From 318617529f35f2b587eb2078b226932bdb45fe30 Mon Sep 17 00:00:00 2001 From: Yuki Shiga Date: Sat, 25 Feb 2017 03:28:41 +0900 Subject: [PATCH] Add TLS authentication end to end tests (#224) * Make C++ tls auth api same as Java * Add tls auth test for Java client * Add tls auth test for C++ client --- .../AuthenticatedProducerConsumerTest.java | 156 +++++++++++ .../authentication/tls/broker-cert.pem | 72 +++++ .../authentication/tls/broker-key.pem | 28 ++ .../resources/authentication/tls/cacert.pem | 62 +++++ .../authentication/tls/client-cert.pem | 72 +++++ .../authentication/tls/client-key.pem | 28 ++ pulsar-client-cpp/lib/auth/AuthTls.cc | 26 +- pulsar-client-cpp/tests/AuthPluginTest.cc | 84 ++++++ pulsar-client-cpp/tests/authentication.conf | 262 ++++++++++++++++++ pulsar-client-cpp/tests/client.conf | 24 ++ pulsar-client-cpp/travis-build.sh | 17 +- 11 files changed, 812 insertions(+), 19 deletions(-) create mode 100644 pulsar-broker/src/test/java/com/yahoo/pulsar/client/api/AuthenticatedProducerConsumerTest.java create mode 100644 pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem create mode 100644 pulsar-broker/src/test/resources/authentication/tls/broker-key.pem create mode 100644 pulsar-broker/src/test/resources/authentication/tls/cacert.pem create mode 100644 pulsar-broker/src/test/resources/authentication/tls/client-cert.pem create mode 100644 pulsar-broker/src/test/resources/authentication/tls/client-key.pem create mode 100644 pulsar-client-cpp/tests/authentication.conf create mode 100644 pulsar-client-cpp/tests/client.conf diff --git a/pulsar-broker/src/test/java/com/yahoo/pulsar/client/api/AuthenticatedProducerConsumerTest.java b/pulsar-broker/src/test/java/com/yahoo/pulsar/client/api/AuthenticatedProducerConsumerTest.java new file mode 100644 index 00000000000..46518e98bc2 --- /dev/null +++ b/pulsar-broker/src/test/java/com/yahoo/pulsar/client/api/AuthenticatedProducerConsumerTest.java @@ -0,0 +1,156 @@ +/** + * Copyright 2016 Yahoo Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.yahoo.pulsar.client.api; + +import com.google.common.collect.Lists; +import com.google.common.collect.Sets; +import com.yahoo.pulsar.client.admin.PulsarAdmin; +import com.yahoo.pulsar.common.policies.data.ClusterData; +import com.yahoo.pulsar.common.policies.data.PropertyAdmin; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testng.Assert; +import org.testng.annotations.AfterMethod; +import org.testng.annotations.BeforeMethod; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Test; + +import java.net.URI; +import java.util.HashSet; +import java.util.Map; +import java.util.HashMap; +import java.util.Set; +import java.util.concurrent.*; + +import static org.mockito.Mockito.*; + +import com.yahoo.pulsar.broker.authentication.*; +import com.yahoo.pulsar.client.impl.auth.*; + +public class AuthenticatedProducerConsumerTest extends ProducerConsumerBase { + private static final Logger log = LoggerFactory.getLogger(AuthenticatedProducerConsumerTest.class); + + private final String TLS_TRUST_CERT_FILE_PATH = "./src/test/resources/authentication/tls/cacert.pem"; + private final String TLS_SERVER_CERT_FILE_PATH = "./src/test/resources/authentication/tls/broker-cert.pem"; + private final String TLS_SERVER_KEY_FILE_PATH = "./src/test/resources/authentication/tls/broker-key.pem"; + private final String TLS_CLIENT_CERT_FILE_PATH = "./src/test/resources/authentication/tls/client-cert.pem"; + private final String TLS_CLIENT_KEY_FILE_PATH = "./src/test/resources/authentication/tls/client-key.pem"; + + @BeforeMethod + @Override + protected void setup() throws Exception { + conf.setAuthenticationEnabled(true); + conf.setAuthorizationEnabled(true); + + conf.setTlsEnabled(true); + conf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); + conf.setTlsCertificateFilePath(TLS_SERVER_CERT_FILE_PATH); + conf.setTlsKeyFilePath(TLS_SERVER_KEY_FILE_PATH); + conf.setTlsAllowInsecureConnection(true); + + Set superUserRoles = new HashSet<>(); + superUserRoles.add("localhost"); + superUserRoles.add("superUser"); + conf.setSuperUserRoles(superUserRoles); + + conf.