[GitHub] [pulsar] Anonymitaet commented on a diff in pull request #17615: [improve][doc] Improve the information architecture of the security chapter

Tue, 13 Sep 2022 22:37:16 -0700 


Anonymitaet commented on code in PR #17615:
URL: https://github.com/apache/pulsar/pull/17615#discussion_r970282369


##########
site2/docs/security-athenz.md:
##########
@@ -65,13 +65,41 @@ 
brokerClientAuthenticationParameters={"tenantDomain":"shopping","tenantService":
 > A full listing of parameters is available in the `conf/broker.conf` file, 
 > you can also find the default
 > values for those parameters in [Broker 
 > Configuration](reference-configuration.md#broker).
 
-## Configure clients for Athenz
+## Configure Athenz authentication in Pulsar clients
 
-For more information on Pulsar client authentication using Athenz, see the 
following language-specific docs:
+To use Athenz as an authentication provider, you need to [use 
TLS](#tls-authentication.md) and provide values for four parameters in a hash:
+* `tenantDomain`
+* `tenantService`
+* `providerDomain`
+* `privateKey`
 
-* [Java client](client-libraries-java.md#athenz)
+You can also set an optional `keyId`. The following is an example.
 
-## Configure CLI tools for Athenz
+```java
+Map<String, String> authParams = new HashMap();
+authParams.put("tenantDomain", "shopping"); // Tenant domain name
+authParams.put("tenantService", "some_app"); // Tenant service name
+authParams.put("providerDomain", "pulsar"); // Provider domain name
+authParams.put("privateKey", "file:///path/to/private.pem"); // Tenant private 
key path
+authParams.put("keyId", "v1"); // Key id for the tenant private key (optional, 
default: "0")
+
+Authentication athenzAuth = AuthenticationFactory
+        .create(AuthenticationAthenz.class.getName(), authParams);
+
+PulsarClient client = PulsarClient.builder()
+        .serviceUrl("pulsar+ssl://my-broker.com:6651")
+        .tlsTrustCertsFilePath("/path/to/cacert.pem")
+        .authentication(athenzAuth)
+        .build();
+```
+
+#### Supported pattern formats

Review Comment:
   1. `###` instead of `####`?
   
   2. Other headings are in the format of "Verb + xxx" while this heading is 
not.
    
   Consider keeping consistent or turning this section into other content 
formats (like moving lines 97 - 100 to line 74)? 
   
   So that users know the relationship between the section `Configure Athenz 
authentication in Pulsar clients` and `Supported pattern formats` 
   
   (the info in `Supported pattern format` can be a part of `Configure Athenz 
authentication in Pulsar clients` )



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to