This is an automated email from the ASF dual-hosted git repository.
mmarshall pushed a change to branch branch-2.8
in repository https://gitbox.apache.org/repos/asf/pulsar.git
from 1d7b8f1b320 [fix][broker] ServerCnx broken after recent cherry-picks
(#19521)
add d5066ed556a [improve][broker] Require authRole is proxyRole to set
originalPrincipal (#19455)
add 104c5666666 [improve][broker] ServerCnx: go to Failed state when auth
fails (#19312)
add 28fd94cc375 [feat][broker] Cherry-pick tests from (#19409)
add 170772c662d [improve][broker] Add test to verify authRole cannot
change (#19430)
add 6b1182c65b2 [fix][broker] Call originalAuthState.authenticate in
ServerCnx
add 48194bbd27e [fix][broker] Correct MockAlwaysExpiredAuthenticationState
test impl
add 55c5b9fbe3b [fix][broker] Make authentication refresh threadsafe
(#19506)
add bc68ed825ba [fix][test] ProxyWithAuthorizationTest remove SAN from
test certs (#19594)
add d461b840167 [fix][broker] Allow proxy to pass same role for authRole
and originalRole (#19557)
No new revisions were added by this update.
Summary of changes:
.../resources/authentication/tls/broker-cert.pem | 79 ++-
.../test/resources/authentication/tls/cacert.pem | 125 ++--
.../resources/authentication/tls/client-cert.pem | 79 ++-
build/regenerate_certs_for_tests.sh | 16 +-
.../broker/authorization/AuthorizationService.java | 86 ++-
.../broker/admin/impl/PersistentTopicsBase.java | 2 +-
.../broker/service/PulsarChannelInitializer.java | 29 -
.../apache/pulsar/broker/service/ServerCnx.java | 149 ++---
.../pulsar/broker/web/PulsarWebResource.java | 32 +-
.../pulsar/broker/auth/AuthorizationTest.java | 45 +-
.../MockAlwaysExpiredAuthenticationProvider.java} | 40 +-
.../auth/MockAlwaysExpiredAuthenticationState.java | 73 +++
.../MockMultiStageAuthenticationProvider.java} | 25 +-
.../auth/MockMultiStageAuthenticationState.java | 76 +++
.../pulsar/broker/service/ServerCnxTest.java | 641 ++++++++++++++++++++-
.../broker/service/utils/ClientChannelHelper.java | 7 +-
.../client/impl/AdminApiKeyStoreTlsAuthTest.java | 23 +-
.../apache/pulsar/client/impl/KeyStoreTlsTest.java | 4 +-
.../authentication/keystoretls/broker.keystore.jks | Bin 3723 -> 2254 bytes
.../keystoretls/broker.truststore.jks | Bin 838 -> 969 bytes
.../authentication/keystoretls/client.keystore.jks | Bin 3726 -> 2257 bytes
.../keystoretls/client.truststore.jks | Bin 838 -> 971 bytes
.../keystoretls/proxy-and-client.truststore.jks | Bin 0 -> 1891 bytes
.../authentication/keystoretls/proxy.keystore.jks | Bin 0 -> 2245 bytes
.../keystoretls/proxy.truststore.jks | Bin 0 -> 971 bytes
.../ProxyAuthenticatedProducerConsumerTest.java | 44 +-
.../server/ProxyWithAuthorizationNegTest.java | 2 +
.../proxy/server/ProxyWithAuthorizationTest.java | 162 +++---
.../server/ProxyWithJwtAuthorizationTest.java | 27 +-
.../ProxyWithAuthorizationTest/broker-cacert.pem | 125 ++--
.../tls/ProxyWithAuthorizationTest/broker-cert.pem | 79 ++-
.../ProxyWithAuthorizationTest/client-cacert.pem | 125 ++--
.../tls/ProxyWithAuthorizationTest/client-cert.pem | 79 ++-
.../no-subject-alt-cert.pem | 67 +++
.../{broker-key.pem => no-subject-alt-key.pem} | 0
.../ProxyWithAuthorizationTest/proxy-cacert.pem | 125 ++--
.../tls/ProxyWithAuthorizationTest/proxy-cert.pem | 79 ++-
.../test/resources/authentication/tls/cacert.pem | 125 ++--
.../resources/authentication/tls/client-cert.pem | 79 ++-
.../resources/authentication/tls/server-cert.pem | 79 ++-
40 files changed, 1835 insertions(+), 893 deletions(-)
copy
pulsar-broker/src/test/java/org/apache/pulsar/{websocket/proxy/MockAuthenticationProvider.java
=> broker/auth/MockAlwaysExpiredAuthenticationProvider.java} (51%)
create mode 100644
pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockAlwaysExpiredAuthenticationState.java
copy
pulsar-broker/src/test/java/org/apache/pulsar/{websocket/proxy/MockUnauthenticationProvider.java
=> broker/auth/MockMultiStageAuthenticationProvider.java} (51%)
create mode 100644
pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/MockMultiStageAuthenticationState.java
create mode 100644
pulsar-broker/src/test/resources/authentication/keystoretls/proxy-and-client.truststore.jks
create mode 100644
pulsar-broker/src/test/resources/authentication/keystoretls/proxy.keystore.jks
create mode 100644
pulsar-broker/src/test/resources/authentication/keystoretls/proxy.truststore.jks
create mode 100644
pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/no-subject-alt-cert.pem
copy
pulsar-proxy/src/test/resources/authentication/tls/ProxyWithAuthorizationTest/{broker-key.pem
=> no-subject-alt-key.pem} (100%)