You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by te...@apache.org on 2022/07/28 01:26:06 UTC
[pulsar] branch master updated: [improve][admin-cli] Add TLS provider support (#16700)
This is an automated email from the ASF dual-hosted git repository.
technoboy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new de42e15b832 [improve][admin-cli] Add TLS provider support (#16700)
de42e15b832 is described below
commit de42e15b832f022327c34cede0791613ea43871c
Author: Zixuan Liu <no...@gmail.com>
AuthorDate: Thu Jul 28 09:26:00 2022 +0800
[improve][admin-cli] Add TLS provider support (#16700)
---
conf/client.conf | 5 +++
.../apache/pulsar/admin/cli/PulsarAdminTool.java | 14 ++++++++
.../org/apache/pulsar/admin/cli/TestRunMain.java | 42 +++++++++++++++++++---
site2/docs/reference-configuration.md | 6 +---
.../version-2.10.1/reference-configuration.md | 6 +---
.../version-2.8.3/reference-configuration.md | 2 +-
.../version-2.9.3/reference-configuration.md | 6 +---
7 files changed, 60 insertions(+), 21 deletions(-)
diff --git a/conf/client.conf b/conf/client.conf
index 8e93e1ffc67..b2b071adb81 100644
--- a/conf/client.conf
+++ b/conf/client.conf
@@ -67,3 +67,8 @@ tlsTrustStorePath=
# TLS TrustStore password
tlsTrustStorePassword=
+
+# Set up TLS provider for web service
+# When TLS authentication with CACert is used, the valid value is either OPENSSL or JDK.
+# When TLS authentication with KeyStore is used, available options can be SunJSSE, Conscrypt and so on.
+webserviceTlsProvider=
diff --git a/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java b/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
index de98183b12f..5c65ef052e6 100644
--- a/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
+++ b/pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
@@ -48,6 +48,7 @@ public class PulsarAdminTool {
protected JCommander jcommander;
protected final PulsarAdminBuilder adminBuilder;
protected RootParams rootParams;
+ private final Properties properties;
@Getter
public static class RootParams {
@@ -79,6 +80,12 @@ public class PulsarAdminTool {
description = "Enable TLS common name verification")
Boolean tlsEnableHostnameVerification;
+ @Parameter(names = {"--tls-provider"}, description = "Set up TLS provider. "
+ + "When TLS authentication with CACert is used, the valid value is either OPENSSL or JDK. "
+ + "When TLS authentication with KeyStore is used, available options can be SunJSSE, Conscrypt "
+ + "and so on.")
+ String tlsProvider;
+
@Parameter(names = { "-v", "--version" }, description = "Get version of pulsar admin client")
boolean version;
@@ -87,6 +94,7 @@ public class PulsarAdminTool {
}
public PulsarAdminTool(Properties properties) throws Exception {
+ this.properties = properties;
rootParams = new RootParams();
// fallback to previous-version serviceUrl property to maintain backward-compatibility
initRootParamsFromProperties(properties);
@@ -153,6 +161,12 @@ public class PulsarAdminTool {
adminBuilder.serviceHttpUrl(rootParams.serviceUrl);
adminBuilder.authentication(rootParams.authPluginClassName, rootParams.authParams);
adminBuilder.requestTimeout(rootParams.requestTimeout, TimeUnit.SECONDS);
+ if (isBlank(rootParams.tlsProvider)) {
+ rootParams.tlsProvider = properties.getProperty("webserviceTlsProvider");
+ }
+ if (isNotBlank(rootParams.tlsProvider)) {
+ adminBuilder.sslProvider(rootParams.tlsProvider);
+ }
Supplier<PulsarAdmin> admin = new PulsarAdminSupplier(adminBuilder, adminFactory);
for (Map.Entry<String, Class<?>> c : commandMap.entrySet()) {
addCommand(c, admin);
diff --git a/pulsar-client-tools/src/test/java/org/apache/pulsar/admin/cli/TestRunMain.java b/pulsar-client-tools/src/test/java/org/apache/pulsar/admin/cli/TestRunMain.java
index 1d65913d884..364293da7eb 100644
--- a/pulsar-client-tools/src/test/java/org/apache/pulsar/admin/cli/TestRunMain.java
