Skip to content

Commit

Permalink
[improve][admin-cli] Add TLS provider support (apache#16700)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nodece
nodece authored Jul 28, 2022
1 parent d8b00d9 commit de42e15
Show file tree
Hide file tree
Showing 7 changed files with 60 additions and 21 deletions.
5 changes: 5 additions & 0 deletions conf/client.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,3 +67,8 @@ tlsTrustStorePath=

# TLS TrustStore password
tlsTrustStorePassword=

# Set up TLS provider for web service
# When TLS authentication with CACert is used, the valid value is either OPENSSL or JDK.
# When TLS authentication with KeyStore is used, available options can be SunJSSE, Conscrypt and so on.
webserviceTlsProvider=
14 changes: 14 additions & 0 deletions pulsar-client-tools/src/main/java/org/apache/pulsar/admin/cli/PulsarAdminTool.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ public class PulsarAdminTool {
protected JCommander jcommander;
protected final PulsarAdminBuilder adminBuilder;
protected RootParams rootParams;
private final Properties properties;

@Getter
public static class RootParams {
Expand Down Expand Up @@ -79,6 +80,12 @@ public static class RootParams {
description = "Enable TLS common name verification")
Boolean tlsEnableHostnameVerification;

@Parameter(names = {"--tls-provider"}, description = "Set up TLS provider. "
+ "When TLS authentication with CACert is used, the valid value is either OPENSSL or JDK. "
+ "When TLS authentication with KeyStore is used, available options can be SunJSSE, Conscrypt "
+ "and so on.")
String tlsProvider;

@Parameter(names = { "-v", "--version" }, description = "Get version of pulsar admin client")
boolean version;

Expand All @@ -87,6 +94,7 @@ public static class RootParams {
}

public PulsarAdminTool(Properties properties) throws Exception {
this.properties = properties;
rootParams = new RootParams();
// fallback to previous-version serviceUrl property to maintain backward-compatibility
initRootParamsFromProperties(properties);
Expand Down Expand Up @@ -153,6 +161,12 @@ protected void setupCommands(Function<PulsarAdminBuilder, ? extends PulsarAdmin>
adminBuilder.serviceHttpUrl(rootParams.serviceUrl);
adminBuilder.authentication(rootParams.authPluginClassName, rootParams.authParams);
adminBuilder.requestTimeout(rootParams.requestTimeout, TimeUnit.SECONDS);
if (isBlank(rootParams.tlsProvider)) {
rootParams.tlsProvider = properties.getProperty("webserviceTlsProvider");
}
if (isNotBlank(rootParams.tlsProvider)) {
adminBuilder.sslProvider(rootParams.tlsProvider);
}
Supplier<PulsarAdmin> admin = new PulsarAdminSupplier(adminBuilder, adminFactory);
for (Map.Entry<String, Class<?>> c : commandMap.entrySet()) {
addCommand(c, admin);
Expand Down
42 changes: 37 additions & 5 deletions pulsar-client-tools/src/test/java/org/apache/pulsar/admin/cli/TestRunMain.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,11 @@
*/
package org.apache.pulsar.admin.cli;

import org.testng.annotations.Test;

import static org.testng.Assert.assertEquals;
import java.nio.file.Files;
import java.nio.file.Path;

import static org.testng.Assert.assertEquals;
import java.util.Properties;
import org.testng.annotations.Test;

public class TestRunMain {

Expand All @@ -40,7 +39,40 @@ public void runMainDummyConfigFile() throws Exception {
PulsarAdminTool.resetLastExitCode();
PulsarAdminTool.setAllowSystemExit(false);
Path dummyEmptyFile = Files.createTempFile("test", ".conf");
PulsarAdminTool.main(new String[] {dummyEmptyFile.toAbsolutePath().toString()});
PulsarAdminTool.main(new String[]{dummyEmptyFile.toAbsolutePath().toString()});
assertEquals(PulsarAdminTool.getLastExitCode(), 1);
}

@Test
public void testRunWithTlsProviderFlag() throws Exception {
var pulsarAdminTool = new PulsarAdminTool(new Properties());
pulsarAdminTool.run(new String[]{
"--admin-url", "https://localhost:8081",
"--tls-provider", "JDK",
"tenants"});
assertEquals(pulsarAdminTool.rootParams.tlsProvider, "JDK");
}

@Test
public void testRunWithTlsProviderConfigFile() throws Exception {
Properties properties = new Properties();
properties.setProperty("webserviceTlsProvider", "JDK");
var pulsarAdminTool = new PulsarAdminTool(properties);
pulsarAdminTool.run(new String[]{
"--admin-url", "https://localhost:8081",
"tenants"});
assertEquals(pulsarAdminTool.rootParams.tlsProvider, "JDK");
}

@Test
public void testRunWithTlsProviderFlagWithConfigFile() throws Exception {
Properties properties = new Properties();
properties.setProperty("webserviceTlsProvider", "JDK");
var pulsarAdminTool = new PulsarAdminTool(properties);
pulsarAdminTool.run(new String[]{
"--admin-url", "https://localhost:8081",
"--tls-provider", "OPENSSL",
"tenants"});
assertEquals(pulsarAdminTool.rootParams.tlsProvider, "OPENSSL");
}
}
6 changes: 1 addition & 5 deletions site2/docs/reference-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -443,11 +443,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |





| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |

## Log4j

Expand Down
6 changes: 1 addition & 5 deletions site2/website/versioned_docs/version-2.10.1/reference-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -428,11 +428,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |





| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |

## Log4j

Expand Down
2 changes: 1 addition & 1 deletion site2/website/versioned_docs/version-2.8.3/reference-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -376,7 +376,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |

| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |

## Service discovery

Expand Down
6 changes: 1 addition & 5 deletions site2/website/versioned_docs/version-2.9.3/reference-configuration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,11 +377,7 @@ You can use the [`pulsar-client`](reference-cli-tools.md#pulsar-client) CLI tool
| tlsTrustStoreType | TLS TrustStore type configuration. <li>JKS </li><li>PKCS12 </li>|JKS|
| tlsTrustStore | TLS TrustStore path. | |
| tlsTrustStorePassword | TLS TrustStore password. | |





| webserviceTlsProvider | The TLS provider for the web service. <br />When TLS authentication with CACert is used, the valid value is either `OPENSSL` or `JDK`.<br />When TLS authentication with KeyStore is used, available options can be `SunJSSE`, `Conscrypt` and so on. | N/A |

## Log4j

Expand Down

0 comments on commit de42e15

Please sign in to comment.