[refactor][fn] Use AuthorizationServer more in Function Worker API #19975
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
michaeljmarshall
added
doc
michaeljmarshall
requested review from
codelipenghui,
eolivelli,
lhotari and
nicoloboschi
lhotari
requested changes
Apr 6, 2023
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authentication/Authentication.java
Show resolved
Hide resolved
lhotari
reviewed
Apr 6, 2023
...r-functions/worker/src/main/java/org/apache/pulsar/functions/worker/rest/api/WorkerImpl.java
Outdated
Show resolved
Hide resolved
lhotari
reviewed
Apr 6, 2023
...functions/worker/src/main/java/org/apache/pulsar/functions/worker/service/api/Component.java
Show resolved
Hide resolved
This reverts commit e6b451c.
Member
Author
|
@lhotari - thanks for your review. I've refactored things a bit more. Would you take another look? Thanks! |
1 task
michaeljmarshall
added a commit
that referenced
this pull request
Apr 8, 2023
…19975) The current function worker interfaces introduced by #8560 are hard to extend. It is better to pass an object that we can add fields to as needed. * Introduce a new `Authentication` class to wrap all of the relevant authentication "data". This class is somewhat unfortunate in that we already have many classes that hold authentication information. However, my goal with this class is to wrap all of the relevant auth info. This class is only currently used in the Function Worker API, but I plan to add it to the rest of the Admin HTTP endpoints. * Deprecate all of the methods that are no longer needed. Add a default implementation to call the new methods that supersede those methods. * Add `proxyRoles` setting to function worker. There are tests to cover the changes. This PR changes several interfaces in completely backwards compatible ways. It's possible we'll want to improve the abstraction for the `Authentication` class by making it an interface. - [x] `doc` This change has Javadoc updates to document the changes. PR in forked repository: michaeljmarshall#37 (cherry picked from commit 55acbe6)
michaeljmarshall
added a commit
to michaeljmarshall/pulsar
that referenced
this pull request
Apr 8, 2023
…pache#19975) The current function worker interfaces introduced by apache#8560 are hard to extend. It is better to pass an object that we can add fields to as needed. * Introduce a new `Authentication` class to wrap all of the relevant authentication "data". This class is somewhat unfortunate in that we already have many classes that hold authentication information. However, my goal with this class is to wrap all of the relevant auth info. This class is only currently used in the Function Worker API, but I plan to add it to the rest of the Admin HTTP endpoints. * Deprecate all of the methods that are no longer needed. Add a default implementation to call the new methods that supersede those methods. * Add `proxyRoles` setting to function worker. There are tests to cover the changes. This PR changes several interfaces in completely backwards compatible ways. It's possible we'll want to improve the abstraction for the `Authentication` class by making it an interface. - [x] `doc` This change has Javadoc updates to document the changes. PR in forked repository: #37 (cherry picked from commit 55acbe6) (cherry picked from commit 54c97ad)
michaeljmarshall
added a commit
to michaeljmarshall/pulsar
that referenced
this pull request
Apr 8, 2023
…pache#19975) The current function worker interfaces introduced by apache#8560 are hard to extend. It is better to pass an object that we can add fields to as needed. * Introduce a new `Authentication` class to wrap all of the relevant authentication "data". This class is somewhat unfortunate in that we already have many classes that hold authentication information. However, my goal with this class is to wrap all of the relevant auth info. This class is only currently used in the Function Worker API, but I plan to add it to the rest of the Admin HTTP endpoints. * Deprecate all of the methods that are no longer needed. Add a default implementation to call the new methods that supersede those methods. * Add `proxyRoles` setting to function worker. There are tests to cover the changes. This PR changes several interfaces in completely backwards compatible ways. It's possible we'll want to improve the abstraction for the `Authentication` class by making it an interface. - [x] `doc` This change has Javadoc updates to document the changes. PR in forked repository: #37 (cherry picked from commit 55acbe6) (cherry picked from commit 54c97ad) (cherry picked from commit cf40926)
michaeljmarshall
added
cherry-picked/branch-2.9
michaeljmarshall
added a commit
that referenced
this pull request
Apr 10, 2023
…0046) ### Motivation In #19975, we introduced a wrapper for all authentication parameters. This PR adds that wrapper to the Rest Producer. ### Modifications * Use `AuthenticationParameters` to simplify parameter management in Rest Producer. * Add method to the `AuthorizationService` that takes the `AuthenticationParameters`. * Update annotations on Rest Producer to indicate that a 401 is an expected response. ### Verifying this change This change is covered by the `TopicsAuthTest`. ### Documentation - [x] `doc-not-needed` This is an internal change that does not need to be documented. ### Matching PR in forked repository PR in forked repository: skipping PR since the relevant tests pass locally
michaeljmarshall
added a commit
that referenced
this pull request
Apr 10, 2023
…0046) In #19975, we introduced a wrapper for all authentication parameters. This PR adds that wrapper to the Rest Producer. * Use `AuthenticationParameters` to simplify parameter management in Rest Producer. * Add method to the `AuthorizationService` that takes the `AuthenticationParameters`. * Update annotations on Rest Producer to indicate that a 401 is an expected response. This change is covered by the `TopicsAuthTest`. - [x] `doc-not-needed` This is an internal change that does not need to be documented. PR in forked repository: skipping PR since the relevant tests pass locally (cherry picked from commit 7990948)
