massakam opened a new pull request, #19445: URL: https://github.com/apache/pulsar/pull/19445
### Motivation Athenz has a mechanism called Copper Argos. This means that ZTS distributes an X.509 certificate and private key pair to each service, which it can use to identify itself to other services within the organization. https://github.com/AthenZ/athenz/blob/master/docs/copper_argos.md However, the current Pulsar's authentication plugin for Athenz cannot accept X.509 certificates as parameters, so we cannot use Copper Argos. ### Modifications Add the parameters `x509CertChain` and `caCert` to the `AuthenticationAthenz` class of the Athenz authentication plugin. If an X.509 certificate is passed as a parameter, it assumes Copper Argos is used and instantiates an `SSLContext` and creates a `ZTSClient` based on it. Existing users of this plugin will not be affected by this change. ### Verifying this change - [ ] Make sure that the change passes the CI checks. ### Documentation <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. --> - [ ] `doc` <!-- Your PR contains doc changes. --> - [ ] `doc-required` <!-- Your PR changes impact docs and you will update later --> - [ ] `doc-not-needed` <!-- Your PR changes do not impact docs --> - [ ] `doc-complete` <!-- Docs have been already added --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
