merlimat closed pull request #1921: Simplified authentication wiht Python
client lib
URL: https://github.com/apache/incubator-pulsar/pull/1921
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/pulsar-client-cpp/python/pulsar/__init__.py
b/pulsar-client-cpp/python/pulsar/__init__.py
index d8254d3bad..b09a8a7084 100644
--- a/pulsar-client-cpp/python/pulsar/__init__.py
+++ b/pulsar-client-cpp/python/pulsar/__init__.py
@@ -172,7 +172,8 @@ def message_id(self):
class Authentication:
"""
- Authentication provider object.
+ Authentication provider object. Used to load authentication from an
external
+ shared library.
"""
def __init__(self, dynamicLibPath, authParamsString):
"""
@@ -189,6 +190,38 @@ def __init__(self, dynamicLibPath, authParamsString):
_check_type(str, authParamsString, 'authParamsString')
self.auth = _pulsar.Authentication(dynamicLibPath, authParamsString)
+class AuthenticationTLS(Authentication):
+ """
+ TLS Authentication implementation
+ """
+ def __init__(self, certificate_path, private_key_path):
+ """
+ Create the TLS authentication provider instance.
+
+ **Args**
+
+ * `certificatePath`: Path to the public certificate
+ * `privateKeyPath`: Path to private TLS key
+ """
+ _check_type(str, certificate_path, 'certificate_path')
+ _check_type(str, private_key_path, 'private_key_path')
+ self.auth = _pulsar.AuthenticationTLS(certificate_path,
private_key_path)
+
+class AuthenticationAthenz(Authentication):
+ """
+ Athenz Authentication implementation
+ """
+ def __init__(self, auth_params_string):
+ """
+ Create the Athenz authentication provider instance.
+
+ **Args**
+
+ * `auth_params_string`: JSON encoded configuration for Athenz client
+ """
+ _check_type(str, auth_params_string, 'auth_params_string')
+ self.auth = _pulsar.AuthenticationAthenz(auth_params_string)
+
class Client:
"""
@@ -220,7 +253,8 @@ def __init__(self, service_url,
**Options**
* `authentication`:
- Set the authentication provider to be used with the broker.
+ Set the authentication provider to be used with the broker. For
example:
+ `AuthenticationTls` or `AuthenticationAthenz`
* `operation_timeout_seconds`:
Set timeout on client operations (subscribe, create producer, close,
unsubscribe).
@@ -238,7 +272,9 @@ def __init__(self, service_url,
* `log_conf_file_path`:
Initialize log4cxx from a configuration file.
* `use_tls`:
- Configure whether to use TLS encryption on the connection.
+ Configure whether to use TLS encryption on the connection. This
setting
+ is deprecated. TLS will be automatically enabled if the `serviceUrl`
is
+ set to `pulsar+ssl://` or `https://`
* `tls_trust_certs_file_path`:
Set the path to the trusted TLS certificate file.
