Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pulsar PubSub: allow TLS configuration for hostname and insecure connections #3270

Open
wants to merge 34 commits into
base: main
Choose a base branch
from
Open

Pulsar PubSub: allow TLS configuration for hostname and insecure connections #3270

wants to merge 34 commits into from
+354 −57

Conversation

toneill818
Copy link

@toneill818 toneill818 commented Dec 14, 2023
edited

Description

When connecting to pulsar with TLS enabled set the prefix to be pulsar+ssl:// if a prefix was not set when defining the host. Allow setting the TLSAllowInsecureConnection and TLSValidateHostname options when connecting to pulsar. They default to the pulsar client's default.

Issue reference

Please reference the issue this PR will close: #1860
Please reference the issue this PR will close: #3269

Checklist

Please make sure you've completed the relevant tasks for this PR, out of the following list:

@toneill-newinnov
feat: allow tls configuration for hostname and insecure connections
0f4fa30 
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@toneill818 toneill818 requested review from a team as code owners December 14, 2023 16:31
This was referenced Dec 14, 2023
Closed
Open
berndverst
berndverst requested changes Dec 18, 2023
View reviewed changes
Copy link
Member

@berndverst berndverst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution.

This PR needs an integration test (certification test) at:
https://github.com/dapr/components-contrib/tree/main/tests/certification/pubsub/pulsar

You can take a look at some other certification tests that specifically test the TLS modes for other components. The hardest part will be creating a docker compose file / setup which spins up Pulsar with the TLS configuration that you need to test. Then you need a Dapr component configuration which actually sets the appropriate new TLS settings. For the actual operations you can just reuse the code that exists in the basic test today.

Note that the existing test run should not be updated to use TLS, this needs to be a separate test run.

@toneill-newinnov
test: add pulsar SSL/TLS tests
79e084b 
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@toneill818
Copy link
Author

@berndverst Integration tests have been added for pulsar

@yaron2
Copy link
Member

yaron2 commented Jan 5, 2024

@toneill818 the Pulsar certification test is failing - see the build check

@ItalyPaleAle ItalyPaleAle changed the title feat: allow tls configuration for hostname and insecure connections Pulsar PubSub: allow TLS configuration for hostname and insecure connections Jan 11, 2024
@yaron2
Copy link
Member

yaron2 commented Jan 17, 2024
edited

@toneill818 the pulsar certification test is still failing

@toneill818
Copy link
Author

@yaron2 I'll keep looking into this. It isn't timing out while I run the tests locally.

ItalyPaleAle
ItalyPaleAle reviewed Jan 17, 2024
View reviewed changes
Copy link
Contributor

@ItalyPaleAle ItalyPaleAle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normally, test failures in cert tests like these, which happen only on the CI, are due to a race condition somewhere in the code.

I am not sure where specifically. My advice would be to try running one of the tests at a time, multiple times, and see if you can at least identify where this is happening :(

Thanks for looking into this!

pubsub/pulsar/pulsar.go Outdated Show resolved Hide resolved
pubsub/pulsar/pulsar.go Outdated Show resolved Hide resolved
toneill-newinnov and others added 9 commits January 22, 2024 14:01
@toneill-newinnov
test: remove unsed file and use same image as other tests
745c2ed 
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@toneill-newinnov
fix: PR changes requests and renamed volumes in new compose file
22879b8 
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@passuied @ItalyPaleAle @toneill-newinnov
Avro Schema registry kafka pubsub implementation (dapr#3292)
58087d9 
Signed-off-by: Patrick Assuied <patrick.assuied@elationhealth.com>
Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@eunicecompra @ItalyPaleAle
@berndverst @famarting @yaron2 @toneill-newinnov
Kafka: Support for AWS IAM role auth (dapr#3310)
de8bcc8 
Signed-off-by: Eunice Compra <eunicecompra@gmail.com>
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
Signed-off-by: Fabian Martinez <46371672+famarting@users.noreply.github.com>
Signed-off-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
Co-authored-by: Eunice Compra <eunice.compra@gmail.com>
Co-authored-by: Alessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
Co-authored-by: Bernd Verst <github@bernd.dev>
Co-authored-by: Fabian Martinez <46371672+famarting@users.noreply.github.com>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@passuied @toneill-newinnov
left uppercase in metadata (dapr#3312)
9595b20 
Signed-off-by: Patrick Assuied <patrick.assuied@elationhealth.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@eunicecompra @toneill-newinnov
Kafka: Removed the AWS creds check from kafka metadata (dapr#3313)
bcfb5b4 
Signed-off-by: Eunice Compra <eunicecompra@gmail.com>
Co-authored-by: Eunice Compra <eunice.compra@gmail.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@pravinpushkar @toneill-newinnov
azappconfig SDk upgrade (dapr#3283)
9987605 
Signed-off-by: Pravin Pushkar <ppushkar@microsoft.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@RyanLettieri @toneill-newinnov
Adding deleteWithPrefix for in-memory statestore (dapr#3314)
5f1ec2f 
Signed-off-by: Ryan Lettieri <ryanLettieri@microsoft.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@ItalyPaleAle @toneill-newinnov
Add ExecuteInTransaction method for db.SQL (dapr#3309)
0d2c0a5 
Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
yaron2 and others added 4 commits January 22, 2024 11:16
@yaron2
Merge branch 'main' into feature/expand-pulsar-tls-configuration
4d04b3e
@toneill-newinnov
ci: set port 8080 for pulsar api to match call in tests
34c51d3 
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@toneill-newinnov
Merge branch 'feature/expand-pulsar-tls-configuration' of github.com:…
ad480c3 
…toneill818/components-contrib into feature/expand-pulsar-tls-configuration
@toneill-newinnov
ci: fix eof error on http request to create multipartitioned topic
22b05ba 
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@github-actions GitHub Actions
Copy link

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions bot added the stale label Feb 24, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 2, 2024

This pull request has been automatically closed because it has not had activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions bot closed this Mar 2, 2024
@yaron2 yaron2 reopened this Mar 2, 2024
@github-actions github-actions bot removed the stale label Mar 2, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 1, 2024

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions bot added stale and removed stale labels Apr 1, 2024
@toneill818 toneill818 requested a review from berndverst May 1, 2024 17:26
@yaron2
Copy link
Member

yaron2 commented May 15, 2024

@toneill818 v the certification tests are all failing, please take a look

@toneill818 toneill818 force-pushed the feature/expand-pulsar-tls-configuration branch from a08257a to bb5df50 Compare May 16, 2024 17:57
@toneill-newinnov
revert: Revert go mod changes
5da4586 
Signed-off-by: Thomas O'Neill <toneill818@gmail.com>
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@toneill-newinnov
add newline
9ebd09f 
Signed-off-by: Thomas O'Neill <toneill@new-innov.com>
@toneill818 toneill818 force-pushed the feature/expand-pulsar-tls-configuration branch from 9928378 to 9ebd09f Compare May 16, 2024 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ItalyPaleAle ItalyPaleAle Awaiting requested review from ItalyPaleAle

@berndverst berndverst Awaiting requested review from berndverst

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pulsar Add More TLS Connection Options [pubsub][pulsar]Support pulsar+ssl:// URL format