You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/10/19 08:24:55 UTC

[GitHub] [pulsar] RobertIndie commented on a diff in pull request #18035: [improve][doc] Improve the authentication enablement workflow across multiple providers

RobertIndie commented on code in PR #18035:
URL: https://github.com/apache/pulsar/pull/18035#discussion_r999055839


##########
site2/docs/security-athenz.md:
##########
@@ -65,16 +61,46 @@ brokerClientAuthenticationParameters={"tenantDomain":"shopping","tenantService":
 > A full listing of parameters is available in the `conf/broker.conf` file, you can also find the default
 > values for those parameters in [Broker Configuration](reference-configuration.md#broker).
 
+## Enable Athenz authentication on proxies
+
+Configure the required parameters in the `conf/proxy.conf` file in your Pulsar installation.
+
+```properties
+# Add the Athenz auth provider
+authenticationEnabled=true
+authorizationEnabled=true
+authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderAthenz
+athenzDomainNames=pulsar
+
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationAthenz
+brokerClientAuthenticationParameters={"tenantDomain":"shopping","tenantService":"some_app","providerDomain":"pulsar","privateKey":"file:///path/to/private.pem","keyId":"v1"}
+```
+
 ## Configure Athenz authentication in Pulsar clients
 
-To use Athenz as an authentication provider, you need to [use TLS](#tls-authentication.md) and provide values for four parameters in a hash:
+To use Athenz as an authentication provider, you need to provide values for four parameters in a hash:
 * `tenantDomain`
 * `tenantService`
 * `providerDomain`
 * `privateKey`
 
+:::tip
+
+The `privateKey` parameter supports the following three pattern formats:
+* `file:///path/to/file`
+* `file:/path/to/file`
+* `data:application/x-pem-file;base64,<base64-encoded value>`
+
+:::
+
 You can also set an optional `keyId`. The following is an example.
 
+````mdx-code-block
+<Tabs groupId="lang-choice"
+  defaultValue="Java"
+  values={[{"label":"Java","value":"Java"},{"label":"Python","value":"Python"},{"label":"C++","value":"C++"},{"label":"Node.js","value":"Node.js"},{"label":"Go","value":"Go"}]}>
+<TabItem value="Java">
+
 ```java
 Map<String, String> authParams = new HashMap();
 authParams.put("tenantDomain", "shopping"); // Tenant domain name

Review Comment:
   Let's also add the ztsUrl setting for the java client to make it consistent with other client.
   
   ```
   authParams.put("ztsUrl", "http://localhost:9998");
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org