From 8869ffe8d9542e58c29160c7e625a775f65faf5e Mon Sep 17 00:00:00 2001 From: momo-jun Date: Thu, 4 Aug 2022 17:54:20 +0800 Subject: [PATCH] Merge 2.8.2-specific docs from #12175, #11988, #11828, and #11681 --- .../version-2.8.x/client-libraries-python.md | 27 +++++++++++++++++++ .../version-2.8.x/reference-cli-tools.md | 2 +- .../version-2.8.x/security-oauth2.md | 4 +-- .../version-2.8.x/security-tls-keystore.md | 22 ++++++++++++++- 4 files changed, 51 insertions(+), 4 deletions(-) diff --git a/site2/website/versioned_docs/version-2.8.x/client-libraries-python.md b/site2/website/versioned_docs/version-2.8.x/client-libraries-python.md index 7ebc6bec64e5d..2d156b7d77350 100644 --- a/site2/website/versioned_docs/version-2.8.x/client-libraries-python.md +++ b/site2/website/versioned_docs/version-2.8.x/client-libraries-python.md @@ -338,6 +338,33 @@ class Example(Record): ``` +##### Set namespace for Avro schema + +:::note + +This setting is only available in 2.8.2 and later versions. + +::: + +Set the namespace for Avro Record schema using the special field `_avro_namespace`. +```python +class NamespaceDemo(Record): + _avro_namespace = 'xxx.xxx.xxx' + x = String() + y = Integer() +``` + +The schema definition is like this. +``` +{ + 'name': 'NamespaceDemo', 'namespace': 'xxx.xxx.xxx', 'type': 'record', 'fields': [ + {'name': 'x', 'type': ['null', 'string']}, + {'name': 'y', 'type': ['null', 'int']} + ] +} +``` + + ## End-to-end encryption [End-to-end encryption](https://pulsar.apache.org/docs/en/next/cookbooks-encryption/#docsNav) allows applications to encrypt messages at producers and decrypt messages at consumers. diff --git a/site2/website/versioned_docs/version-2.8.x/reference-cli-tools.md b/site2/website/versioned_docs/version-2.8.x/reference-cli-tools.md index 0fd77b5891c4b..bdb8a41aedea8 100644 --- a/site2/website/versioned_docs/version-2.8.x/reference-cli-tools.md +++ b/site2/website/versioned_docs/version-2.8.x/reference-cli-tools.md @@ -568,7 +568,7 @@ Options |`--replicated`|Whether the subscription status should be replicated|false| |`-u`, `--service-url`|Pulsar service URL|| |`-i`, `--stats-interval-seconds`|Statistics interval seconds. If 0, statistics will be disabled|0| -|`-s`, `--subscriber-name`|Subscriber name prefix|sub| +|`-s`, `--subscriber-name`|Subscriber name prefix.
**Note:** This flag is deprecated in 2.8.2 and later versions. |sub| |`-ss`, `--subscriptions`|A list of subscriptions to consume on (e.g. sub1,sub2)|sub| |`-st`, `--subscription-type`|Subscriber type. Possible values are Exclusive, Shared, Failover, Key_Shared.|Exclusive| |`-sp`, `--subscription-position`|Subscriber position. Possible values are Latest, Earliest.|Latest| diff --git a/site2/website/versioned_docs/version-2.8.x/security-oauth2.md b/site2/website/versioned_docs/version-2.8.x/security-oauth2.md index 24b1530cc848a..46c87672dbbd0 100644 --- a/site2/website/versioned_docs/version-2.8.x/security-oauth2.md +++ b/site2/website/versioned_docs/version-2.8.x/security-oauth2.md @@ -32,7 +32,7 @@ The following table lists parameters supported for the `client credentials` auth | `type` | Oauth 2.0 authentication type. | `client_credentials` (default) | Optional | | `issuerUrl` | URL of the authentication provider which allows the Pulsar client to obtain an access token | `https://accounts.google.com` | Required | | `privateKey` | URL to a JSON credentials file | Support the following pattern formats:
  • `file:///path/to/file`
  • `file:/path/to/file`
  • `data:application/json;base64,`
    • | Required | -| `audience` | An OAuth 2.0 "resource server" identifier for the Pulsar cluster | `https://broker.example.com` | Required | +| `audience` | An OAuth 2.0 "resource server" identifier for the Pulsar cluster | `https://broker.example.com` | Optional | The credentials file contains service account credentials used with the client authentication type. The following shows an example of a credentials file `credentials_file.json`. @@ -71,7 +71,7 @@ In the above example, the mapping relationship is shown as below. - The `issuerUrl` parameter in this plugin is mapped to `--url https://dev-kt-aa9ne.us.auth0.com`. - The `privateKey` file parameter in this plugin should at least contains the `client_id` and `client_secret` fields. -- The `audience` parameter in this plugin is mapped to `"audience":"https://dev-kt-aa9ne.us.auth0.com/api/v2/"`. +- The `audience` parameter in this plugin is mapped to `"audience":"https://dev-kt-aa9ne.us.auth0.com/api/v2/"`. This field is optional and only used by some identity providers in 2.8.2 and later versions. ## Client Configuration diff --git a/site2/website/versioned_docs/version-2.8.x/security-tls-keystore.md b/site2/website/versioned_docs/version-2.8.x/security-tls-keystore.md index c4474c3c409cf..c324b12a07c5b 100644 --- a/site2/website/versioned_docs/version-2.8.x/security-tls-keystore.md +++ b/site2/website/versioned_docs/version-2.8.x/security-tls-keystore.md @@ -146,7 +146,27 @@ brokerClientTlsTrustStorePassword=clientpw ``` -NOTE: it is important to restrict access to the store files via filesystem permissions. +:::note + +It is important to restrict access to the store files via filesystem permissions. + +::: + +In 2.8.2 and later versions, if you have configured TLS on the broker, to disable non-TLS ports, you can set the values of the following configurations to empty. + +```conf +brokerServicePort= +webServicePort= +``` + +In this case, you need to set the following configurations. + +```conf +brokerClientTlsEnabled=true // Set this to true +brokerClientTlsEnabledWithKeyStore=true // Set this to true +brokerClientTlsTrustStore= // Set this to your desired value +brokerClientTlsTrustStorePassword= // Set this to your desired value +``` Optional settings that may worth consider: