(pulsar) branch master updated: [feat][client] Support forward proxy for the ZTS server in pulsar-client-auth-athenz (#23947)

Sat, 08 Feb 2025 02:03:42 -0800 

This is an automated email from the ASF dual-hosted git repository.

zixuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 54e9eb19d50 [feat][client] Support forward proxy for the ZTS server in 
pulsar-client-auth-athenz (#23947)
54e9eb19d50 is described below

commit 54e9eb19d50b08978c953ec060226fd6c2a54775
Author: Yuri Mizushima <[email protected]>
AuthorDate: Sat Feb 8 19:03:29 2025 +0900

    [feat][client] Support forward proxy for the ZTS server in 
pulsar-client-auth-athenz (#23947)
---
 pom.xml                                            |  2 +-
 .../client/impl/auth/AuthenticationAthenz.java     |  8 ++-
 .../client/impl/auth/AuthenticationAthenzTest.java | 57 ++++++++++++++++++++++
 3 files changed, 64 insertions(+), 3 deletions(-)

diff --git a/pom.xml b/pom.xml
index b24577cfb83..ac1d68647c5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -152,7 +152,7 @@ flexible messaging model and an intuitive client 
API.</description>
     <jetty.version>9.4.56.v20240826</jetty.version>
     <conscrypt.version>2.5.2</conscrypt.version>
     <jersey.version>2.42</jersey.version>
-    <athenz.version>1.10.50</athenz.version>
+    <athenz.version>1.10.62</athenz.version>
     <prometheus.version>0.16.0</prometheus.version>
     <vertx.version>4.5.10</vertx.version>
     <rocksdb.version>7.9.2</rocksdb.version>
diff --git 
a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
 
b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
index 84d81c5d943..33f3ffb2ad5 100644
--- 
a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
+++ 
b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java
@@ -63,6 +63,7 @@ public class AuthenticationAthenz implements Authentication, 
EncodedAuthenticati
     private transient KeyRefresher keyRefresher = null;
     private transient ZTSClient ztsClient = null;
     private String ztsUrl = null;
+    private String ztsProxyUrl = null;
     private String tenantDomain;
     private String tenantService;
     private String providerDomain;
@@ -193,6 +194,9 @@ public class AuthenticationAthenz implements 
Authentication, EncodedAuthenticati
         if (isNotBlank(authParams.get("ztsUrl"))) {
             this.ztsUrl = authParams.get("ztsUrl");
         }
+        if (isNotBlank(authParams.get("ztsProxyUrl"))) {
+            this.ztsProxyUrl = authParams.get("ztsProxyUrl");
+        }
     }
 
     @Override
@@ -219,11 +223,11 @@ public class AuthenticationAthenz implements 
Authentication, EncodedAuthenticati
                 }
                 final SSLContext sslContext = 
Utils.buildSSLContext(keyRefresher.getKeyManagerProxy(),
                         keyRefresher.getTrustManagerProxy());
-                ztsClient = new ZTSClient(ztsUrl, sslContext);
+                ztsClient = new ZTSClient(ztsUrl, ztsProxyUrl, sslContext);
             } else {
                 ServiceIdentityProvider siaProvider = new 
SimpleServiceIdentityProvider(tenantDomain, tenantService,
                         privateKey, keyId);
-                ztsClient = new ZTSClient(ztsUrl, tenantDomain, tenantService, 
siaProvider);
+                ztsClient = new ZTSClient(ztsUrl, ztsProxyUrl, tenantDomain, 
tenantService, siaProvider);
             }
             ztsClient.setPrefetchAutoEnable(this.autoPrefetchEnabled);
         }
diff --git 
a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
 
b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
index b4b92eddd57..28261e2c977 100644
--- 
a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
+++ 
b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java
@@ -18,10 +18,18 @@
  */
 package org.apache.pulsar.client.impl.auth;
 
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNull;
 import static org.testng.Assert.assertTrue;
 import static org.testng.Assert.fail;
+import org.mockito.MockedConstruction;
+import org.mockito.Mockito;
 import org.testng.annotations.Test;
 import org.apache.pulsar.common.util.ObjectMapperFactory;
 import static org.apache.pulsar.common.util.Codec.encode;
@@ -287,4 +295,53 @@ public class AuthenticationAthenzTest {
         
assertEquals(auth2.getAuthData().getHttpHeaders().iterator().next().getKey(), 
"Test-Role-Header");
         auth2.close();
     }
+
+    @Test
+    public void testZtsProxyUrlSetting() throws Exception {
+        final String ztsProxyUrl = "https://example.com:4443/";;
+        final String paramsStr = new 
String(Files.readAllBytes(Paths.get("./src/test/resources/authParams.json")));
+        final ObjectMapper jsonMapper = ObjectMapperFactory.create();
+        final Map<String, String> authParamsMap = 
jsonMapper.readValue(paramsStr, new TypeReference<HashMap<String, String>>() { 
});
+
+        try (MockedConstruction<ZTSClient> mockedZTSClient = 
Mockito.mockConstruction(ZTSClient.class, (mock, context) -> {
+            final String actualZtsProxyUrl = (String) 
context.arguments().get(1);
+            assertNull(actualZtsProxyUrl);
+
+            when(mock.getRoleToken(any(), any(), anyInt(), anyInt(), 
anyBoolean())).thenReturn(mock(RoleToken.class));
+        })) {
+            authParamsMap.remove("ztsProxyUrl");
+            final AuthenticationAthenz auth1 = new AuthenticationAthenz();
+            auth1.configure(jsonMapper.writeValueAsString(authParamsMap));
+            auth1.getAuthData();
+
+            assertEquals(mockedZTSClient.constructed().size(), 1);
+
+            auth1.close();
+
+            authParamsMap.put("ztsProxyUrl", "");
+            final AuthenticationAthenz auth2 = new AuthenticationAthenz();
+            auth2.configure(jsonMapper.writeValueAsString(authParamsMap));
+            auth2.getAuthData();
+
+            assertEquals(mockedZTSClient.constructed().size(), 2);
+
+            auth2.close();
+        }
+
+        try (MockedConstruction<ZTSClient> mockedZTSClient = 
Mockito.mockConstruction(ZTSClient.class, (mock, context) -> {
+            final String actualZtsProxyUrl = (String) 
context.arguments().get(1);
+            assertEquals(actualZtsProxyUrl, ztsProxyUrl);
+
+            when(mock.getRoleToken(any(), any(), anyInt(), anyInt(), 
anyBoolean())).thenReturn(mock(RoleToken.class));
+        })) {
+            authParamsMap.put("ztsProxyUrl", ztsProxyUrl);
+            final AuthenticationAthenz auth3 = new AuthenticationAthenz();
+            auth3.configure(jsonMapper.writeValueAsString(authParamsMap));
+            auth3.getAuthData();
+
+            assertEquals(mockedZTSClient.constructed().size(), 1);
+
+            auth3.close();
+        }
+    }
 }

Reply via email to