(pulsar-helm-chart) branch master updated: Support configuring "proxyRoles" in broker (#430)

Tue, 16 Jan 2024 04:49:08 -0800 

This is an automated email from the ASF dual-hosted git repository.

lhotari pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar-helm-chart.git


The following commit(s) were added to refs/heads/master by this push:
     new f20756a  Support configuring "proxyRoles" in broker (#430)
f20756a is described below

commit f20756abb848801058ce45c2bb04d564ae349d97
Author: Lari Hotari <[email protected]>
AuthorDate: Tue Jan 16 04:48:58 2024 -0800

    Support configuring "proxyRoles" in broker (#430)
    
    * Add support for proxyRoles
    
    * Test produce and consume via Pulsar proxy
---
 .ci/helm.sh                                   | 17 +++++++++++++++++
 charts/pulsar/templates/broker-configmap.yaml |  4 ++++
 charts/pulsar/templates/proxy-configmap.yaml  |  4 ++++
 charts/pulsar/values.yaml                     |  3 +++
 4 files changed, 28 insertions(+)

diff --git a/.ci/helm.sh b/.ci/helm.sh
index 3284b0f..4838e4e 100644
--- a/.ci/helm.sh
+++ b/.ci/helm.sh
@@ -164,6 +164,15 @@ function ci::install_pulsar_chart() {
     # ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bash -c 'until [ 
"$(curl -L http://pulsar-ci-proxy:8080/status.html)" == "OK" ]; do sleep 3; 
done'
 }
 
+helm_values_cached=""
+
+function ci::helm_values_for_deployment() {
+    if [[ -z "${helm_values_cached}" ]]; then
+        helm_values_cached=$(helm get values -n ${NAMESPACE} ${CLUSTER} -a -o 
yaml)
+    fi
+    printf "%s" "${helm_values_cached}"
+}
+
 function ci::test_pulsar_producer_consumer() {
     sleep 120
     ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bash -c 'until 
nslookup pulsar-ci-broker; do sleep 3; done'
@@ -178,6 +187,14 @@ function ci::test_pulsar_producer_consumer() {
     ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bin/pulsar-admin 
topics create-subscription -s test pulsar-ci/test/test-topic
     ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bin/pulsar-client 
produce -m "test-message" pulsar-ci/test/test-topic
     ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bin/pulsar-client 
consume -s test pulsar-ci/test/test-topic
+    ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bin/pulsar-admin 
topics create-subscription -s test2 pulsar-ci/test/test-topic
+    if [[ "$(ci::helm_values_for_deployment | yq .tls.proxy.enabled)" == 
"true" ]]; then
+      PROXY_URL="pulsar+ssl://pulsar-ci-proxy:6651"
+    else
+      PROXY_URL="pulsar://pulsar-ci-proxy:6650"
+    fi
+    ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bin/pulsar-client 
--url "${PROXY_URL}" produce -m "test-message2" pulsar-ci/test/test-topic
+    ${KUBECTL} exec -n ${NAMESPACE} ${CLUSTER}-toolset-0 -- bin/pulsar-client 
--url "${PROXY_URL}" consume -s test2 pulsar-ci/test/test-topic
 }
 
 function ci::wait_function_running() {
diff --git a/charts/pulsar/templates/broker-configmap.yaml 
b/charts/pulsar/templates/broker-configmap.yaml
index c02a4df..ab903d1 100644
--- a/charts/pulsar/templates/broker-configmap.yaml
+++ b/charts/pulsar/templates/broker-configmap.yaml
@@ -114,6 +114,10 @@ data:
   {{- if .Values.auth.authorization.enabled }}
   authorizationEnabled: "true"
   superUserRoles: {{ .Values.auth.superUsers | values | sortAlpha | join "," }}
+  {{- if .Values.auth.useProxyRoles }}
+  proxyRoles: {{ .Values.auth.superUsers.proxy }}
+  {{- end }}
+  
   {{- end }}
   {{- if eq .Values.auth.authentication.provider "jwt" }}
   # token authentication configuration
diff --git a/charts/pulsar/templates/proxy-configmap.yaml 
b/charts/pulsar/templates/proxy-configmap.yaml
index 5770aba..0d82d8b 100644
--- a/charts/pulsar/templates/proxy-configmap.yaml
+++ b/charts/pulsar/templates/proxy-configmap.yaml
@@ -64,8 +64,12 @@ data:
   # disable authorization on proxy and forward authorization credentials to 
broker
   authorizationEnabled: "false"
   forwardAuthorizationCredentials: "true"
+  {{- if .Values.auth.useProxyRoles }}
+  superUserRoles: {{ omit .Values.auth.superUsers "proxy" | values | sortAlpha 
| join "," }}
+  {{- else }}
   superUserRoles: {{ .Values.auth.superUsers | values | sortAlpha | join "," }}
   {{- end }}
+  {{- end }}
   {{- if eq .Values.auth.authentication.provider "jwt" }}
   # token authentication configuration
   authenticationProviders: 
"org.apache.pulsar.broker.authentication.AuthenticationProviderToken"
diff --git a/charts/pulsar/values.yaml b/charts/pulsar/values.yaml
index 92f1da2..167b4c6 100644
--- a/charts/pulsar/values.yaml
+++ b/charts/pulsar/values.yaml
@@ -249,6 +249,9 @@ auth:
     proxy: "proxy-admin"
     # pulsar-admin client to broker/proxy communication
     client: "admin"
+  # omits the above proxy role from superusers on the proxy
+  # and configures it as a proxy role on the broker in addition to the 
superusers
+  useProxyRoles: true
 
 ######################################################################
 # External dependencies

Reply via email to