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); + conf.setBrokerClientAuthenticationParameters("tlsCertFile:" + TLS_CLIENT_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_SERVER_KEY_FILE_PATH); + + Set providers = new HashSet<>(); + providers.add(AuthenticationProviderTls.class.getName()); + conf.setAuthenticationProviders(providers); + + conf.setClusterName("use"); + + super.init(); + } + + protected final void internalSetup(Authentication auth) throws Exception { + com.yahoo.pulsar.client.api.ClientConfiguration clientConf = new com.yahoo.pulsar.client.api.ClientConfiguration(); + clientConf.setStatsInterval(0, TimeUnit.SECONDS); + clientConf.setTlsTrustCertsFilePath(TLS_TRUST_CERT_FILE_PATH); + clientConf.setTlsAllowInsecureConnection(true); + clientConf.setAuthentication(auth); + clientConf.setUseTls(true); + + admin = spy(new PulsarAdmin(brokerUrlTls, clientConf)); + String lookupUrl = new URI("pulsar+ssl://localhost:" + BROKER_PORT_TLS).toString(); + pulsarClient = PulsarClient.create(lookupUrl, clientConf); + } + + @AfterMethod + @Override + protected void cleanup() throws Exception { + super.internalCleanup(); + } + + @DataProvider(name = "batch") + public Object[][] codecProvider() { + return new Object[][] { { 0 }, { 1000 } }; + } + + @Test(dataProvider = "batch") + public void testTlsSyncProducerAndConsumer(int batchMessageDelayMs) throws Exception { + log.info("-- Starting {} test --", methodName); + + Map authParams = new HashMap<>(); + authParams.put("tlsCertFile", TLS_CLIENT_CERT_FILE_PATH); + authParams.put("tlsKeyFile", TLS_CLIENT_KEY_FILE_PATH); + Authentication authTls = new AuthenticationTls(); + authTls.configure(authParams); + internalSetup(authTls); + + admin.clusters().createCluster("use", new ClusterData(brokerUrl.toString(),brokerUrlTls.toString(),"pulsar://localhost:" + BROKER_PORT, "pulsar+ssl://localhost:" + BROKER_PORT_TLS)); + admin.properties().createProperty("my-property", + new PropertyAdmin(Lists.newArrayList("appid1", "appid2"), Sets.newHashSet("use"))); + admin.namespaces().createNamespace("my-property/use/my-ns"); + + ConsumerConfiguration conf = new ConsumerConfiguration(); + conf.setSubscriptionType(SubscriptionType.Exclusive); + Consumer consumer = pulsarClient.subscribe("persistent://my-property/use/my-ns/my-topic1", "my-subscriber-name", + conf); + + + ProducerConfiguration producerConf = new ProducerConfiguration(); + + if (batchMessageDelayMs != 0) { + producerConf.setBatchingEnabled(true); + producerConf.setBatchingMaxPublishDelay(batchMessageDelayMs, TimeUnit.MILLISECONDS); + producerConf.setBatchingMaxMessages(5); + } + + Producer producer = pulsarClient.createProducer("persistent://my-property/use/my-ns/my-topic1", producerConf); + for (int i = 0; i < 10; i++) { + String message = "my-message-" + i; + producer.send(message.getBytes()); + } + + Message msg = null; + Set messageSet = Sets.newHashSet(); + for (int i = 0; i < 10; i++) { + msg = consumer.receive(5, TimeUnit.SECONDS); + String receivedMessage = new String(msg.getData()); + log.debug("Received message: [{}]", receivedMessage); + String expectedMessage = "my-message-" + i; + testMessageOrderAndDuplicates(messageSet, receivedMessage, expectedMessage); + } + // Acknowledge the consumption of all messages at once + consumer.acknowledgeCumulative(msg); + consumer.close(); + log.info("-- Exiting {} test --", methodName); + } + +} diff --git a/pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem b/pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem new file mode 100644 index 00000000000..7ace4df43f5 --- /dev/null +++ b/pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:07:a3:fe:2a:7e:03:c9 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA + Validity + Not Before: Feb 16 23:18:35 2017 GMT + Not After : Feb 16 23:18:35 2018 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c5:aa:20:d8:d7:37:d7:e5:dd:c2:03:8d:75:fa: + 1e:53:7f:c5:3e:9f:12:4b:04:e3:56:97:00:2b:22: + cd:8d:5a:da:23:b4:ef:3a:c9:bf:a1:9c:ac:f4:ab: + ed:53:25:bc:1e:5b:54:ae:e8:f4:be:31:e2:94:64: + 61:7e:a1:16:56:26:2a:81:eb:47:b3:89:ea:c4:1d: + 20:46:68:75:55:68:c4:63:7d:e8:ee:4f:96:91:71: + 2f:9d:4c:39:05:2c:25:b3:b0:d7:ec:18:f6:c4:86: + a3:b0:41:ad:a4:cd:8c:b4:ca:1d:f1:46:e3:84:a5: + f8:09:15:8e:9b:ae:38:44:9d:92:a2:1a:74:6a:11: + e0:37:cb:fb:75:d8:90:6a:d0:c3:fc:e5:92:da:90: + 50:01:9f:ce:3b:d2:01:e4:8a:3f:e7:2c:53:51:8f: + e9:32:56:bb:7e:5e:4f:c6:9c:ac:05:9d:41:ac:88: + 61:98:df:12:fe:f2:5e:0f:32:5f:10:bc:da:5e:86: + 45:1b:11:60:fc:c9:5d:7b:e2:b3:11:27:03:7d:72: + b0:72:75:9e:23:15:f7:af:86:60:7b:dd:7e:3d:cc: + 72:55:02:74:9b:de:c5:87:9d:82:be:3f:3b:84:cd: + ba:78:15:c2:d1:d0:d3:a0:af:89:aa:c1:cc:4d:82: + f8:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 2A:C2:91:C5:B0:C5:49:15:BC:36:B8:7A:41:5E:67:18:DE:B2:A8:BC + X509v3 Authority Key Identifier: + keyid:DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66 + + Signature Algorithm: sha1WithRSAEncryption + 92:4d:7d:cd:d3:c5:4b:f2:72:22:6e:43:75:17:af:d0:b7:69: + a7:fd:73:38:f7:33:83:90:f6:a0:fb:89:4f:cd:86:31:60:8b: + 76:b7:7d:82:a7:4f:17:e6:89:f0:d8:73:43:e8:5d:9b:f2:10: + 78:1a:ff:f9:cf:4a:12:41:8a:6d:40:d8:6d:5d:b9:a3:f4:48: + ea:9d:ba:cb:a8:46:5a:0b:32:f7:e2:a1:ab:d7:ea:f7:6d:af: + d9:43:de:fd:5e:be:d7:49:f2:1c:f6:39:46:ae:fa:b1:bb:a6: + 98:32:60:9d:70:40:a7:8b:c8:9f:5d:f6:5c:b7:c4:ef:07:ca: + 61:31 +-----BEGIN CERTIFICATE----- +MIIDLDCCApWgAwIBAgIJALcHo/4qfgPJMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RDQTAeFw0xNzAyMTYyMzE4MzVa +Fw0xODAyMTYyMzE4MzVaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMT +CWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMWqINjX +N9fl3cIDjXX6HlN/xT6fEksE41aXACsizY1a2iO07zrJv6GcrPSr7VMlvB5bVK7o +9L4x4pRkYX6hFlYmKoHrR7OJ6sQdIEZodVVoxGN96O5PlpFxL51MOQUsJbOw1+wY +9sSGo7BBraTNjLTKHfFG44Sl+AkVjpuuOESdkqIadGoR4DfL+3XYkGrQw/zlktqQ +UAGfzjvSAeSKP+csU1GP6TJWu35eT8acrAWdQayIYZjfEv7yXg8yXxC82l6GRRsR +YPzJXXvisxEnA31ysHJ1niMV96+GYHvdfj3MclUCdJvexYedgr4/O4TNungVwtHQ +06CviarBzE2C+NMCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd +T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFCrCkcWwxUkV +vDa4ekFeZxjesqi8MB8GA1UdIwQYMBaAFNsi9u8GW4hfnzIVnqSGIcSFEsxmMA0G +CSqGSIb3DQEBBQUAA4GBAJJNfc3TxUvyciJuQ3UXr9C3aaf9czj3M4OQ9qD7iU/N +hjFgi3a3fYKnTxfmifDYc0PoXZvyEHga//nPShJBim1A2G1duaP0SOqdusuoRloL +MvfioavX6vdtr9lD3v1evtdJ8hz2OUau+rG7ppgyYJ1wQKeLyJ9d9ly3xO8HymEx +-----END CERTIFICATE----- diff --git a/pulsar-broker/src/test/resources/authentication/tls/broker-key.pem b/pulsar-broker/src/test/resources/authentication/tls/broker-key.pem new file mode 100644 index 00000000000..df8c62d6467 --- /dev/null +++ b/pulsar-broker/src/test/resources/authentication/tls/broker-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDFqiDY1zfX5d3C +A411+h5Tf8U+nxJLBONWlwArIs2NWtojtO86yb+hnKz0q+1TJbweW1Su6PS+MeKU +ZGF+oRZWJiqB60ezierEHSBGaHVVaMRjfejuT5aRcS+dTDkFLCWzsNfsGPbEhqOw +Qa2kzYy0yh3xRuOEpfgJFY6brjhEnZKiGnRqEeA3y/t12JBq0MP85ZLakFABn847 +0gHkij/nLFNRj+kyVrt+Xk/GnKwFnUGsiGGY3xL+8l4PMl8QvNpehkUbEWD8yV17 +4rMRJwN9crBydZ4jFfevhmB73X49zHJVAnSb3sWHnYK+PzuEzbp4FcLR0NOgr4mq +wcxNgvjTAgMBAAECggEAZbYMXugn4R10RdBEK2//yOGXYojCBf5G6RicSpYHBXS5 +iOQisbJ8vDF9wgzx+vYQ3eILKlHPFktfFxKsJFfJwZy0BNRHuff+6Nk/8Vrw/XkC +jVuNz4r+pGqEoMFHGgVEhTk7ck7KNAhAFINHUeU/QQw76hqbGne4sRv5nNxCMfOm +sew2XBR0CfYK2i7L+ylL45p7ZVxXWjEkKAF9g4bWsVBWLrRwcdyrwisrd3Fxfc2+ +C8Z8yvfftpAUSZ9b/+XpRWjrIJ8GpWRULUNf6Zq0UyEZWVS7CUeHVJJB8LtZFMvW +eYiaqX5RmSlE1sf0dM2/DTRBM2aThDlLJsBLCcs+kQKBgQD2rf+tHBPD86Z418VC +WRD4mDYzNH2ELR2Z0c+whA2RV+qKHJColeuv2AEYyp1JqPGL0NhXv0ZSD879+d3U +pkTDt8YHo3g6nY0/JYME+/U1WlHeUMcitFXm2FcgBh5eBAiMIKwmfsoVMtLluM1u +RmBJK5kg7xq9Ozx6xlvNc+b9+QKBgQDNIghMnM51jSqNX2HCZelPiu1PipCQEVN2 +dPk4OCbqB0Jlp6p42jPYQh1QeJ3KoETlQQjUQJMbsSB0Lf1EUPaQraw3xvilWQpi +RF7lkzZcStmcdzghtDDYL63TFc5a+SoLjuZ2LfTR6zxr58tuDxRMrc3wczw/mHbS +Ehgr6TzQKwKBgHozhF9rc1c1Upi2u1+8461jKiZ/sFZUSz+yMqMNJ/OCjAvTTs5V +Rqab6R8w8G5XJSHQWfxOIzXv4ujqaTw5CgOy/IU4NA1Fk31exeMoNjcyATCS77N/ +hraPIcoZfd2xPdK9NMr1MIMD5Hos7IfekUBuOrOX/7USrUldDolfC2VxAoGAQXLw +TvFg9iSaRQz/tfSqIhTjbpN5WF4O0Sa1NXjFAbpbNu/t9i04iXFexQQW5EWKddLw +LDiGNzmmbysVOazTXonq/sjfIHJuW7gQxxLXL086ay+mmypQw0lDHqxAcMo63gE0 +CtTS3f8+Afes8mqhQW3a3TMHMAtHLfNT/v6lxo0CgYA5sR43Z8RkYkGBiR+zoB8H +gnVDGh7Am0HCI9ZTuhPXYe3i8iLOQDTV3iw6ffA7FAvjLvjFK89gB6fc3pCCwT/Y +d45svjrPtJTzrH3DC4JT1EQWPhJEODYdVrH1gI+x2KNeFsZB7hF47rkNvTLozRlb +obk5poVuMFIKZFbIFNj7xQ== +-----END PRIVATE KEY----- diff --git a/pulsar-broker/src/test/resources/authentication/tls/cacert.pem b/pulsar-broker/src/test/resources/authentication/tls/cacert.pem new file mode 100644 index 00000000000..8ee17b65b92 --- /dev/null +++ b/pulsar-broker/src/test/resources/authentication/tls/cacert.pem @@ -0,0 +1,62 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:07:a3:fe:2a:7e:03:c6 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA + Validity + Not Before: Feb 16 22:52:50 2017 GMT + Not After : Feb 16 22:52:50 2020 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (1024 bit) + Modulus (1024 bit): + 00:b2:19:fa:5b:d4:d5:5f:ed:5c:64:2b:71:8d:93: + 5f:01:b3:19:d8:b7:a7:02:41:b5:20:ee:e5:6f:33: + 58:96:01:cd:22:e2:c8:b4:21:84:4a:a5:ae:24:55: + 7e:d9:00:a1:ff:fb:6d:77:15:d2:5e:f0:65:f4:3b: + bb:ca:e1:9f:3e:02:c7:c7:d8:92:73:ee:b7:3b:5d: + d9:a9:f6:ad:07:31:42:90:91:20:fd:32:91:73:a5: + a3:f1:93:a0:83:c7:87:84:d9:b3:d0:6a:55:a2:b5: + 22:97:e5:fc:b7:8d:74:42:ec:5b:82:cd:0d:fc:51: + 9f:b3:b2:db:cb:7f:9a:e8:21 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66 + X509v3 Authority Key Identifier: + keyid:DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66 + DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=testCA + serial:B7:07:A3:FE:2A:7E:03:C6 + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 5b:d3:fb:37:b7:c4:83:0b:9b:77:04:e4:42:fb:3d:7d:4b:a4: + 8c:f5:2d:ca:f4:81:36:f4:87:d8:0f:60:b0:bb:b6:be:cc:84: + fa:3e:70:c4:bd:fe:24:80:98:6a:84:c9:22:14:46:f7:ae:0f: + 