You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2020/11/21 02:07:29 UTC
[pulsar] branch master updated: Add e2e docs for pulsar functions (#8648)

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 4ad150a  Add e2e docs for pulsar functions (#8648)
4ad150a is described below

commit 4ad150a89748172472ed6f82b28e4e5a56a9d481
Author: xiaolong ran <rx...@apache.org>
AuthorDate: Sat Nov 21 10:07:13 2020 +0800

    Add e2e docs for pulsar functions (#8648)
    
    Master Issue: #8431
    
    ### Motivation
    
    Adding document for e2e encryption pulsar functions
    
    ### Modifications
    
    - add docs for functions side
    - add docs for sources side
    - add docs for function-worker
---
 site2/docs/functions-worker.md       | 24 ++++++++++++++++++++++++
 site2/docs/io-cli.md                 |  2 ++
 site2/docs/reference-pulsar-admin.md |  3 +++
 3 files changed, 29 insertions(+)

diff --git a/site2/docs/functions-worker.md b/site2/docs/functions-worker.md
index 7970782..10fc85b 100644
--- a/site2/docs/functions-worker.md
+++ b/site2/docs/functions-worker.md
@@ -99,6 +99,7 @@ If you want to enable security on functions workers, you *should*:
 - [Enable TLS transport encryption](#enable-tls-transport-encryption)
 - [Enable Authentication Provider](#enable-authentication-provider)
 - [Enable Authorization Provider](#enable-authorization-provider)
+- [Enable End-to-End Encryption](#enable-end-to-end-encryption)
 
 ##### Enable TLS transport encryption
 
@@ -180,6 +181,29 @@ superUserRoles:
   - role3
 ```
 
+##### Enable End-to-End Encryption
+
+You can use the public and private key pair that the application configures to perform encryption. Only the consumers with a valid key can decrypt the encrypted messages.
+
+To enable End-to-End encryption on Functions Worker, you can set it by specifying `--producer-config` in the command line terminal, for more information, please refer to [here](security-encryption.md).
+
+We include the relevant configuration information of `CryptoConfig` into `ProducerConfig`. The specific configurable field information about `CryptoConfig` is as follows:
+
+```text
+public class CryptoConfig {
+    private String cryptoKeyReaderClassName;
+    private Map<String, Object> cryptoKeyReaderConfig;
+
+    private String[] encryptionKeys;
+    private ProducerCryptoFailureAction producerCryptoFailureAction;
+
+    private ConsumerCryptoFailureAction consumerCryptoFailureAction;
+}
+```
+
+- `producerCryptoFailureAction`: define the action if producer fail to encrypt data one of `FAIL`, `SEND`.
+- `consumerCryptoFailureAction`: define the action if consumer fail to decrypt data one of `FAIL`, `DISCARD`, `CONSUME`.
+
 #### BookKeeper Authentication
 
 If authentication is enabled on the BookKeeper cluster, you need configure the BookKeeper authentication settings as follows:
diff --git a/site2/docs/io-cli.md b/site2/docs/io-cli.md
index a1ecc2a..806bcda 100644
--- a/site2/docs/io-cli.md
+++ b/site2/docs/io-cli.md
@@ -71,6 +71,7 @@ $ pulsar-admin sources create options
 | `--source-config-file` | The path to a YAML config file specifying the source's configuration.
 | `-t`, `--source-type` | The source's connector provider.
 | `--tenant` | The source's tenant.
+|`--producer-config`| The custom producer configuration (as a JSON string).
 
 ### `update`
 
@@ -273,6 +274,7 @@ $ pulsar-admin sources localrun options
 |`--tls-allow-insecure`|Allow insecure tls connection.<br>**Default value: false**.
 |`--tls-trust-cert-path`|The tls trust cert file path.
 |`--use-tls`|Use tls connection.<br>**Default value: false**.
+|`--producer-config`| The custom producer configuration (as a JSON string).
 
 ### `available-sources`
 
diff --git a/site2/docs/reference-pulsar-admin.md b/site2/docs/reference-pulsar-admin.md
index 18bfce6..8a75c22 100644
--- a/site2/docs/reference-pulsar-admin.md
+++ b/site2/docs/reference-pulsar-admin.md
@@ -464,6 +464,7 @@ Options
 |`--tls-allow-insecure`|Allow insecure tls connection|false|
 |`--tls-trust-cert-path`|The tls trust cert file path||
 |`--use-tls`|Use tls connection|false|
+|`--producer-config`| The custom producer configuration (as a JSON string) | |
 
 
 ### `create`
@@ -509,6 +510,7 @@ Options
 |`--max-message-retries`|How many times should we try to process a message before giving up||
 |`--retain-ordering`|Function consumes and processes messages in order||
 |`--timeout-ms`|The message timeout in milliseconds||
+|`--producer-config`| The custom producer configuration (as a JSON string) | |
 
 
 ### `delete`
@@ -572,6 +574,7 @@ Options
 |`--max-message-retries`|How many times should we try to process a message before giving up||
 |`--retain-ordering`|Function consumes and processes messages in order||
 |`--timeout-ms`|The message timeout in milliseconds||
+|`--producer-config`| The custom producer configuration (as a JSON string) | |
 
 
 ### `get`