merlimat closed pull request #1921: Simplified authentication wiht Python client lib URL: https://github.com/apache/incubator-pulsar/pull/1921
This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/pulsar-client-cpp/python/pulsar/__init__.py b/pulsar-client-cpp/python/pulsar/__init__.py index d8254d3bad..b09a8a7084 100644 --- a/pulsar-client-cpp/python/pulsar/__init__.py +++ b/pulsar-client-cpp/python/pulsar/__init__.py @@ -172,7 +172,8 @@ def message_id(self): class Authentication: """ - Authentication provider object. + Authentication provider object. Used to load authentication from an external + shared library. """ def __init__(self, dynamicLibPath, authParamsString): """ @@ -189,6 +190,38 @@ def __init__(self, dynamicLibPath, authParamsString): _check_type(str, authParamsString, 'authParamsString') self.auth = _pulsar.Authentication(dynamicLibPath, authParamsString) +class AuthenticationTLS(Authentication): + """ + TLS Authentication implementation + """ + def __init__(self, certificate_path, private_key_path): + """ + Create the TLS authentication provider instance. + + **Args** + + * `certificatePath`: Path to the public certificate + * `privateKeyPath`: Path to private TLS key + """ + _check_type(str, certificate_path, 'certificate_path') + _check_type(str, private_key_path, 'private_key_path') + self.auth = _pulsar.AuthenticationTLS(certificate_path, private_key_path) + +class AuthenticationAthenz(Authentication): + """ + Athenz Authentication implementation + """ + def __init__(self, auth_params_string): + """ + Create the Athenz authentication provider instance. + + **Args** + + * `auth_params_string`: JSON encoded configuration for Athenz client + """ + _check_type(str, auth_params_string, 'auth_params_string') + self.auth = _pulsar.AuthenticationAthenz(auth_params_string) + class Client: """ @@ -220,7 +253,8 @@ def __init__(self, service_url, **Options** * `authentication`: - Set the authentication provider to be used with the broker. + Set the authentication provider to be used with the broker. For example: + `AuthenticationTls` or `AuthenticationAthenz` * `operation_timeout_seconds`: Set timeout on client operations (subscribe, create producer, close, unsubscribe). @@ -238,7 +272,9 @@ def __init__(self, service_url, * `log_conf_file_path`: Initialize log4cxx from a configuration file. * `use_tls`: - Configure whether to use TLS encryption on the connection. + Configure whether to use TLS encryption on the connection. This setting + is deprecated. TLS will be automatically enabled if the `serviceUrl` is + set to `pulsar+ssl://` or `https://` * `tls_trust_certs_file_path`: Set the path to the trusted TLS certificate file. * `tls_allow_insecure_connection`: @@ -265,7 +301,8 @@ def __init__(self, service_url, conf.concurrent_lookup_requests(concurrent_lookup_requests) if log_conf_file_path: conf.log_conf_file_path(log_conf_file_path) - conf.use_tls(use_tls) + if use_tls or service_url.startswith('pulsar+ssl://') or service_url.startswith('https://'): + conf.use_tls(True) if tls_trust_certs_file_path: conf.tls_trust_certs_file_path(tls_trust_certs_file_path) conf.tls_allow_insecure_connection(tls_allow_insecure_connection) diff --git a/pulsar-client-cpp/python/pulsar_test.py b/pulsar-client-cpp/python/pulsar_test.py index e2f3e251bc..a0795eaa63 100755 --- a/pulsar-client-cpp/python/pulsar_test.py +++ b/pulsar-client-cpp/python/pulsar_test.py @@ -22,7 +22,8 @@ from unittest import TestCase, main import time from pulsar import Client, MessageId, \ - CompressionType, ConsumerType, PartitionsRoutingMode + CompressionType, ConsumerType, PartitionsRoutingMode, \ + AuthenticationTLS from _pulsar import ProducerConfiguration, ConsumerConfiguration @@ -45,6 +46,8 @@ class PulsarTest(TestCase): serviceUrl = 'pulsar://localhost:8885' adminUrl = 'http://localhost:8765' + serviceUrlTls = 'pulsar+ssl://localhost:9886' + def test_producer_config(self): conf = ProducerConfiguration() conf.send_timeout_millis(12) @@ -114,6 +117,31 @@ def test_producer_consumer(self): client.close() + def test_tls_auth(self): + certs_dir = "../../pulsar-broker/src/test/resources/authentication/tls/" + client = Client(self.serviceUrlTls, + tls_trust_certs_file_path=certs_dir + 'cacert.pem', + tls_allow_insecure_connection=False, + authentication=AuthenticationTLS(certs_dir + 'client-cert.pem', certs_dir + 'client-key.pem')) + + consumer = client.subscribe('persistent://property/cluster/namespace/my-python-topic-producer-consumer', + 'my-sub', + consumer_type=ConsumerType.Shared) + producer = client.create_producer('persistent://property/cluster/namespace/my-python-topic-producer-consumer') + producer.send('hello') + + msg = consumer.receive(1000) + self.assertTrue(msg) + self.assertEqual(msg.data(), b'hello') + + try: + msg = consumer.receive(100) + self.assertTrue(False) # Should not reach this point + except: + pass # Exception is expected + + client.close() + def test_message_listener(self): client = Client(self.serviceUrl) diff --git a/pulsar-client-cpp/python/src/authentication.cc b/pulsar-client-cpp/python/src/authentication.cc index 813022821c..9cfb2e717b 100644 --- a/pulsar-client-cpp/python/src/authentication.cc +++ b/pulsar-client-cpp/python/src/authentication.cc @@ -18,14 +18,38 @@ */ #include "utils.h" +AuthenticationWrapper::AuthenticationWrapper() {} + AuthenticationWrapper::AuthenticationWrapper(const std::string& dynamicLibPath, const std::string& authParamsString) { this->auth = AuthFactory::create(dynamicLibPath, authParamsString); } +struct AuthenticationTlsWrapper : public AuthenticationWrapper { + AuthenticationTlsWrapper(const std::string& certificatePath, const std::string& privateKeyPath) : + AuthenticationWrapper() { + this->auth = AuthTls::create(certificatePath, privateKeyPath); + } +}; + +struct AuthenticationAthenzWrapper : public AuthenticationWrapper { + AuthenticationAthenzWrapper(const std::string& authParamsString) : + AuthenticationWrapper() { + this->auth = AuthAthenz::create(authParamsString); + } +}; + void export_authentication() { using namespace boost::python; class_<AuthenticationWrapper>("Authentication", init<const std::string&, const std::string&>()) ; + + class_<AuthenticationTlsWrapper, bases<AuthenticationWrapper> >("AuthenticationTLS", + init<const std::string&, const std::string&>()) + ; + + class_<AuthenticationAthenzWrapper, bases<AuthenticationWrapper> >("AuthenticationAthenz", + init<const std::string&>()) + ; } diff --git a/pulsar-client-cpp/python/src/utils.h b/pulsar-client-cpp/python/src/utils.h index 66ad852390..4911b566cc 100644 --- a/pulsar-client-cpp/python/src/utils.h +++ b/pulsar-client-cpp/python/src/utils.h @@ -39,5 +39,6 @@ inline void CHECK_RESULT(Result res) { struct AuthenticationWrapper { AuthenticationPtr auth; + AuthenticationWrapper(); AuthenticationWrapper(const std::string& dynamicLibPath, const std::string& authParamsString); }; ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services