82:0c:6b:ab:87:19:d3:be:0f:23:be:44:05:b5:88:28:b3:f4: + 5b:e4:37:1f:cb:6b:b9:42:25:cc:6b:7e:80:7e:af:6e:57:a4: + 25:bd:47:b9:cb:24:da:54:6a:aa:b8:e4:98:6e:2d:6b:35:a2: + 8f:93:26:d5:b3:c1:7e:aa:de:5e:52:68:5a:1e:c9:4a:f6:ce: + 02:9c +-----BEGIN CERTIFICATE----- +MIIC5DCCAk2gAwIBAgIJALcHo/4qfgPGMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RDQTAeFw0xNzAyMTYyMjUyNTBa +Fw0yMDAyMTYyMjUyNTBaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMT +BnRlc3RDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAshn6W9TVX+1cZCtx +jZNfAbMZ2LenAkG1IO7lbzNYlgHNIuLItCGESqWuJFV+2QCh//ttdxXSXvBl9Du7 +yuGfPgLHx9iSc+63O13ZqfatBzFCkJEg/TKRc6Wj8ZOgg8eHhNmz0GpVorUil+X8 +t410Quxbgs0N/FGfs7Lby3+a6CECAwEAAaOBuTCBtjAdBgNVHQ4EFgQU2yL27wZb +iF+fMhWepIYhxIUSzGYwgYYGA1UdIwR/MH2AFNsi9u8GW4hfnzIVnqSGIcSFEsxm +oVqkWDBWMQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UE +ChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQ8wDQYDVQQDEwZ0ZXN0Q0GCCQC3 +B6P+Kn4DxjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAFvT+ze3xIML +m3cE5EL7PX1LpIz1Lcr0gTb0h9gPYLC7tr7MhPo+cMS9/iSAmGqEySIURveuD4IM +a6uHGdO+DyO+RAW1iCiz9FvkNx/La7lCJcxrfoB+r25XpCW9R7nLJNpUaqq45Jhu +LWs1oo+TJtWzwX6q3l5SaFoeyUr2zgKc +-----END CERTIFICATE----- diff --git a/pulsar-broker/src/test/resources/authentication/tls/client-cert.pem b/pulsar-broker/src/test/resources/authentication/tls/client-cert.pem new file mode 100644 index 00000000000..250c1efaf0b --- /dev/null +++ b/pulsar-broker/src/test/resources/authentication/tls/client-cert.pem @@ -0,0 +1,72 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b7:07:a3:fe:2a:7e:03:c8 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=testCA + Validity + Not Before: Feb 16 23:00:44 2017 GMT + Not After : Feb 16 23:00:44 2018 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=superUser + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:e8:da:eb:a8:0b:e8:e8:20:ca:2a:ae:14:c2:07: + 87:ab:70:47:00:2c:9d:7b:f5:9f:ea:f6:68:cb:15: + 37:8c:1d:9d:2e:88:d7:c7:fa:b6:69:be:26:84:ec: + a4:96:dc:98:13:0b:7c:72:f3:4e:af:04:28:e7:da: + 1f:9d:88:e9:1b:a5:21:74:5b:6a:eb:ce:69:fa:3e: + 57:31:cb:06:4e:38:ab:f5:f5:cf:a9:f3:1f:15:7e: + 72:14:e0:62:ab:21:61:d4:78:19:82:3a:6b:2d:71: + bc:2c:5f:f5:60:5b:46:6b:77:9f:fe:31:64:a6:5a: + 94:4b:8d:a0:4c:18:3d:b1:d3:32:11:36:5f:2c:2c: + 6d:32:b8:03:7b:fb:4e:f4:e3:96:6a:40:6b:ca:70: + 0f:5f:0e:37:ca:6d:5c:02:fa:25:ff:96:75:0f:47: + d5:d1:53:43:3a:e7:90:a1:79:3c:e4:95:35:d1:fb: + 05:02:18:c6:f0:a7:63:78:9b:5c:62:46:0c:50:4c: + 02:f1:01:8d:15:49:7a:40:0d:84:bd:e0:84:0b:5e: + 36:2a:05:93:30:3d:6c:2a:bd:e5:9c:5d:0b:f2:93: + 88:4b:e9:db:92:0e:40:20:1d:ca:a3:74:4b:68:81: + 8f:25:f7:07:d4:21:f8:d8:b0:06:b8:2e:1e:4e:e6: + 7c:c9 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + BC:04:07:17:DE:EA:8E:22:D1:0C:B5:7F:51:83:8C:EE:9B:AD:FE:FC + X509v3 Authority Key Identifier: + keyid:DB:22:F6:EF:06:5B:88:5F:9F:32:15:9E:A4:86:21:C4:85:12:CC:66 + + Signature Algorithm: sha1WithRSAEncryption + 41:25:f8:28:74:4a:59:88:05:8d:27:7b:c0:eb:8e:4c:7b:91: + 10:2e:5e:e0:e7:90:aa:06:3b:c6:8b:23:c9:20:d5:58:ad:65: + 30:8b:c3:13:0f:15:86:84:a9:f8:85:45:50:57:fe:7e:79:16: + 59:31:df:01:f9:fd:78:3f:33:84:cd:f0:99:bd:f6:c6:19:4f: + b1:de:bd:6c:9d:9d:8a:98:5f:df:3b:cd:e7:2c:ff:37:e7:7b: + 9b:88:cb:ca:18:08:45:52:1c:ab:f4:3a:f7:13:5e:a2:44:29: + 7e:c2:f0:09:6d:fa:68:82:8b:ac:1c:24:99:66:43:fc:cf:07: + 24:f0 +-----BEGIN CERTIFICATE----- +MIIDLDCCApWgAwIBAgIJALcHo/4qfgPIMA0GCSqGSIb3DQEBBQUAMFYxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMTBnRlc3RDQTAeFw0xNzAyMTYyMzAwNDRa +Fw0xODAyMTYyMzAwNDRaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 +YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMT +CXN1cGVyVXNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOja66gL +6OggyiquFMIHh6twRwAsnXv1n+r2aMsVN4wdnS6I18f6tmm+JoTspJbcmBMLfHLz +Tq8EKOfaH52I6RulIXRbauvOafo+VzHLBk44q/X1z6nzHxV+chTgYqshYdR4GYI6 +ay1xvCxf9WBbRmt3n/4xZKZalEuNoEwYPbHTMhE2XywsbTK4A3v7TvTjlmpAa8pw +D18ON8ptXAL6Jf+WdQ9H1dFTQzrnkKF5POSVNdH7BQIYxvCnY3ibXGJGDFBMAvEB +jRVJekANhL3ghAteNioFkzA9bCq95ZxdC/KTiEvp25IOQCAdyqN0S2iBjyX3B9Qh ++NiwBrguHk7mfMkCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd +T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFLwEBxfe6o4i +0Qy1f1GDjO6brf78MB8GA1UdIwQYMBaAFNsi9u8GW4hfnzIVnqSGIcSFEsxmMA0G +CSqGSIb3DQEBBQUAA4GBAEEl+Ch0SlmIBY0ne8Drjkx7kRAuXuDnkKoGO8aLI8kg +1VitZTCLwxMPFYaEqfiFRVBX/n55Flkx3wH5/Xg/M4TN8Jm99sYZT7HevWydnYqY +X987zecs/zfne5uIy8oYCEVSHKv0OvcTXqJEKX7C8Alt+miCi6wcJJlmQ/zPByTw +-----END CERTIFICATE----- diff --git a/pulsar-broker/src/test/resources/authentication/tls/client-key.pem b/pulsar-broker/src/test/resources/authentication/tls/client-key.pem new file mode 100644 index 00000000000..4b06a5f1be2 --- /dev/null +++ b/pulsar-broker/src/test/resources/authentication/tls/client-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDo2uuoC+joIMoq +rhTCB4ercEcALJ179Z/q9mjLFTeMHZ0uiNfH+rZpviaE7KSW3JgTC3xy806vBCjn +2h+diOkbpSF0W2rrzmn6PlcxywZOOKv19c+p8x8VfnIU4GKrIWHUeBmCOmstcbws +X/VgW0Zrd5/+MWSmWpRLjaBMGD2x0zIRNl8sLG0yuAN7+07045ZqQGvKcA9fDjfK +bVwC+iX/lnUPR9XRU0M655CheTzklTXR+wUCGMbwp2N4m1xiRgxQTALxAY0VSXpA +DYS94IQLXjYqBZMwPWwqveWcXQvyk4hL6duSDkAgHcqjdEtogY8l9wfUIfjYsAa4 +Lh5O5nzJAgMBAAECggEAHTdywBgWdiG/HBHRmvLU7Abfcb8nV2lfUlzukySrXpJM +qY0T/gyQHL52GNGUaTVug106lTXAFqef9k9hDiQik4xpoS7jQIkatQJjcGT3+pKT +yP25u6o8qTa/W6031B8RJlaXZMatsfsGUE8N+7QYJt3QnlVWOqU83Cn+Be44t3n6 +FIDsNdNb2ML/h+4jNrKbNXRKOd4qiAUOzyZ1q1H74fGkHq1fEJQ9mXW75/T7xbWN +Yb2Cs4bWFeYnEJaNoeWsadGfpNzULOBI0PB55hX1m7KhbJqkCyZmcSlMG4JMnuHf +Q0zZyIjElRWpJRAle0jSQ4IpZBZYOlYsH+GHV9eH/QKBgQD33CqzUaIHlXYQknP8 +ZCwd0Gu4edumvY0WTzW/fq07LuX8T7fx5wF93xKhbECn0JghElQOyuLxJ1IDm2Oi +AckmBDRrd4eL4eaAVNIWwYQqSLilQMsdVZbvh4zkKBTBMpyLxgPOCLDwsA2lrAS6 +w8J9IRsBI9OpNcg3/IdhBdUZgwKBgQDwgJpz0tVPqY9Fqe+Uaj4u2Mu2lCfOpTDY +oCGzMBlDO5yzZDR2jKoOZ3b/SB8n4Dyed+VWQd80z2WYcHweXAbGPzPIdiF2q/KB +VkFpfDmd22uoCPM1snnbIycg32VFo3anrrWbzHfkwJgvV5gVCQt7m+5F0SiZpcHX +0mt07DRawwKBgFE9p/1Yr3w+4BD0f/HlP5SSIQy5XGad0KXUVrCqq8svRxDZbFhs +uE9yk5+3ZMXcmFCWuliS5anXkok+IH0UisLcM/ZZmmMeKzg7FRWCXnihl2wK/chi +qnNega6y+IKOvUMPJ2Yb8Ssi+YYpCO/ShGgRNtG71X+r8jFvo0wI5l1TAoGBANgu +4adHVxM6mVzHemHwdmDp44QE/RtVhejTWDeX/r1esmbWpgoCO0KjYmXqUIcpm5Pe +tjmpEJiJ7Qrv4cHweu5tFYEWHtJrkZsNC9NkJO5utADhuq0D92Ex4hQ8eu30F852 +zyxyyTrInIPBuyT9cmL0MWR0tIgYZXw42vrI7+69AoGABjHcheK5fTQBRsUWSkpD +YEz1AZoMyuib/zLqnZZjt7rasQY7/hYbFVN/Q/eTkJFV5ETLRr9mGms7FiWZry4y +XmPhku2Ed7jiTrzErNtU99tzrPcuJp7h1rLPbFdwqtsiEtOrBZ0n3QdbkNF8Y4TO +qaqdxv3/Gf9er+TxtYHJKz4= +-----END PRIVATE KEY----- diff --git a/pulsar-client-cpp/lib/auth/AuthTls.cc b/pulsar-client-cpp/lib/auth/AuthTls.cc index 55423875f9d..a1daabc20e1 100644 --- a/pulsar-client-cpp/lib/auth/AuthTls.cc +++ b/pulsar-client-cpp/lib/auth/AuthTls.cc @@ -18,47 +18,47 @@ namespace pulsar { AuthDataTls::AuthDataTls(ParamMap& params) { - tlsCertificates_ = params["tlsCertificates"]; - tlsPrivateKey_ = params["tlsPrivateKey"]; + tlsCertificates_ = params["tlsCertFile"]; + tlsPrivateKey_ = params["tlsKeyFile"]; } - + AuthDataTls::~AuthDataTls() { - + } - + bool AuthDataTls::hasDataForTls() { return true; } - + std::string AuthDataTls::getTlsCertificates() { return tlsCertificates_; } - + std::string AuthDataTls::getTlsPrivateKey() { return tlsPrivateKey_; } - + AuthTls::AuthTls(AuthenticationDataPtr& authDataTls) { authDataTls_ = authDataTls; } - + AuthTls::~AuthTls() { } - + AuthenticationPtr AuthTls::create(ParamMap& params) { AuthenticationDataPtr authDataTls = AuthenticationDataPtr(new AuthDataTls(params)); return AuthenticationPtr(new AuthTls(authDataTls)); } - + const std::string AuthTls::getAuthMethodName() const { return "tls"; } - + Result AuthTls::getAuthData(AuthenticationDataPtr& authDataContent) const { authDataContent = authDataTls_; return ResultOk; } - + extern "C" Authentication* create(ParamMap& params) { AuthenticationDataPtr authDataTls = AuthenticationDataPtr(new AuthDataTls(params)); return new AuthTls(authDataTls); diff --git a/pulsar-client-cpp/tests/AuthPluginTest.cc b/pulsar-client-cpp/tests/AuthPluginTest.cc index 2143bf0647a..598157b1eb7 100644 --- a/pulsar-client-cpp/tests/AuthPluginTest.cc +++ b/pulsar-client-cpp/tests/AuthPluginTest.cc @@ -16,6 +16,26 @@ #include "pulsar/Auth.h" #include +#include +#include +#include + +#include "lib/Future.h" +#include "lib/Utils.h" +DECLARE_LOG_OBJECT() + +using namespace pulsar; + +int globalTestTlsMessagesCounter = 0; +static std::string lookupUrlTls = "pulsar+ssl://localhost:9886"; + +static void sendCallBackTls(Result r, const Message& msg) { + ASSERT_EQ(r, ResultOk); + std::string prefix = "test-tls-message-"; + std::string messageContent = prefix + boost::lexical_cast(globalTestTlsMessagesCounter++); + ASSERT_EQ(messageContent, msg.getDataAsString()); + LOG_DEBUG("Received publish acknowledgement for " << msg.getDataAsString()); +} TEST(AuthPluginTest, testCreate) { pulsar::AuthenticationDataPtr data; @@ -29,6 +49,70 @@ TEST(AuthPluginTest, testCreate) { ASSERT_EQ(auth.use_count(), 1); } +TEST(AuthPluginTest, testTls) { + ClientConfiguration config = ClientConfiguration(); + config.setUseTls(true); + std::string certfile = "../../pulsar-broker/src/test/resources/authentication/tls/cacert.pem"; + std::string params = "tlsCertFile:../../pulsar-broker/src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:../../pulsar-broker/src/test/resources/authentication/tls/client-key.pem"; + config.setTlsTrustCertsFilePath(certfile); + config.setTlsAllowInsecureConnection(false); + AuthenticationPtr