerSectionName = SaslConstants.JAAS_DEFAULT_BROKER_SECTION_NAME;
    ```
    
    ### Modifications
    alert conf
    `# Service Principal, for login context name.`
    `# Default value `SaslConstants.JAAS_DEFAULT_BROKER_SECTION_NAME`, which is "Broker".`
    `saslJaasServerSectionName=`
---
 conf/broker.conf                                   | 2 +-
 deployment/terraform-ansible/templates/broker.conf | 2 +-
 site2/docs/functions-worker.md                     | 4 ++--
 site2/docs/reference-configuration.md              | 2 +-
 site2/docs/security-kerberos.md                    | 8 ++++----
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/conf/broker.conf b/conf/broker.conf
index f5cb1ade396..8c5448a881d 100644
--- a/conf/broker.conf
+++ b/conf/broker.conf
@@ -765,7 +765,7 @@ saslJaasClientAllowedIds=
 
 # Service Principal, for login context name.
 # Default value `SaslConstants.JAAS_DEFAULT_BROKER_SECTION_NAME`, which is "Broker".
-saslJaasBrokerSectionName=
+saslJaasServerSectionName=
 
 ### --- HTTP Server config --- ###
 
diff --git a/deployment/terraform-ansible/templates/broker.conf b/deployment/terraform-ansible/templates/broker.conf
index 1a961495cfc..3e1000cc4b1 100644
--- a/deployment/terraform-ansible/templates/broker.conf
+++ b/deployment/terraform-ansible/templates/broker.conf
@@ -612,7 +612,7 @@ saslJaasClientAllowedIds=
 
 # Service Principal, for login context name.
 # Default value `SaslConstants.JAAS_DEFAULT_BROKER_SECTION_NAME`, which is "Broker".
-saslJaasBrokerSectionName=
+saslJaasServerSectionName=
 
 ### --- HTTP Server config --- ###
 
diff --git a/site2/docs/functions-worker.md b/site2/docs/functions-worker.md
index c58d5a436d1..85e636e8bfa 100644
--- a/site2/docs/functions-worker.md
+++ b/site2/docs/functions-worker.md
@@ -195,13 +195,13 @@ authenticationEnabled: true
 authenticationProviders: ['org.apache.pulsar.broker.authentication.AuthenticationProviderTls']
 ```
 
-For *SASL Authentication* provider, add `saslJaasClientAllowedIds` and `saslJaasBrokerSectionName`
+For *SASL Authentication* provider, add `saslJaasClientAllowedIds` and `saslJaasServerSectionName`
 under `properties` if needed. 
 
 ```
 properties:
   saslJaasClientAllowedIds: .*pulsar.*
-  saslJaasBrokerSectionName: Broker
+  saslJaasServerSectionName: Broker
 ```
 
 For *Token Authentication* provider, add necessary settings for `properties` if needed.
diff --git a/site2/docs/reference-configuration.md b/site2/docs/reference-configuration.md
index 1cdcb92447e..af0f3656568 100644
--- a/site2/docs/reference-configuration.md
+++ b/site2/docs/reference-configuration.md
@@ -597,7 +597,7 @@ You can set the log level and configuration in the  [log4j2.yaml](https://github
 |tokenAudienceClaim| The token audience "claim" name, e.g. "aud". It is used to get the audience from token. If it is not set, the audience is not verified. ||
 | tokenAudience | The token audience stands for this broker. The field `tokenAudienceClaim` of a valid token need contains this parameter.| |
 |saslJaasClientAllowedIds|This is a regexp, which limits the range of possible ids which can connect to the Broker using SASL. By default, it is set to `SaslConstants.JAAS_CLIENT_ALLOWED_IDS_DEFAULT`, which is ".*pulsar.*", so only clients whose id contains 'pulsar' are allowed to connect.|N/A|
-|saslJaasBrokerSectionName|Service Principal, for login context name. By default, it is set to `SaslConstants.JAAS_DEFAULT_BROKER_SECTION_NAME`, which is "Broker".|N/A|
+|saslJaasServerSectionName|Service Principal, for login context name. By default, it is set to `SaslConstants.JAAS_DEFAULT_BROKER_SECTION_NAME`, which is "Broker".|N/A|
 |httpMaxRequestSize|If the value is larger than 0, it rejects all HTTP requests with bodies larged than the configured limit.|-1|
 |exposePreciseBacklogInPrometheus| Enable expose the precise backlog stats, set false to use published counter and consumed counter to calculate, this would be more efficient but may be inaccurate. |false|
 |bookkeeperMetadataServiceUri|Metadata service uri is what BookKeeper used for loading corresponding metadata driver and resolving its metadata service location. This value can be fetched using `bookkeeper shell whatisinstanceid` command in BookKeeper cluster. For example: `zk+hierarchical://localhost:2181/ledgers`. The metadata service uri list can also be semicolon separated values like: `zk+hierarchical://zk1:2181;zk2:2181;zk3:2181/ledgers`.|N/A|
diff --git a/site2/docs/security-kerberos.md b/site2/docs/security-kerberos.md
index f7fe4c5f650..897bf3bb0dd 100644
--- a/site2/docs/security-kerberos.md
+++ b/site2/docs/security-kerberos.md
@@ -113,7 +113,7 @@ You can have 2 separate JAAS configuration files:
  - Set `authenticationEnabled` to `true`;
  - Set `authenticationProviders` to choose `AuthenticationProviderSasl`;
  - Set `saslJaasClientAllowedIds` regex for principal that is allowed to connect to broker;
- - Set `saslJaasBrokerSectionName` that corresponds to the section in JAAS configuration file for broker;
+ - Set `saslJaasServerSectionName` that corresponds to the section in JAAS configuration file for broker;
  
  To make Pulsar internal admin client work properly, you need to set the configuration in the `broker.conf` file as below: 
  - Set `brokerClientAuthenticationPlugin` to client plugin `AuthenticationSasl`;
@@ -125,7 +125,7 @@ You can have 2 separate JAAS configuration files:
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
 saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
+saslJaasServerSectionName=PulsarBroker
 
 ## Authentication settings of the broker itself. Used when the broker connects to other brokers
 brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
@@ -306,7 +306,7 @@ In the `proxy.conf` file, set Kerberos related configuration. Here is an example
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
 saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarProxy
+saslJaasServerSectionName=PulsarProxy
 
 ## related to be authenticated by broker
 brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
@@ -326,7 +326,7 @@ The broker side configuration file is the same with the above `broker.conf`, you
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl
 saslJaasClientAllowedIds=.*client.*
-saslJaasBrokerSectionName=PulsarBroker
+saslJaasServerSectionName=PulsarBroker
 ```
 
 ## Regarding authorization and role token