pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard
verified publisher icon apache

[improve][fn] Support OAuth2 in Go instance

Open jiangpengcheng opened this issue 1 year ago • 5 comments

Fixes #22322

Main Issue: #xyz

PIP: #xyz

Motivation

The Go instance doesn't support OAuth2 authentication yet, it's better to support it

Modifications

Support the OAuth2 in Go instance

Verifying this change

  • [x] Make sure that the change passes the CI checks.

  • [x] This change is a trivial rework / code cleanup without any test coverage.

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • [ ] Dependencies (add or upgrade a dependency)
  • [ ] The public API
  • [ ] The schema
  • [ ] The default values of configurations
  • [ ] The threading model
  • [ ] The binary protocol
  • [ ] The REST endpoints
  • [ ] The admin CLI options
  • [ ] The metrics
  • [ ] Anything that affects deployment

Documentation

  • [ ] doc
  • [ ] doc-required
  • [x] doc-not-needed
  • [ ] doc-complete

Matching PR in forked repository

PR in forked repository: https://github.com/jiangpengcheng/pulsar/pull/30

jiangpengcheng avatar Mar 22 '24 03:03 jiangpengcheng

How do we test this?

lhotari avatar Mar 22 '24 09:03 lhotari

How do we test this?

Seems no, there are no OAuth2 tests for python and java instance too, and there is even no AuthenticationProviderOAuth2, so it's hard to setup a cluster with "OAuth2" provider for testing

jiangpengcheng avatar Mar 25 '24 00:03 jiangpengcheng

Hi, IMO

The pulsar-client-go testing should ensure the oauth2 is working or not. Pulsar-function should ensure we applied the correct configuration for it.

:)

So, would you mind adding the configuration applied testing?

mattisonchao avatar Apr 06 '24 09:04 mattisonchao

Hi, IMO

The pulsar-client-go testing should ensure the oauth2 is working or not. Pulsar-function should ensure we applied the correct configuration for it.

:)

So, would you mind adding the configuration applied testing?

An integration test would also be possible, but that does require effort and knowledge of how Pulsar system level integration tests are developed. Using WireMock for mocking the OAuth2 end points is one way to get it working without a full blown IDP like Keycloak.

lhotari avatar Apr 06 '24 09:04 lhotari

Hi, IMO

The pulsar-client-go testing should ensure the oauth2 is working or not. Pulsar-function should ensure we applied the correct configuration for it.

:)

So, would you mind adding the configuration applied testing?

Added tests for checking the arguments

jiangpengcheng avatar Apr 07 '24 02:04 jiangpengcheng