auth = pulsar::Auth::create("../lib/auth/libauthtls.so", params); + config.setAuthentication(auth); + Client client(lookupUrlTls,config); + + std::string topicName = "persistent://property/cluster/namespace/test-tls"; + std::string subName = "subscription-name"; + int numOfMessages = 10; + + Producer producer; + Promise producerPromise; + client.createProducerAsync(topicName, WaitForCallbackValue(producerPromise)); + Future producerFuture = producerPromise.getFuture(); + Result result = producerFuture.get(producer); + ASSERT_EQ(ResultOk, result); + + Consumer consumer; + Promise consumerPromise; + client.subscribeAsync(topicName, subName, WaitForCallbackValue(consumerPromise)); + Future consumerFuture = consumerPromise.getFuture(); + result = consumerFuture.get(consumer); + ASSERT_EQ(ResultOk, result); + + // handling dangling subscriptions + consumer.unsubscribe(); + client.subscribe(topicName, subName, consumer); + + std::string temp = producer.getTopic(); + ASSERT_EQ(temp, topicName); + temp = consumer.getTopic(); + ASSERT_EQ(temp, topicName); + ASSERT_EQ(consumer.getSubscriptionName(), subName); + + // Send Asynchronously + std::string prefix = "test-tls-message-"; + for (int i = 0; i(i); + Message msg = MessageBuilder().setContent(messageContent).setProperty("msgIndex", boost::lexical_cast(i)).build(); + producer.sendAsync(msg, &sendCallBackTls); + LOG_INFO("sending message " << messageContent); + } + + Message receivedMsg; + int i = 0; + while (consumer.receive(receivedMsg, 5000) == ResultOk) { + std::string expectedMessageContent = prefix + boost::lexical_cast(i); + LOG_INFO("Received Message with [ content - " << receivedMsg.getDataAsString() << "] [ messageID = " << receivedMsg.getMessageId() << "]"); + ASSERT_EQ(receivedMsg.getProperty("msgIndex"), boost::lexical_cast(i++)); + ASSERT_EQ(expectedMessageContent, receivedMsg.getDataAsString()); + ASSERT_EQ(ResultOk, consumer.acknowledge(receivedMsg)); + } + // Number of messages produced + ASSERT_EQ(globalTestTlsMessagesCounter, numOfMessages); + + // Number of messages consumed + ASSERT_EQ(i, numOfMessages); +} + TEST(AuthPluginTest, testDisable) { pulsar::AuthenticationDataPtr data; diff --git a/pulsar-client-cpp/tests/authentication.conf b/pulsar-client-cpp/tests/authentication.conf new file mode 100644 index 00000000000..2e8203f6026 --- /dev/null +++ b/pulsar-client-cpp/tests/authentication.conf @@ -0,0 +1,262 @@ +# +# Copyright 2016 Yahoo Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +### --- General broker settings --- ### + +# Zookeeper quorum connection string +zookeeperServers= + +# Global Zookeeper quorum connection string +globalZookeeperServers= + +brokerServicePort=9885 +brokerServicePortTls=9886 + +# Port to use to server HTTP request +webServicePort=9765 +webServicePortTls=9766 + +# Hostname or IP address the service binds on, default is 0.0.0.0. +bindAddress=0.0.0.0 + +# Hostname or IP address the service advertises to the outside world. If not set, the value of InetAddress.getLocalHost().getHostName() is used. +advertisedAddress=localhost + +# Name of the cluster to which this broker belongs to +clusterName=cluster + +# Zookeeper session timeout in milliseconds +zooKeeperSessionTimeoutMillis=30000 + +# Time to wait for broker graceful shutdown. After this time elapses, the process will be killed +brokerShutdownTimeoutMs=3000 + +# Enable backlog quota check. Enforces action on topic when the quota is reached +backlogQuotaCheckEnabled=true + +# How often to check for topics that have reached the quota +backlogQuotaCheckIntervalInSeconds=60 + +# Default per-topic backlog quota limit +backlogQuotaDefaultLimitGB=10 + +# Enable the deletion of inactive topics +brokerDeleteInactiveTopicsEnabled=true + +# How often to check for inactive topics +brokerDeleteInactiveTopicsFrequencySeconds=60 + +# How frequently to proactively check and purge expired messages +messageExpiryCheckIntervalInMinutes=5 + +# Enable check for minimum allowed client library version +clientLibraryVersionCheckEnabled=false + +# Allow client libraries with no version information +clientLibraryVersionCheckAllowUnversioned=true + +# Path for the file used to determine the rotation status for the broker when responding +# to service discovery health checks +statusFilePath=/usr/local/apache/htdocs + +# Max number of unacknowledged messages allowed to receive messages by a consumer on a shared subscription. Broker will stop sending +# messages to consumer once, this limit reaches until consumer starts acknowledging messages back +# Using a value of 0, is