michaeljmarshall
added a commit
that referenced
this pull request
Apr 10, 2023
…0046) In #19975, we introduced a wrapper for all authentication parameters. This PR adds that wrapper to the Rest Producer. * Use `AuthenticationParameters` to simplify parameter management in Rest Producer. * Add method to the `AuthorizationService` that takes the `AuthenticationParameters`. * Update annotations on Rest Producer to indicate that a 401 is an expected response. This change is covered by the `TopicsAuthTest`. - [x] `doc-not-needed` This is an internal change that does not need to be documented. PR in forked repository: skipping PR since the relevant tests pass locally (cherry picked from commit 7990948) (cherry picked from commit 02b27e8)
michaeljmarshall
added a commit
that referenced
this pull request
Apr 10, 2023
…0046) In #19975, we introduced a wrapper for all authentication parameters. This PR adds that wrapper to the Rest Producer. * Use `AuthenticationParameters` to simplify parameter management in Rest Producer. * Add method to the `AuthorizationService` that takes the `AuthenticationParameters`. * Update annotations on Rest Producer to indicate that a 401 is an expected response. This change is covered by the `TopicsAuthTest`. - [x] `doc-not-needed` This is an internal change that does not need to be documented. PR in forked repository: skipping PR since the relevant tests pass locally (cherry picked from commit 7990948) (cherry picked from commit 02b27e8)
Demogorgon314
pushed a commit
to Demogorgon314/pulsar
that referenced
this pull request
Apr 11, 2023
…ache#20046) ### Motivation In apache#19975, we introduced a wrapper for all authentication parameters. This PR adds that wrapper to the Rest Producer. ### Modifications * Use `AuthenticationParameters` to simplify parameter management in Rest Producer. * Add method to the `AuthorizationService` that takes the `AuthenticationParameters`. * Update annotations on Rest Producer to indicate that a 401 is an expected response. ### Verifying this change This change is covered by the `TopicsAuthTest`. ### Documentation - [x] `doc-not-needed` This is an internal change that does not need to be documented. ### Matching PR in forked repository PR in forked repository: skipping PR since the relevant tests pass locally
michaeljmarshall
added a commit
to datastax/pulsar
that referenced
this pull request
Apr 11, 2023
…pache#19975) The current function worker interfaces introduced by apache#8560 are hard to extend. It is better to pass an object that we can add fields to as needed. * Introduce a new `Authentication` class to wrap all of the relevant authentication "data". This class is somewhat unfortunate in that we already have many classes that hold authentication information. However, my goal with this class is to wrap all of the relevant auth info. This class is only currently used in the Function Worker API, but I plan to add it to the rest of the Admin HTTP endpoints. * Deprecate all of the methods that are no longer needed. Add a default implementation to call the new methods that supersede those methods. * Add `proxyRoles` setting to function worker. There are tests to cover the changes. This PR changes several interfaces in completely backwards compatible ways. It's possible we'll want to improve the abstraction for the `Authentication` class by making it an interface. - [x] `doc` This change has Javadoc updates to document the changes. PR in forked repository: michaeljmarshall#37 (cherry picked from commit 55acbe6)
michaeljmarshall
added a commit
to datastax/pulsar
that referenced
this pull request
Apr 11, 2023
…ache#20046) In apache#19975, we introduced a wrapper for all authentication parameters. This PR adds that wrapper to the Rest Producer. * Use `AuthenticationParameters` to simplify parameter management in Rest Producer. * Add method to the `AuthorizationService` that takes the `AuthenticationParameters`. * Update annotations on Rest Producer to indicate that a 401 is an expected response. This change is covered by the `TopicsAuthTest`. - [x] `doc-not-needed` This is an internal change that does not need to be documented. PR in forked repository: skipping PR since the relevant tests pass locally (cherry picked from commit 7990948) (cherry picked from commit 02b27e8)
Contributor
|
@michaeljmarshall I noticed that this PR changed the interface of the functions worker's API, such changes should be avoided to cherry-pick into the historical branches. |
Contributor
|
This is not strictly a public API change, it is more like fixing a security issue. |
Contributor
|
@freeznet I have forward the email under the private mailing list to your apache email, so that you can get all the context about the changes. |
Member
Author
|
This actually made it into 2.10.4. |
Member
Author
|
As discussed on the mailing list https://lists.apache.org/thread/w4jzk27qhtosgsz7l9bmhf1t7o9mxjhp, there is no plan to release 2.9.6, so I am going to remove the release/2.9.6 label |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
The current function worker interfaces introduced by #8560 are hard to extend. It is better to pass an object that we can add fields to as needed.
Modifications
AuthenticationParametersclass to wrap all of the relevant authentication "data". This class is somewhat unfortunate in that we already have many classes that hold authentication information. However, my goal with this class is to wrap all of the relevant auth info. This class is only currently used in the Function Worker API, but I plan to add it to the rest of the Admin HTTP endpoints.proxyRolessetting to function worker.Verifying this change
There are tests to cover the changes.
Documentation
docThis change has Javadoc updates to document the changes.
Matching PR in forked repository
PR in forked repository: michaeljmarshall#37