You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2020/11/21 02:07:29 UTC
[pulsar] branch master updated: Add e2e docs for pulsar functions
(#8648)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 4ad150a Add e2e docs for pulsar functions (#8648)
4ad150a is described below
commit 4ad150a89748172472ed6f82b28e4e5a56a9d481
Author: xiaolong ran <rx...@apache.org>
AuthorDate: Sat Nov 21 10:07:13 2020 +0800
Add e2e docs for pulsar functions (#8648)
Master Issue: #8431
### Motivation
Adding document for e2e encryption pulsar functions
### Modifications
- add docs for functions side
- add docs for sources side
- add docs for function-worker
---
site2/docs/functions-worker.md | 24 ++++++++++++++++++++++++
site2/docs/io-cli.md | 2 ++
site2/docs/reference-pulsar-admin.md | 3 +++
3 files changed, 29 insertions(+)
diff --git a/site2/docs/functions-worker.md b/site2/docs/functions-worker.md
index 7970782..10fc85b 100644
--- a/site2/docs/functions-worker.md
+++ b/site2/docs/functions-worker.md
@@ -99,6 +99,7 @@ If you want to enable security on functions workers, you *should*:
- [Enable TLS transport encryption](#enable-tls-transport-encryption)
- [Enable Authentication Provider](#enable-authentication-provider)
- [Enable Authorization Provider](#enable-authorization-provider)
+- [Enable End-to-End Encryption](#enable-end-to-end-encryption)
##### Enable TLS transport encryption
@@ -180,6 +181,29 @@ superUserRoles:
- role3
```
+##### Enable End-to-End Encryption
+
+You can use the public and private key pair that the application configures to perform encryption. Only the consumers with a valid key can decrypt the encrypted messages.
+
+To enable End-to-End encryption on Functions Worker, you can set it by specifying `--producer-config` in the command line terminal, for more information, please refer to [here](security-encryption.md).
+
+We include the relevant configuration information of `CryptoConfig` into `ProducerConfig`. The specific configurable field information about `CryptoConfig` is as follows:
+
+```text
+public class CryptoConfig {
+ private String cryptoKeyReaderClassName;
+ private Map<String, Object> cryptoKeyReaderConfig;
+
+ private String[] encryptionKeys;
+ private ProducerCryptoFailureAction producerCryptoFailureAction;
+
+ private ConsumerCryptoFailureAction consumerCryptoFailureAction;
+}
+```
+
+- `producerCryptoFailureAction`: define the action if producer fail to encrypt data one of `FAIL`, `SEND`.
+- `consumerCryptoFailureAction`: define the action if consumer fail to decrypt data one of `FAIL`, `DISCARD`, `CONSUME`.
+
#### BookKeeper Authentication
If authentication is enabled on the BookKeeper cluster, you need configure the BookKeeper authentication settings as follows:
diff --git a/site2/docs/io-cli.md b/site2/docs/io-cli.md
index a1ecc2a..806bcda 100644
--- a/site2/docs/io-cli.md
+++ b/site2/docs/io-cli.md
@@ -71,6 +71,7 @@ $ pulsar-admin sources create options
| `--source-config-file` | The path to a YAML config file specifying the source's configuration.
| `-t`, `--source-type` | The source's connector provider.
| `--tenant` | The source's tenant.
+|`--producer-config`| The custom producer configuration (as a JSON string).
### `update`
@@ -273,6 +274,7 @@ $ pulsar-admin sources localrun options
|`--tls-allow-insecure`|Allow insecure tls connection.<br>**Default value: false**.
|`--tls-trust-cert-path`|The tls trust cert file path.
|`--use-tls`|Use tls connection.<br>**Default value: false**.
+|`--producer-config`| The custom producer configuration (as a JSON string).
### `available-sources`
diff --git a/site2/docs/reference-pulsar-admin.md b/site2/docs/reference-pulsar-admin.md
index 18bfce6..8a75c22 100644
--- a/site2/docs/reference-pulsar-admin.md
+++ b/site2/docs/reference-pulsar-admin.md
@@ -464,6 +464,7 @@ Options
|`--tls-allow-insecure`|Allow insecure tls connection|false|
|`--tls-trust-cert-path`|The tls trust cert file path||
|`--use-tls`|Use tls connection|false|
+|`--producer-config`| The custom producer configuration (as a JSON string) | |
### `create`
@@ -509,6 +510,7 @@ Options
|`--max-message-retries`|How many times should we try to process a message before giving up||
|`--retain-ordering`|Function consumes and processes messages in order||
|`--timeout-ms`|The message timeout in milliseconds||
+|`--producer-config`| The custom producer configuration (as a JSON string) | |
### `delete`
@@ -572,6 +574,7 @@ Options
|`--max-message-retries`|How many times should we try to process a message before giving up||
|`--retain-ordering`|Function consumes and processes messages in order||
|`--timeout-ms`|The message timeout in milliseconds||
+|`--producer-config`| The custom producer configuration (as a JSON string) | |
### `get`