disabling unackeMessage limit check and consumer can receive messages without any restriction +maxUnackedMessagesPerConsumer=50000 + +### --- Authentication --- ### + +# Enable TLS +tlsEnabled=true +tlsCertificateFilePath=./pulsar-broker/src/test/resources/authentication/tls/broker-cert.pem +tlsKeyFilePath=./pulsar-broker/src/test/resources/authentication/tls/broker-key.pem +tlsTrustCertsFilePath=./pulsar-broker/src/test/resources/authentication/tls/cacert.pem +tlsAllowInsecureConnection=true + +# Enable authentication +authenticationEnabled=true + +# Autentication provider name list, which is comma separated list of class names +authenticationProviders=com.yahoo.pulsar.broker.authentication.AuthenticationProviderTls + +# Enforce authorization +authorizationEnabled=true + +# Role names that are treated as "super-user", meaning they will be able to do all admin +# operations and publish/consume from all topics +superUserRoles=localhost,superUser + +# Authentication settings of the broker itself. Used when the broker connects to other brokers, +# either in same or other clusters +brokerClientAuthenticationPlugin= +brokerClientAuthenticationParameters= + +### --- BookKeeper Client --- ### + +# Authentication plugin to use when connecting to bookies +bookkeeperClientAuthenticationPlugin= + +# BookKeeper auth plugin implementatation specifics parameters name and values +bookkeeperClientAuthenticationParametersName= +bookkeeperClientAuthenticationParameters= + +# Timeout for BK add / read operations +bookkeeperClientTimeoutInSeconds=30 + +# Speculative reads are initiated if a read request doesn't complete within a certain time +# Using a value of 0, is disabling the speculative reads +bookkeeperClientSpeculativeReadTimeoutInMillis=0 + +# Enable bookies health check. Bookies that have more than the configured number of failure within +# the interval will be quarantined for some time. During this period, new ledgers won't be created +# on these bookies +bookkeeperClientHealthCheckEnabled=true +bookkeeperClientHealthCheckIntervalSeconds=60 +bookkeeperClientHealthCheckErrorThresholdPerInterval=5 +bookkeeperClientHealthCheckQuarantineTimeInSeconds=1800 + +# Enable rack-aware bookie selection policy. BK will chose bookies from different racks when +# forming a new bookie ensemble +bookkeeperClientRackawarePolicyEnabled=true + +# Enable bookie isolation by specifying a list of bookie groups to choose from. Any bookie +# outside the specified groups will not be used by the broker +bookkeeperClientIsolationGroups= + +### --- Managed Ledger --- ### + +# Number of bookies to use when creating a ledger +managedLedgerDefaultEnsembleSize=1 + +# Number of copies to store for each message +managedLedgerDefaultWriteQuorum=1 + +# Number of guaranteed copies (acks to wait before write is complete) +managedLedgerDefaultAckQuorum=1 + +# Amount of memory to use for caching data payload in managed ledger. This memory +# is allocated from JVM direct memory and it's shared across all the topics +# running in the same broker +managedLedgerCacheSizeMB=1024 + +# Threshold to which bring down the cache level when eviction is triggered +managedLedgerCacheEvictionWatermark=0.9 + +# Rate limit the amount of writes generated by consumer acking the messages +managedLedgerDefaultMarkDeleteRateLimit=0.1 + +# Max number of entries to append to a ledger before triggering a rollover +# A ledger rollover is triggered on these conditions +# * Either the max rollover time has been reached +# * or max entries have been written to the ledged and at least min-time +# has passed +managedLedgerMaxEntriesPerLedger=50000 + +# Minimum time between ledger rollover for a topic +managedLedgerMinLedgerRolloverTimeMinutes=10 + +# Maximum time before forcing a ledger rollover for a topic +managedLedgerMaxLedgerRolloverTimeMinutes=240 + +# Max number of entries to append to a cursor ledger +managedLedgerCursorMaxEntriesPerLedger=50000 + +# Max time before triggering a rollover on a cursor ledger +managedLedgerCursorRolloverTimeInSeconds=14400 + + + +### --- Load balancer --- ### + +# Enable load balancer +loadBalancerEnabled=false + +# Strategy to assign a new bundle +loadBalancerPlacementStrategy=weightedRandomSelection + +# Percentage of change to trigger load report update +loadBalancerReportUpdateThresholdPercentage=10 + +# maximum interval to update load report +loadBalancerReportUpdateMaxIntervalMinutes=15 + +# Frequency of report to collect +loadBalancerHostUsageCheckIntervalMinutes=1 + +# Load shedding interval. Broker periodically checks whether some traffic should be offload from +# some over-loaded broker to other under-loaded brokers +loadBalancerSheddingIntervalMinutes=30 + +# Prevent the same topics to be shed and moved to other broker more that once within this timeframe +loadBalancerSheddingGracePeriodMinutes=30 + +# Usage threshold to determine a broker as under-loaded +loadBalancerBrokerUnderloadedThresholdPercentage=1 + +# Usage threshold to determine a broker as over-loaded +loadBalancerBrokerOverloadedThresholdPercentage=85 + +# Interval to update namespace bundle resource quotat +loadBalancerResourceQuotaUpdateIntervalMinutes=15 + +# Usage threshold to determine a broker is having just right level of load +loadBalancerBrokerComfortLoadLevelPercentage=65 + +# enable/disable namespace bundle auto split +loadBalancerAutoBundleSplitEnabled=false + +# interval to detect & split hot namespace bundle +loadBalancerNamespaceBundleSplitIntervalMinutes=15 + +# maximum topics in a bundle, otherwise bundle split will be triggered +loadBalancerNamespaceBundleMaxTopics=1000 + +# maximum sessions (producers + consumers) in a bundle, otherwise bundle split will be triggered +loadBalancerNamespaceBundleMaxSessions=1000 + +# maximum msgRate (in + out) in a bundle, otherwise bundle split will be triggered +loadBalancerNamespaceBundleMaxMsgRate=1000 + +# maximum bandwidth (in + out) in a bundle, otherwise bundle split will be triggered +loadBalancerNamespaceBundleMaxBandwidthMbytes=100 + +# maximum number of bundles in a namespace +loadBalancerNamespaceMaximumBundles=128 + +### --- Replication --- ### + +# Enable replication metrics +replicationMetricsEnabled=true + +# Max number of connections to open for each broker in a remote cluster +# More connections host-to-host lead to better throughput over high-latency +# links. +replicationConnectionsPerBroker=16 + +# Replicator producer queue size +replicationProducerQueueSize=1000 + +# Default message retention time +defaultRetentionTimeInMinutes=0 + +# Default retention size +defaultRetentionSizeInMB=0 + +# How often to check whether the connections are still alive +keepAliveIntervalSeconds=30 + +# How often broker checks for inactive topics to be deleted (topics with no subscriptions and no one connected) +brokerServicePurgeInactiveFrequencyInSeconds=60 diff --git a/pulsar-client-cpp/tests/client.conf b/pulsar-client-cpp/tests/client.conf new file mode 100644 index 00000000000..e7cf06b07d9 --- /dev/null +++ b/pulsar-client-cpp/tests/client.conf @@ -0,0 +1,24 @@ +# +# Copyright 2016 Yahoo Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Pulsar Client configuration +webServiceUrl=https://localhost:9766/ +brokerServiceUrl=pulsar+ssl://localhost:9886/ +useTls=true +tlsAllowInsecureConnection=true +tlsTrustCertsFilePath=./pulsar-broker/src/test/resources/authentication/tls/cacert.pem +authPlugin=com.yahoo.pulsar.client.impl.auth.AuthenticationTls +authParams=tlsCertFile:./pulsar-broker/src/test/resources/authentication/tls/client-cert.pem,tlsKeyFile:./pulsar-broker/src/test/resources/authentication/tls/client-key.pem diff --git a/pulsar-client-cpp/travis-build.sh b/pulsar-client-cpp/travis-build.sh index f760afbc807..88bc9c903c2 100755 --- a/pulsar-client-cpp/travis-build.sh +++ b/pulsar-client-cpp/travis-build.sh @@ -5,9 +5,9 @@ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -58,13 +58,18 @@ if [ "$3" = "all" -o "$3" = "dep" ]; then exec_cmd "pushd $1/ && wget https://github.com/google/protobuf/releases/download/v2.6.1/protobuf-2.6.1.tar.gz && popd"; exec_cmd "pushd /usr/src/gtest && cmake . && make && cp *.a /usr/lib && popd"; exec_cmd "pushd $1/ && tar xvfz $1/protobuf-2.6.1.tar.gz && pushd $1/protobuf-2.6.1 && ./configure && make && make install && popd && popd"; -fi +fi if [ "$3" = "all" -o "$3" = "compile" ]; then # Compile and run unit tests exec_cmd "pushd $2/pulsar-client-cpp && cmake . && make && popd"; PULSAR_STANDALONE_CONF=$2/pulsar-client-cpp/tests/standalone.conf $2/bin/pulsar standalone & - pid=$!; - exec_cmd "sleep 10 && pushd $2/pulsar-client-cpp/tests && ./main && popd"; + standalone_pid=$!; + PULSAR_STANDALONE_CONF=$2/pulsar-client-cpp/tests/authentication.conf $2/bin/pulsar standalone --zookeeper-port 2191 --bookkeeper-port 3191 --zookeeper-dir data2/standalone/zookeeper --bookkeeper-dir data2/standalone/zookeeper & + auth_pid=$!; + sleep 10 + PULSAR_CLIENT_CONF=$2/pulsar-client-cpp/tests/client.conf $2/bin/pulsar-admin clusters create --url http://localhost:9765/ --url-secure https://localhost:9766/ --broker-url pulsar://localhost:9885/ --broker-url-secure pulsar+ssl://localhost:9886/ cluster + exec_cmd "sleep 5 && pushd $2/pulsar-client-cpp/tests && ./main && popd"; exec_cmd "kill -SIGTERM $pid"; -fi + exec_cmd "kill -SIGTERM $auth_pid"; +fi -- GitLab