+++ b/pulsar-client-tools/src/test/java/org/apache/pulsar/admin/cli/TestRunMain.java
@@ -18,12 +18,11 @@
*/
package org.apache.pulsar.admin.cli;
-import org.testng.annotations.Test;
-
+import static org.testng.Assert.assertEquals;
import java.nio.file.Files;
import java.nio.file.Path;
-
-import static org.testng.Assert.assertEquals;
+import java.util.Properties;
+import org.testng.annotations.Test;
public class TestRunMain {
@@ -40,7 +39,40 @@ public class TestRunMain {
PulsarAdminTool.resetLastExitCode();
PulsarAdminTool.setAllowSystemExit(false);
Path dummyEmptyFile = Files.createTempFile("test", ".conf");
- PulsarAdminTool.main(new String[] {dummyEmptyFile.toAbsolutePath().toString()});
+ PulsarAdminTool.main(new String[]{dummyEmptyFile.toAbsolutePath().toString()});
assertEquals(PulsarAdminTool.getLastExitCode(), 1);
}
+
+ @Test
+ public void testRunWithTlsProviderFlag() throws Exception {
+ var pulsarAdminTool = new PulsarAdminTool(new Properties());
+ pulsarAdminTool.run(new String[]{
+ "--admin-url", "https://localhost:8081",
+ "--tls-provider", "JDK",
+ "tenants"});
+ assertEquals(pulsarAdminTool.rootParams.tlsProvider, "JDK");
+ }
+
+ @Test
+ public void testRunWithTlsProviderConfigFile() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty("webserviceTlsProvider", "JDK");
+ var pulsarAdminTool = new PulsarAdminTool(properties);
+ pulsarAdminTool.run(new String[]{
+ "--admin-url", "https://localhost:8081",
+ "tenants"});
+ assertEquals(pulsarAdminTool.rootParams.tlsProvider, "JDK");
+ }
+
+ @Test
+ public void testRunWithTlsProviderFlagWithConfigFile() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty("webserviceTlsProvider", "JDK");
+ var pulsarAdminTool = new PulsarAdminTool(properties);
+ pulsarAdminTool.run(new String[]{
+ "--admin-url", "https://localhost:8081",
+ "--tls-provider", "OPENSSL",
+ "tenants"});
+ assertEquals(pulsarAdminTool.rootParams.tlsProvider, "OPENSSL");
+ }
}
diff --git a/site2/docs/reference-configuration.md b/site2/docs/reference-configuration.md
index 1a7f52b1d09..0ba866c10ae 100644
--- a/site2/docs/reference-configuration.md
+++ b/site2/docs/reference-configuration.md
@@ -443,11 +443,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |
-
-
-
-
-
+| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |
## Log4j
diff --git a/site2/website/versioned_docs/version-2.10.1/reference-configuration.md b/site2/website/versioned_docs/version-2.10.1/reference-configuration.md
index 7d8eea35b80..5eedbae587a 100644
--- a/site2/website/versioned_docs/version-2.10.1/reference-configuration.md
+++ b/site2/website/versioned_docs/version-2.10.1/reference-configuration.md
@@ -428,11 +428,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |
-
-
-
-
-
+| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |
## Log4j
diff --git a/site2/website/versioned_docs/version-2.8.3/reference-configuration.md b/site2/website/versioned_docs/version-2.8.3/reference-configuration.md
index 1c1c01b70a4..006450b1906 100644
--- a/site2/website/versioned_docs/version-2.8.3/reference-configuration.md
+++ b/site2/website/versioned_docs/version-2.8.3/reference-configuration.md
@@ -376,7 +376,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |
-
+| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |
## Service discovery
diff --git a/site2/website/versioned_docs/version-2.9.3/reference-configuration.md b/site2/website/versioned_docs/version-2.9.3/reference-configuration.md
index 4ef1ceb6bdf..0afcbeebbf7 100644
--- a/site2/website/versioned_docs/version-2.9.3/reference-configuration.md
+++ b/site2/website/versioned_docs/version-2.9.3/reference-configuration.md
@@ -377,11 +377,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |
-
-
-
-
-
+| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |
## Log4j