* `tls_allow_insecure_connection`:
@@ -265,7 +301,8 @@ def __init__(self, service_url,
conf.concurrent_lookup_requests(concurrent_lookup_requests)
if log_conf_file_path:
conf.log_conf_file_path(log_conf_file_path)
- conf.use_tls(use_tls)
+ if use_tls or service_url.startswith('pulsar+ssl://') or
service_url.startswith('https://'):
+ conf.use_tls(True)
if tls_trust_certs_file_path:
conf.tls_trust_certs_file_path(tls_trust_certs_file_path)
conf.tls_allow_insecure_connection(tls_allow_insecure_connection)
diff --git a/pulsar-client-cpp/python/pulsar_test.py
b/pulsar-client-cpp/python/pulsar_test.py
index e2f3e251bc..a0795eaa63 100755
--- a/pulsar-client-cpp/python/pulsar_test.py
+++ b/pulsar-client-cpp/python/pulsar_test.py
@@ -22,7 +22,8 @@
from unittest import TestCase, main
import time
from pulsar import Client, MessageId, \
- CompressionType, ConsumerType, PartitionsRoutingMode
+ CompressionType, ConsumerType, PartitionsRoutingMode, \
+ AuthenticationTLS
from _pulsar import ProducerConfiguration, ConsumerConfiguration
@@ -45,6 +46,8 @@ class PulsarTest(TestCase):
serviceUrl = 'pulsar://localhost:8885'
adminUrl = 'http://localhost:8765'
+ serviceUrlTls = 'pulsar+ssl://localhost:9886'
+
def test_producer_config(self):
conf = ProducerConfiguration()
conf.send_timeout_millis(12)
@@ -114,6 +117,31 @@ def test_producer_consumer(self):
client.close()
+ def test_tls_auth(self):
+ certs_dir =
"../../pulsar-broker/src/test/resources/authentication/tls/"
+ client = Client(self.serviceUrlTls,
+ tls_trust_certs_file_path=certs_dir + 'cacert.pem',
+ tls_allow_insecure_connection=False,
+ authentication=AuthenticationTLS(certs_dir +
'client-cert.pem', certs_dir + 'client-key.pem'))
+
+ consumer =
client.subscribe('persistent://property/cluster/namespace/my-python-topic-producer-consumer',
+ 'my-sub',
+ consumer_type=ConsumerType.Shared)
+ producer =
client.create_producer('persistent://property/cluster/namespace/my-python-topic-producer-consumer')
+ producer.send('hello')
+
+ msg = consumer.receive(1000)
+ self.assertTrue(msg)
+ self.assertEqual(msg.data(), b'hello')
+
+ try:
+ msg = consumer.receive(100)
+ self.assertTrue(False) # Should not reach this point
+ except:
+ pass # Exception is expected
+
+ client.close()
+
def test_message_listener(self):
client = Client(self.serviceUrl)
diff --git a/pulsar-client-cpp/python/src/authentication.cc
b/pulsar-client-cpp/python/src/authentication.cc
index 813022821c..9cfb2e717b 100644
--- a/pulsar-client-cpp/python/src/authentication.cc
+++ b/pulsar-client-cpp/python/src/authentication.cc
@@ -18,14 +18,38 @@
*/
#include "utils.h"
+AuthenticationWrapper::AuthenticationWrapper() {}
+
AuthenticationWrapper::AuthenticationWrapper(const std::string& dynamicLibPath,
const std::string&
authParamsString) {
this->auth = AuthFactory::create(dynamicLibPath, authParamsString);
}
+struct AuthenticationTlsWrapper : public AuthenticationWrapper {
+ AuthenticationTlsWrapper(const std::string& certificatePath, const
std::string& privateKeyPath) :
+ AuthenticationWrapper() {
+ this->auth = AuthTls::create(certificatePath, privateKeyPath);
+ }
+};
+
+struct AuthenticationAthenzWrapper : public AuthenticationWrapper {
+ AuthenticationAthenzWrapper(const std::string& authParamsString) :
+ AuthenticationWrapper() {
+ this->auth = AuthAthenz::create(authParamsString);
+ }
+};
+
void export_authentication() {
using namespace boost::python;
class_<AuthenticationWrapper>("Authentication", init<const std::string&,
const std::string&>())
;
+
+ class_<AuthenticationTlsWrapper, bases<AuthenticationWrapper>
>("AuthenticationTLS",
+ init<const
std::string&, const std::string&>())
+ ;
+
+ class_<AuthenticationAthenzWrapper, bases<AuthenticationWrapper>
>("AuthenticationAthenz",
+
init<const std::string&>())
+ ;
}
diff --git a/pulsar-client-cpp/python/src/utils.h
b/pulsar-client-cpp/python/src/utils.h
index 66ad852390..4911b566cc 100644
--- a/pulsar-client-cpp/python/src/utils.h
+++ b/pulsar-client-cpp/python/src/utils.h
@@ -39,5 +39,6 @@ inline void CHECK_RESULT(Result res) {
struct AuthenticationWrapper {
AuthenticationPtr auth;
+ AuthenticationWrapper();
AuthenticationWrapper(const std::string& dynamicLibPath, const
std::string& authParamsString);
};
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
