This is an automated email from the ASF dual-hosted git repository.
junma pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pulsar-site.git
The following commit(s) were added to refs/heads/main by this push:
new 1ddd9978daa [improve][doc] Add description for using Copper Argos
(#410)
1ddd9978daa is described below
commit 1ddd9978daa5de6db933aaffe11c5b24899070d8
Author: Masahiro Sakamoto <[email protected]>
AuthorDate: Fri Mar 3 18:23:35 2023 +0900
[improve][doc] Add description for using Copper Argos (#410)
* Add description for using Copper Argos
* Fix: add MDX import syntax to serve multi-language code tabs
* Fix section title
---------
Co-authored-by: momo-jun <[email protected]>
---
docs/security-athenz.md | 46 +++++++++++++++++++++++-
versioned_docs/version-2.11.x/security-athenz.md | 5 +++
2 files changed, 50 insertions(+), 1 deletion(-)
diff --git a/docs/security-athenz.md b/docs/security-athenz.md
index 5d10173dd09..ef31d686471 100644
--- a/docs/security-athenz.md
+++ b/docs/security-athenz.md
@@ -4,6 +4,11 @@ title: Authentication using Athenz
sidebar_label: "Authentication using Athenz"
---
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
[Athenz](https://github.com/AthenZ/athenz) is a role-based
authentication/authorization system. In Pulsar, you can use Athenz role tokens
(also known as *z-tokens*) to establish the identity of the client.
A [decentralized Athenz
system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md)
contains an [authori**Z**ation **M**anagement
**S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md)
(ZMS) server and an [authori**Z**ation **T**oken
**S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts) (ZTS)
server.
@@ -172,6 +177,45 @@ client, err := pulsarNewClient(ClientOptions{
</Tabs>
````
+### Use Copper Argos
+
+Athenz has a mechanism called [Copper
Argos](https://github.com/AthenZ/athenz/blob/master/docs/copper_argos.md). This
means that ZTS distributes an X.509 certificate and private key pair to each
service, which it can use to identify itself to other services within the
organization.
+
+Pulsar currently supports Copper Argos only in the Java client. When using
Copper Argos, you need to provide at least the following four parameters:
+* `providerDomain`
+* `x509CertChain`
+* `privateKey`
+* `caCert`
+
+In this case, `tenantDomain`, `tenantService` and `keyId` are ignored.
+
+````mdx-code-block
+<Tabs groupId="lang-choice"
+ defaultValue="Java"
+ values={[{"label":"Java","value":"Java"}]}>
+<TabItem value="Java">
+
+```java
+Map<String, String> authParams = new HashMap();
+authParams.put("ztsUrl", "http://localhost:9998";);
+authParams.put("providerDomain", "pulsar"); // Provider domain name
+authParams.put("x509CertChain", "file:///path/to/x509cert.pem"); //
Distributed X.509 certificate path
+authParams.put("privateKey", "file:///path/to/private.pem"); // Distributed
private key path
+authParams.put("caCert", "file:///path/to/cacert.pem"); // CA certificate path
+
+Authentication athenzAuth = AuthenticationFactory
+ .create(AuthenticationAthenz.class.getName(), authParams);
+
+PulsarClient client = PulsarClient.builder()
+ .serviceUrl("pulsar://my-broker.com:6650")
+ .authentication(athenzAuth)
+ .build();
+```
+
+</TabItem>
+</Tabs>
+````
+
## Configure Athenz authentication in CLI tools
[Command-line tools](reference-cli-tools.md) like
[`pulsar-admin`](/tools/pulsar-admin/),
[`pulsar-perf`](reference-cli-tools.md), and
[`pulsar-client`](reference-cli-tools.md) use the `conf/client.conf` config
file in a Pulsar installation.
@@ -185,4 +229,4 @@ serviceUrl=http://broker.example.com:8080
# Set Athenz auth plugin and its parameters
authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationAthenz
authParams={"tenantDomain":"shopping","tenantService":"some_app","providerDomain":"pulsar","privateKey":"file:///path/to/private.pem","keyId":"v1"}
-```
\ No newline at end of file
+```
diff --git a/versioned_docs/version-2.11.x/security-athenz.md
b/versioned_docs/version-2.11.x/security-athenz.md
index 5d10173dd09..a7ea9ca0864 100644
--- a/versioned_docs/version-2.11.x/security-athenz.md
+++ b/versioned_docs/version-2.11.x/security-athenz.md
@@ -4,6 +4,11 @@ title: Authentication using Athenz
sidebar_label: "Authentication using Athenz"
---
+````mdx-code-block
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+````
+
[Athenz](https://github.com/AthenZ/athenz) is a role-based
authentication/authorization system. In Pulsar, you can use Athenz role tokens
(also known as *z-tokens*) to establish the identity of the client.
A [decentralized Athenz
system](https://github.com/AthenZ/athenz/blob/master/docs/decent_authz_flow.md)
contains an [authori**Z**ation **M**anagement
**S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zms.md)
(ZMS) server and an [authori**Z**ation **T**oken
**S**ystem](https://github.com/AthenZ/athenz/blob/master/docs/setup_zts) (ZTS)
server.
