You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/09/22 04:07:55 UTC
[GitHub] [pulsar] srkukarni opened a new pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
srkukarni opened a new pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098
<!--
### Contribution Checklist
- Name the pull request in the form "[Issue XYZ][component] Title of the pull request", where *XYZ* should be replaced by the actual issue number.
Skip *Issue XYZ* if there is no associated github issue for this pull request.
Skip *component* if you are unsure about which is the best component. E.g. `[docs] Fix typo in produce method`.
- Fill out the template below to describe the changes contributed by the pull request. That will give reviewers the context they need to do the review.
- Each pull request should address only one issue, not mix up code from multiple issues.
- Each commit in the pull request has a meaningful commit message
- Once all items of the checklist are addressed, remove the above text and this checklist, leaving only the filled out template below.
**(The sections below can be removed for hotfixes of typos)**
-->
*(If this PR fixes a github issue, please add `Fixes #<xyz>`.)*
Fixes #<xyz>
*(or if this PR is one task of a github issue, please add `Master Issue: #<xyz>` to link to the master issue.)*
Master Issue: #<xyz>
### Motivation
Added ability to specify environment based secrets provider for sources/sinks/functions localrunner.
### Modifications
*Describe the modifications you've done.*
### Verifying this change
- [ ] Make sure that the change passes the CI checks.
*(Please pick either of the following options)*
This change is a trivial rework / code cleanup without any test coverage.
*(or)*
This change is already covered by existing tests, such as *(please describe tests)*.
*(or)*
This change added tests and can be verified as follows:
*(example:)*
- *Added integration tests for end-to-end deployment with large payloads (10MB)*
- *Extended integration test for recovery after broker failure*
### Does this pull request potentially affect one of the following parts:
*If `yes` was chosen, please highlight the changes*
- Dependencies (does it add or upgrade a dependency): (yes / no)
- The public API: (yes / no)
- The schema: (yes / no / don't know)
- The default values of configurations: (yes / no)
- The wire protocol: (yes / no)
- The rest endpoints: (yes / no)
- The admin cli options: (yes / no)
- Anything that affects deployment: (yes / no / don't know)
### Documentation
- Does this pull request introduce a new feature? (yes / no)
- If yes, how is the feature documented? (not applicable / docs / JavaDocs / not documented)
- If a feature is not applicable for documentation, explain why?
- If a feature is not documented yet in this PR, please create a followup issue for adding the documentation
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] srkukarni merged pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
srkukarni merged pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jerrypeng commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
jerrypeng commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r492937812
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+import org.apache.pulsar.functions.secretsprovider.EnvironmentBasedSecretsProvider;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This file defines the SecretsProviderConfigurator that will be used by default for running in Kubernetes.
+ * As such this implementation is strictly when workers are configured to use kubernetes runtime.
+ * We use kubernetes in built secrets and bind them as environment variables within the function container
+ * to ensure that the secrets are available to the function at runtime. Then we plug in the
+ * EnvironmentBasedSecretsConfig as the secrets provider who knows how to read these environment variables.
+ */
+public class NameAndConfigBasedSecretsProviderConfigurator implements SecretsProviderConfigurator {
Review comment:
There is not really point to have this class. Just refactor ProcessRuntime to take in a SecretsProvider like ThreadRuntime
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jerrypeng commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
jerrypeng commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r492890528
##########
File path: pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/CmdFunctions.java
##########
@@ -627,6 +627,8 @@ protected void validateFunctionConfigs(FunctionConfig functionConfig) {
protected Integer instanceIdOffset = 0;
@Parameter(names = "--runtime", description = "either THREAD or PROCESS. Only applies for Java functions")
protected String runtime;
+ @Parameter(names = "--environment-based-secrets-provider", description = "Should we use environment based secret provider")
Review comment:
I think there is already too arguments for the CLI. Lets try to create something more generic. Instead of creating an argument for a specific provider, can we create an argument to allow users to specify the secret provider type? In the future, if we add more providers, I don't want to keep add one-of arguments. For example, can we create a enum?
Enum SecretsProviderType {
ENV,
DEFAULT,
...
