[doc]Add brokerClient authentication configuration (apache#5153)

* Add brokerClient authentication configuration

* Add authz tls auth for multi verison

* Update configuration

site2/docs/security-athenz.md

@@ -56,6 +56,10 @@ athenzDomainNames=pulsar
 tlsEnabled=true
 tlsCertificateFilePath=/path/to/broker-cert.pem
 tlsKeyFilePath=/path/to/broker-key.pem
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationAthenz
+brokerClientAuthenticationParameters={"tenantDomain":"shopping","tenantService":"some_app","providerDomain":"pulsar","privateKey":"file:///path/to/private.pem","keyId":"v1"}
 ```
 
 > A full listing of parameters is available in the `conf/broker.conf` file, you can also find the default

site2/docs/security-tls-authentication.md

@@ -64,6 +64,15 @@ To configure brokers to authenticate clients, add the following parameters to `b
 # Configuration to enable authentication
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientTlsEnabled=true
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
+brokerClientAuthenticationParameters=tlsCertFile:/path/my-ca/admin.cert.pem,tlsKeyFile:/path/my-ca/admin.key-pk8.pem
+brokerClientTrustCertsFilePath=/path/my-ca/certs/ca.cert.pem
 ```
 
 ## Enable TLS authentication on proxies

site2/docs/security-token-admin.md

@@ -120,6 +120,15 @@ tokenSecretKey=file:///path/to/secret.key
 
 # If using public/private
 # tokenPublicKey=file:///path/to/public.key
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
+brokerClientAuthenticationParameters=token:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw
+# Or, alternatively, read token from file
+# brokerClientAuthenticationParameters=file:///path/to/admin-token.txt
 ```
 
 ## Enable token authentication on Proxies

site2/website/versioned_docs/version-2.1.0-incubating/security-athenz.md

@@ -57,6 +57,10 @@ athenzDomainNames=pulsar
 tlsEnabled=true
 tlsCertificateFilePath=/path/to/broker-cert.pem
 tlsKeyFilePath=/path/to/broker-key.pem
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationAthenz
+brokerClientAuthenticationParameters={"tenantDomain":"shopping","tenantService":"some_app","providerDomain":"pulsar","privateKey":"file:///path/to/private.pem","keyId":"v1"}
 ```
 
 > A full listing of parameters available in the `conf/broker.conf` file, as well as the default

site2/website/versioned_docs/version-2.1.0-incubating/security-tls-authentication.md

@@ -54,6 +54,15 @@ To configure brokers to authenticate clients, put the following in `broker.conf`
 # Configuration to enable authentication
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientTlsEnabled=true
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
+brokerClientAuthenticationParameters=tlsCertFile:/path/my-ca/admin.cert.pem,tlsKeyFile:/path/my-ca/admin.key-pk8.pem
+brokerClientTrustCertsFilePath=/path/my-ca/certs/ca.cert.pem
 ```
 
 ### ... on Proxies

site2/website/versioned_docs/version-2.2.1/security-tls-authentication.md

@@ -54,6 +54,15 @@ To configure brokers to authenticate clients, put the following in `broker.conf`
 # Configuration to enable authentication
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientTlsEnabled=true
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
+brokerClientAuthenticationParameters=tlsCertFile:/path/my-ca/admin.cert.pem,tlsKeyFile:/path/my-ca/admin.key-pk8.pem
+brokerClientTrustCertsFilePath=/path/my-ca/certs/ca.cert.pem
 ```
 
 ### ... on Proxies

site2/website/versioned_docs/version-2.2.1/security-token-admin.md

@@ -134,6 +134,15 @@ tokenSecretKey=file:///path/to/secret.key
 
 # If using public/private
 # tokenPublicKey=file:///path/to/public.key
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
+brokerClientAuthenticationParameters=token:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw
+# Or, alternatively, read token from file
+# brokerClientAuthenticationParameters=file:///path/to/admin-token.txt
 ```
 
 ### ... on Proxies

site2/website/versioned_docs/version-2.3.1/security-token-admin.md

@@ -135,6 +135,15 @@ tokenSecretKey=file:///path/to/secret.key
 
 # If using public/private
 # tokenPublicKey=file:///path/to/public.key
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
+brokerClientAuthenticationParameters=token:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw
+# Or, alternatively, read token from file
+# brokerClientAuthenticationParameters=file:///path/to/admin-token.txt
 ```
 
 ### ... on Proxies

site2/website/versioned_docs/version-2.4.0/security-tls-authentication.md

@@ -66,6 +66,15 @@ To configure brokers to authenticate clients, put the following in `broker.conf`
 # Configuration to enable authentication
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientTlsEnabled=true
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
+brokerClientAuthenticationParameters=tlsCertFile:/path/my-ca/admin.cert.pem,tlsKeyFile:/path/my-ca/admin.key-pk8.pem
+brokerClientTrustCertsFilePath=/path/my-ca/certs/ca.cert.pem
 ```
 
 ### ... on Proxies

site2/website/versioned_docs/version-2.4.0/security-token-admin.md

@@ -135,6 +135,15 @@ tokenSecretKey=file:///path/to/secret.key
 
 # If using public/private
 # tokenPublicKey=file:///path/to/public.key
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
+brokerClientAuthenticationParameters=token:eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0LXVzZXIifQ.9OHgE9ZUDeBTZs7nSMEFIuGNEX18FLR3qvy8mqxSxXw
+# Or, alternatively, read token from file
+# brokerClientAuthenticationParameters=file:///path/to/admin-token.txt
 ```
 
 ### ... on Proxies

site2/website/versioned_docs/version-2.4.1/security-athenz.md

@@ -57,6 +57,10 @@ athenzDomainNames=pulsar
 tlsEnabled=true
 tlsCertificateFilePath=/path/to/broker-cert.pem
 tlsKeyFilePath=/path/to/broker-key.pem
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationAthenz
+brokerClientAuthenticationParameters={"tenantDomain":"shopping","tenantService":"some_app","providerDomain":"pulsar","privateKey":"file:///path/to/private.pem","keyId":"v1"}
 ```
 
 > A full listing of parameters is available in the `conf/broker.conf` file, you can also find the default

site2/website/versioned_docs/version-2.4.1/security-tls-authentication.md

@@ -65,6 +65,15 @@ To configure brokers to authenticate clients, add the following parameters to `b
 # Configuration to enable authentication
 authenticationEnabled=true
 authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
+
+# operations and publish/consume from all topics
+superUserRoles=admin
+
+# Authentication settings of the broker itself. Used when the broker connects to other brokers, either in same or other clusters
+brokerClientTlsEnabled=true
+brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
+brokerClientAuthenticationParameters=tlsCertFile:/path/my-ca/admin.cert.pem,tlsKeyFile:/path/my-ca/admin.key-pk8.pem
+brokerClientTrustCertsFilePath=/path/my-ca/certs/ca.cert.pem
 ```
 
 ## Enable TLS authentication on proxies