[pulsar] branch branch-2.10 updated: [branch-2.10] [fix] [auth] fix not forward compatible config saslJaasServerRoleTokenSignerSecretPath after cherry-pick #15121 (#19971)

[yubiao]

This is an automated email from the ASF dual-hosted git repository.

yubiao pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.10 by this push:
     new cef4f71e7e8 [branch-2.10] [fix] [auth] fix not forward compatible 
config saslJaasServerRoleTokenSignerSecretPath after cherry-pick #15121 (#19971)
cef4f71e7e8 is described below

commit cef4f71e7e8b41f3021fb504bf282765dc3724b3
Author: fengyubiao <yubiao.f...@streamnative.io>
AuthorDate: Mon Apr 3 23:03:20 2023 +0800

    [branch-2.10] [fix] [auth] fix not forward compatible config 
saslJaasServerRoleTokenSignerSecretPath after cherry-pick #15121 (#19971)
    
    After cherry-picked #15121 into branch-2.10 to solve the issue sasl 
authentication failure, we will do a follow-up process to keep the new 
configuration `saslJaasServerRoleTokenSignerSecretPath` forward compatible: 
make this config optinal.
---
 .../authentication/AuthenticationProviderSasl.java |  5 +++--
 .../ProxySaslAuthenticationTest.java               | 24 ++++++++++++++++++----
 2 files changed, 23 insertions(+), 6 deletions(-)

diff --git 
a/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderSasl.java
 
b/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderSasl.java
index 0e090c638c1..bf6ec39134b 100644
--- 
a/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderSasl.java
+++ 
b/pulsar-broker-auth-sasl/src/main/java/org/apache/pulsar/broker/authentication/AuthenticationProviderSasl.java
@@ -41,6 +41,7 @@ import java.nio.file.Paths;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Random;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
@@ -106,8 +107,8 @@ public class AuthenticationProviderSasl implements 
AuthenticationProvider {
         if (StringUtils.isNotBlank(saslJaasServerRoleTokenSignerSecretPath)) {
             secret = 
readSecretFromUrl(saslJaasServerRoleTokenSignerSecretPath);
         } else {
-            String msg = "saslJaasServerRoleTokenSignerSecretPath parameter is 
empty";
-            throw new IllegalArgumentException(msg);
+            secret = Long.toString(new Random().nextLong()).getBytes();
+            log.info("JAAS authentication provider using random secret.");
         }
         this.signer = new SaslRoleTokenSigner(secret);
     }
diff --git 
a/pulsar-broker-auth-sasl/src/test/java/org/apache/pulsar/broker/authentication/ProxySaslAuthenticationTest.java
 
b/pulsar-broker-auth-sasl/src/test/java/org/apache/pulsar/broker/authentication/ProxySaslAuthenticationTest.java
index 66737c80de8..b79ed80b2d2 100644
--- 
a/pulsar-broker-auth-sasl/src/test/java/org/apache/pulsar/broker/authentication/ProxySaslAuthenticationTest.java
+++ 
b/pulsar-broker-auth-sasl/src/test/java/org/apache/pulsar/broker/authentication/ProxySaslAuthenticationTest.java
@@ -37,6 +37,7 @@ import javax.security.auth.login.Configuration;
 import lombok.Cleanup;
 import org.apache.commons.io.FileUtils;
 import org.apache.curator.shaded.com.google.common.collect.Maps;
+import org.apache.pulsar.broker.ServiceConfiguration;
 import org.apache.pulsar.client.admin.PulsarAdmin;
 import org.apache.pulsar.client.api.Authentication;
 import org.apache.pulsar.client.api.AuthenticationFactory;
@@ -51,6 +52,7 @@ import org.apache.pulsar.client.impl.auth.AuthenticationSasl;
 import org.apache.pulsar.common.configuration.PulsarConfigurationLoader;
 import org.apache.pulsar.proxy.server.ProxyConfiguration;
 import org.apache.pulsar.proxy.server.ProxyService;
+import org.mockito.Mockito;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.testng.Assert;
@@ -214,10 +216,14 @@ public class ProxySaslAuthenticationTest extends 
ProducerConsumerBase {
        @Override
        @AfterMethod(alwaysRun = true)
        protected void cleanup() throws Exception {
-               FileUtils.deleteQuietly(brokerSecretKeyFile);
-               Assert.assertFalse(brokerSecretKeyFile.exists());
-               FileUtils.deleteQuietly(proxySecretKeyFile);
-               Assert.assertFalse(proxySecretKeyFile.exists());
+               if (brokerSecretKeyFile != null) {
+                       FileUtils.deleteQuietly(brokerSecretKeyFile);
+                       Assert.assertFalse(brokerSecretKeyFile.exists());
+               }
+               if (proxySecretKeyFile != null) {
+                       FileUtils.deleteQuietly(proxySecretKeyFile);
+                       Assert.assertFalse(proxySecretKeyFile.exists());
+               }
                super.internalCleanup();
        }
 
@@ -294,6 +300,16 @@ public class ProxySaslAuthenticationTest extends 
ProducerConsumerBase {
                proxyService.close();
        }
 
+       @Test
+       public void testNoErrorEvenIfTheConfigSecretIsEmpty () throws Exception 
{
+               ServiceConfiguration configurationWithoutSecret = 
Mockito.spy(conf);
+               Mockito.doAnswer(invocation -> 
null).when(configurationWithoutSecret).getSaslJaasServerRoleTokenSignerSecretPath();
+               
configurationWithoutSecret.setSaslJaasServerRoleTokenSignerSecretPath(null);
+               AuthenticationProviderSasl authenticationProviderSasl = new 
AuthenticationProviderSasl();
+               
authenticationProviderSasl.initialize(configurationWithoutSecret);
+               authenticationProviderSasl.close();
+       }
+
        private PulsarClient createProxyClient(String proxyServiceUrl, int 
numberOfConnections) throws PulsarClientException {
                Map<String, String> clientSaslConfig = Maps.newHashMap();
                clientSaslConfig.put("saslJaasClientSectionName", 
"PulsarClient");