}
based on the enum determine
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] srkukarni commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
srkukarni commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r493205013
##########
File path: pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/CmdFunctions.java
##########
@@ -627,6 +627,8 @@ protected void validateFunctionConfigs(FunctionConfig functionConfig) {
protected Integer instanceIdOffset = 0;
@Parameter(names = "--runtime", description = "either THREAD or PROCESS. Only applies for Java functions")
protected String runtime;
+ @Parameter(names = "--environment-based-secrets-provider", description = "Should we use environment based secret provider")
Review comment:
Changed
##########
File path: pulsar-functions/localrun/src/main/java/org/apache/pulsar/functions/LocalRunner.java
##########
@@ -418,11 +428,24 @@ private void startThreadedMode(org.apache.pulsar.functions.proto.Function.Functi
int parallelism, int instanceIdOffset, String serviceUrl,
String stateStorageServiceUrl, AuthenticationConfig authConfig,
String userCodeFile) throws Exception {
+ SecretsProvider secretsProvider;
+ if (secretsProviderClassName != null) {
+ if (secretsProviderClassName.equals(ClearTextSecretsProvider.class.getName())) {
Review comment:
Done
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+import org.apache.pulsar.functions.secretsprovider.EnvironmentBasedSecretsProvider;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This file defines the SecretsProviderConfigurator that will be used by default for running in Kubernetes.
Review comment:
Reworded
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+import org.apache.pulsar.functions.secretsprovider.EnvironmentBasedSecretsProvider;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This file defines the SecretsProviderConfigurator that will be used by default for running in Kubernetes.
+ * As such this implementation is strictly when workers are configured to use kubernetes runtime.
+ * We use kubernetes in built secrets and bind them as environment variables within the function container
+ * to ensure that the secrets are available to the function at runtime. Then we plug in the
+ * EnvironmentBasedSecretsConfig as the secrets provider who knows how to read these environment variables.
+ */
+public class NameAndConfigBasedSecretsProviderConfigurator implements SecretsProviderConfigurator {
Review comment:
Not really in the scope of the pr
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jerrypeng commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
jerrypeng commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r492928425
##########
File path: pulsar-functions/localrun/src/main/java/org/apache/pulsar/functions/LocalRunner.java
##########
@@ -418,11 +428,24 @@ private void startThreadedMode(org.apache.pulsar.functions.proto.Function.Functi
int parallelism, int instanceIdOffset, String serviceUrl,
String stateStorageServiceUrl, AuthenticationConfig authConfig,
String userCodeFile) throws Exception {
+ SecretsProvider secretsProvider;
+ if (secretsProviderClassName != null) {
+ if (secretsProviderClassName.equals(ClearTextSecretsProvider.class.getName())) {
Review comment:
Just create an instance using the class name. Use method:
https://github.com/apache/pulsar/blob/master/pulsar-common/src/main/java/org/apache/pulsar/common/util/Reflections.java#L64
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jerrypeng commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
jerrypeng commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r493209515
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This is a very simple secrets provider which wires in a given secrets provider classname/config
+ * to the function instances/containers. This does not do any special kubernetes specific wiring.
Review comment:
nit not sure why we mention kubernetes here in the comment. SecretsProviderConfigurator are not kubernetes specific
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This is a very simple secrets provider which wires in a given secrets provider classname/config
+ * to the function instances/containers. This does not do any special kubernetes specific wiring.
+ */
+public class NameAndConfigBasedSecretsProviderConfigurator implements SecretsProviderConfigurator {
+ private String className;
+ private Map<String, String> config;
+ public NameAndConfigBasedSecretsProviderConfigurator(String className, Map<String, String> config) {
+ this.className = className;
+ this.config = config;
+ }
+ @Override
+ public String getSecretsProviderClassName(Function.FunctionDetails functionDetails) {
+ return className;
+ }
+
+ @Override
+ public Map<String, String> getSecretsProviderConfig(Function.FunctionDetails functionDetails) {
+ return config;
+ }
+
+ // Kubernetes secrets can be exposed as volume mounts or as environment variables in the pods. We are currently using the
Review comment:
nit remove this comment
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jerrypeng commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
jerrypeng commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r492895582
##########
File path: pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/CmdFunctions.java
##########
@@ -627,6 +627,8 @@ protected void validateFunctionConfigs(FunctionConfig functionConfig) {
protected Integer instanceIdOffset = 0;
@Parameter(names = "--runtime", description = "either THREAD or PROCESS. Only applies for Java functions")
protected String runtime;
+ @Parameter(names = "--environment-based-secrets-provider", description = "Should we use environment based secret provider")
Review comment:
Actually we should just let the user to specify class of the secrets configurator to use. That is simplest and generic.
