[pulsar] branch branch-3.0 updated: [fix][fn] Support customizing TLS config for function download command (#20482)

Fri, 02 Jun 2023 21:00:57 -0700 

This is an automated email from the ASF dual-hosted git repository.

mmarshall pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new cd08427cf96 [fix][fn] Support customizing TLS config for function 
download command (#20482)
cd08427cf96 is described below

commit cd08427cf966aa34e124f156e912e5ff5b050e05
Author: Michael Marshall <[email protected]>
AuthorDate: Fri Jun 2 18:47:53 2023 -0500

    [fix][fn] Support customizing TLS config for function download command 
(#20482)
    
    (cherry picked from commit ceed19cf3b8536a8c9059bfbcb29ef972841b412)
---
 .../runtime/kubernetes/KubernetesRuntime.java      | 10 +++++++
 .../runtime/kubernetes/KubernetesRuntimeTest.java  | 33 ++++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git 
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
 
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
index 939a446d7fe..7779422965b 100644
--- 
a/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
+++ 
b/pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntime.java
@@ -885,6 +885,16 @@ public class KubernetesRuntime implements Runtime {
                         "--auth-params",
                         authConfig.getClientAuthenticationParameters()));
             }
+            cmd.addAll(Arrays.asList(
+                    "--tls-allow-insecure",
+                    
Boolean.toString(authConfig.isTlsAllowInsecureConnection()),
+                    "--tls-enable-hostname-verification",
+                    
Boolean.toString(authConfig.isTlsHostnameVerificationEnable())));
+            if (isNotBlank(authConfig.getTlsTrustCertsFilePath())) {
+                cmd.addAll(Arrays.asList(
+                        "--tls-trust-cert-path",
+                        authConfig.getTlsTrustCertsFilePath()));
+            }
         }
 
         cmd.addAll(Arrays.asList(
diff --git 
a/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeTest.java
 
b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeTest.java
index 3facd37fc92..d6135737c4f 100644
--- 
a/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeTest.java
+++ 
b/pulsar-functions/runtime/src/test/java/org/apache/pulsar/functions/runtime/kubernetes/KubernetesRuntimeTest.java
@@ -852,6 +852,7 @@ public class KubernetesRuntimeTest {
         V1StatefulSet spec = container.createStatefulSet();
         String expectedDownloadCommand = "pulsar-admin --admin-url " + 
pulsarAdminUrl
                 + " --auth-plugin com.MyAuth --auth-params {\"authParam1\": 
\"authParamValue1\"}"
+                + " --tls-allow-insecure false 
--tls-enable-hostname-verification false"
                 + " functions download "
                 + "--tenant " + TEST_TENANT
                 + " --namespace " + TEST_NAMESPACE
@@ -878,6 +879,38 @@ public class KubernetesRuntimeTest {
         V1StatefulSet spec = container.createStatefulSet();
         String expectedDownloadCommand = "pulsar-admin --admin-url " + 
pulsarAdminUrl
                 + " --auth-plugin com.MyAuth --auth-params {\"authParam1\": 
\"authParamValue1\"}"
+                + " --tls-allow-insecure false 
--tls-enable-hostname-verification false"
+                + " functions download "
+                + "--tenant " + TEST_TENANT
+                + " --namespace " + TEST_NAMESPACE
+                + " --name " + TEST_NAME
+                + " --destination-file " + pulsarRootDir + "/" + userJarFile;
+        String containerCommand = 
spec.getSpec().getTemplate().getSpec().getContainers().get(0).getCommand().get(2);
+        assertTrue(containerCommand.contains(expectedDownloadCommand), 
"Found:" + containerCommand);
+    }
+
+    @Test
+    public void 
testCustomKubernetesDownloadCommandsWithAuthAndCustomTLSWithoutAuthSpec() 
throws Exception {
+        InstanceConfig config = 
createJavaInstanceConfig(FunctionDetails.Runtime.JAVA, false);
+        
config.setFunctionDetails(createFunctionDetails(FunctionDetails.Runtime.JAVA, 
false));
+
+        factory = createKubernetesRuntimeFactory(null,
+                10, 1.0, 1.0, Optional.empty(), null, wconfig -> {
+                    wconfig.setAuthenticationEnabled(true);
+                }, AuthenticationConfig.builder()
+                        .clientAuthenticationPlugin("com.MyAuth")
+                        .clientAuthenticationParameters("{\"authParam1\": 
\"authParamValue1\"}")
+                        .useTls(true) // set to verify it is ignored because 
pulsar admin does not consider this setting
+                        .tlsHostnameVerificationEnable(true)
+                        .tlsTrustCertsFilePath("/my/ca.pem")
+                        .build());
+
+        KubernetesRuntime container = factory.createContainer(config, 
userJarFile, userJarFile, null, null, 30l);
+        V1StatefulSet spec = container.createStatefulSet();
+        String expectedDownloadCommand = "pulsar-admin --admin-url " + 
pulsarAdminUrl
+                + " --auth-plugin com.MyAuth --auth-params {\"authParam1\": 
\"authParamValue1\"}"
+                + " --tls-allow-insecure false 
--tls-enable-hostname-verification true"
+                + " --tls-trust-cert-path /my/ca.pem"
                 + " functions download "
                 + "--tenant " + TEST_TENANT
                 + " --namespace " + TEST_NAMESPACE

Reply via email to