You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2019/04/16 23:31:38 UTC

[pulsar] branch master updated: Upgrade athenz libraries (#4056)

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 12a5001  Upgrade athenz libraries (#4056)
12a5001 is described below

commit 12a5001cbbb205ba7811317eeb02f40912e45b56
Author: massakam <ma...@yahoo-corp.jp>
AuthorDate: Wed Apr 17 08:31:33 2019 +0900

    Upgrade athenz libraries (#4056)
---
 pom.xml                                            |  2 +-
 .../client/impl/auth/AuthenticationAthenz.java     | 10 +++++++++
 .../client/impl/auth/AuthenticationAthenzTest.java | 24 ++++++++++++++++++++++
 3 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index f140c38..053b373 100644
--- a/pom.xml
+++ b/pom.xml
@@ -151,7 +151,7 @@ flexible messaging model and an intuitive client API.</description>
     <storm.version>1.0.5</storm.version>
     <jetty.version>9.4.12.v20180830</jetty.version>
     <jersey.version>2.27</jersey.version>
-    <athenz.version>1.7.17</athenz.version>
+    <athenz.version>1.8.17</athenz.version>
     <prometheus.version>0.5.0</prometheus.version>
     <aspectj.version>1.9.2</aspectj.version>
     <rocksdb.version>5.13.3</rocksdb.version>
diff --git a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
index e814ae6..3e0aef3 100644
--- a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
+++ b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
@@ -59,6 +59,10 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
     private String providerDomain;
     private PrivateKey privateKey;
     private String keyId = "0";
+    // If auto prefetching is enabled, application will not complete until the static method
+    // ZTSClient.cancelPrefetch() is called.
+    // cf. https://github.com/yahoo/athenz/issues/544
+    private boolean autoPrefetchEnabled = false;
     private long cachedRoleTokenTimestamp;
     private String roleToken;
     private final int minValidity = 2 * 60 * 60; // athenz will only give this token if it's at least valid for 2hrs
@@ -136,6 +140,8 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
         }
 
         this.keyId = authParams.getOrDefault("keyId", "0");
+        this.autoPrefetchEnabled = Boolean.valueOf(authParams.getOrDefault("autoPrefetchEnabled", "false"));
+
         if (authParams.containsKey("athenzConfPath")) {
             System.setProperty("athenz.athenz_conf", authParams.get("athenzConfPath"));
         }
@@ -156,6 +162,9 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
 
     @Override
     public void close() throws IOException {
+        if (ztsClient != null) {
+            ztsClient.close();
+        }
     }
 
     private ZTSClient getZtsClient() {
@@ -163,6 +172,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati
             ServiceIdentityProvider siaProvider = new SimpleServiceIdentityProvider(tenantDomain, tenantService,
                     privateKey, keyId);
             ztsClient = new ZTSClient(ztsUrl, tenantDomain, tenantService, siaProvider);
+            ztsClient.setPrefetchAutoEnable(this.autoPrefetchEnabled);
         }
         return ztsClient;
     }
diff --git a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
index 36df7f1..4419c1b 100644
--- a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
+++ b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
@@ -19,6 +19,7 @@
 package org.apache.pulsar.client.impl.auth;
 
 import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertFalse;
 import static org.testng.Assert.assertTrue;
 import org.testng.annotations.Test;
 import org.apache.pulsar.client.impl.auth.AuthenticationAthenz;
@@ -171,4 +172,27 @@ public class AuthenticationAthenzTest {
             Assert.fail();
         }
     }
+
+    @Test
+    public void testAutoPrefetchEnabled() throws Exception {
+        Field field = auth.getClass().getDeclaredField("autoPrefetchEnabled");
+        field.setAccessible(true);
+        assertFalse((boolean) field.get(auth));
+
+        String paramsStr = new String(Files.readAllBytes(Paths.get("./src/test/resources/authParams.json")));
+        ObjectMapper jsonMapper = ObjectMapperFactory.create();
+        Map<String, String> authParamsMap = jsonMapper.readValue(paramsStr, new TypeReference<HashMap<String, String>>() { });
+
+        authParamsMap.put("autoPrefetchEnabled", "true");
+        AuthenticationAthenz auth1 = new AuthenticationAthenz();
+        auth1.configure(jsonMapper.writeValueAsString(authParamsMap));
+        assertTrue((boolean) field.get(auth1));
+        auth1.close();
+
+        authParamsMap.put("autoPrefetchEnabled", "false");
+        AuthenticationAthenz auth2 = new AuthenticationAthenz();
+        auth2.configure(jsonMapper.writeValueAsString(authParamsMap));
+        assertFalse((boolean) field.get(auth2));
+        auth2.close();
+    }
 }