--secrets-provider-configurator-classname
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jerrypeng commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
jerrypeng commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r492929101
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+import org.apache.pulsar.functions.secretsprovider.EnvironmentBasedSecretsProvider;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This file defines the SecretsProviderConfigurator that will be used by default for running in Kubernetes.
Review comment:
These comments don't make sense for this class
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] jerrypeng commented on a change in pull request #8098: Add ability to specify EnvironmentBasedSecretsProvider in LocalRunner
Posted by GitBox <gi...@apache.org>.
jerrypeng commented on a change in pull request #8098:
URL: https://github.com/apache/pulsar/pull/8098#discussion_r492890528
##########
File path: pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/CmdFunctions.java
##########
@@ -627,6 +627,8 @@ protected void validateFunctionConfigs(FunctionConfig functionConfig) {
protected Integer instanceIdOffset = 0;
@Parameter(names = "--runtime", description = "either THREAD or PROCESS. Only applies for Java functions")
protected String runtime;
+ @Parameter(names = "--environment-based-secrets-provider", description = "Should we use environment based secret provider")
Review comment:
I think there is already too arguments for the CLI. Lets try to create something more generic. Instead of creating an argument for a specific provider, can we create an argument to allow users to specify the secret provider type? In the future, if we add more providers, I don't want to keep add one-of arguments. For example, can we create a enum?
Enum SecretsProviderType {
ENV,
DEFAULT,
...
}
based on the enum determine
##########
File path: pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/CmdFunctions.java
##########
@@ -627,6 +627,8 @@ protected void validateFunctionConfigs(FunctionConfig functionConfig) {
protected Integer instanceIdOffset = 0;
@Parameter(names = "--runtime", description = "either THREAD or PROCESS. Only applies for Java functions")
protected String runtime;
+ @Parameter(names = "--environment-based-secrets-provider", description = "Should we use environment based secret provider")
Review comment:
Actually we should just let the user to specify class of the secrets configurator to use. That is simplest and generic.
--secrets-provider-configurator-classname
##########
File path: pulsar-functions/localrun/src/main/java/org/apache/pulsar/functions/LocalRunner.java
##########
@@ -418,11 +428,24 @@ private void startThreadedMode(org.apache.pulsar.functions.proto.Function.Functi
int parallelism, int instanceIdOffset, String serviceUrl,
String stateStorageServiceUrl, AuthenticationConfig authConfig,
String userCodeFile) throws Exception {
+ SecretsProvider secretsProvider;
+ if (secretsProviderClassName != null) {
+ if (secretsProviderClassName.equals(ClearTextSecretsProvider.class.getName())) {
Review comment:
Just create an instance using the class name. Use method:
https://github.com/apache/pulsar/blob/master/pulsar-common/src/main/java/org/apache/pulsar/common/util/Reflections.java#L64
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+import org.apache.pulsar.functions.secretsprovider.EnvironmentBasedSecretsProvider;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This file defines the SecretsProviderConfigurator that will be used by default for running in Kubernetes.
Review comment:
These comments don't make sense for this class
##########
File path: pulsar-functions/secrets/src/main/java/org/apache/pulsar/functions/secretsproviderconfigurator/NameAndConfigBasedSecretsProviderConfigurator.java
##########
@@ -0,0 +1,70 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.functions.secretsproviderconfigurator;
+
+import com.google.gson.reflect.TypeToken;
+import io.kubernetes.client.openapi.models.V1PodSpec;
+import org.apache.pulsar.functions.proto.Function;
+import org.apache.pulsar.functions.secretsprovider.EnvironmentBasedSecretsProvider;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+/**
+ * This file defines the SecretsProviderConfigurator that will be used by default for running in Kubernetes.
+ * As such this implementation is strictly when workers are configured to use kubernetes runtime.
+ * We use kubernetes in built secrets and bind them as environment variables within the function container
+ * to ensure that the secrets are available to the function at runtime. Then we plug in the
+ * EnvironmentBasedSecretsConfig as the secrets provider who knows how to read these environment variables.
+ */
+public class NameAndConfigBasedSecretsProviderConfigurator implements SecretsProviderConfigurator {
Review comment:
There is not really point to have this class. Just refactor ProcessRuntime to take in a SecretsProvider like ThreadRuntime
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org