tuteng opened a new pull request #14044:
URL: https://github.com/apache/pulsar/pull/14044
<!--
### Contribution Checklist
- Name the pull request in the form "[Issue XYZ][component] Title of the
pull request", where *XYZ* should be replaced by the actual issue number.
Skip *Issue XYZ* if there is no associated github issue for this pull
request.
Skip *component* if you are unsure about which is the best component.
E.g. `[docs] Fix typo in produce method`.
- Fill out the template below to describe the changes contributed by the
pull request. That will give reviewers the context they need to do the review.
- Each pull request should address only one issue, not mix up code from
multiple issues.
- Each commit in the pull request has a meaningful commit message
- Once all items of the checklist are addressed, remove the above text and
this checklist, leaving only the filled out template below.
**(The sections below can be removed for hotfixes of typos)**
-->
*(If this PR fixes a github issue, please add `Fixes #<xyz>`.)*
Fixes #<xyz>
*(or if this PR is one task of a github issue, please add `Master Issue:
#<xyz>` to link to the master issue.)*
Master Issue: #<xyz>
### Motivation
Currently, pulsar auth is divided into two parts, one is the authn and authz
of the pulsar protocol (e.g. produce and consume) and the other is the authn
and authz of the HTTP protocol (e.g. management of pulsar clusters), auth is
divided into two phases authn and authz, currently in the authn phase will
return a string role, authz phase will check this role's permissions, The
string role contains very little information and that blocks some work in the
authz phase, so in pulsar, there is an interface `AuthenticationDataSource`
which is used to pass more information from the authn to the authz phase
In auth, there are two classes `AuthenticationDataHttps` and
`AuthenticationDataCommand` that implement this interface
`AuthenticationDataSource`. AuthenticationDataCommand is used to pass the state
information after the pulsar protocol authentication. `AuthenticationDataHttps`
is used to pass the status information after the HTTP protocol authentication.
`AuthenticationDataCommand` and `AuthenticationDataHttps` are both default
implementations, but now for the pulsar protocol there is support for using
user-defined implementations
https://github.com/apache/pulsar/blob/master/pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java#L817,
that gives the user the ability to extend the auth state and pass more
information, but for the HTTP protocol data does not yet support the use of
user-defined data, this pr implementation it.
### Modifications
* Add a new interface `newHttpAuthState` for passing HTTP auth state
* Set auth method name for pulsar client
### Verifying this change
- [ ] Make sure that the change passes the CI checks.
*(Please pick either of the following options)*
This change is a trivial rework / code cleanup without any test coverage.
*(or)*
This change is already covered by existing tests, such as *(please describe
tests)*.
*(or)*
This change added tests and can be verified as follows:
*(example:)*
- *Added integration tests for end-to-end deployment with large payloads
(10MB)*
- *Extended integration test for recovery after broker failure*
### Does this pull request potentially affect one of the following parts:
*If `yes` was chosen, please highlight the changes*
- Dependencies (does it add or upgrade a dependency): (yes / no)
- The public API: (yes / no)
- The schema: (yes / no / don't know)
- The default values of configurations: (yes / no)
- The wire protocol: (yes / no)
- The rest endpoints: (yes / no)
- The admin cli options: (yes / no)
- Anything that affects deployment: (yes / no / don't know)
### Documentation
Check the box below or label this PR directly (if you have committer
privilege).
Need to update docs?
- [ ] `doc-required`
(If you need help on updating docs, create a doc issue)
- [ ] `no-need-doc`
(Please explain why)
- [ ] `doc`
(If this PR contains doc changes)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
