pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard
verified publisher icon apache

[improve][misc] PIP-351: Add options to Pulsar-Test client to support KeyStore based TLS

Open shasank112001 opened this issue 1 year ago • 2 comments

Fixes #22678

Main Issue: #22678

PIP: #22694

Motivation

If you want to create a TestClient which uses AuthenticationKeyStoreTls as its authPlugin, Pulsar Test Admin/Client utilized in Pulsar-perf is unable to setup a vaild SSL context due to the requirement of the property "useKeyStoreTls" to be "true" for using keystores properly. Moreover, utilizing the property "useKeyStoreTls" requires the use of trust-stores and not trust certificates, therefore requiring additional trustStoreType, trustStorePath and trustStorePass as parameters to be available, to utilize PulsarPerf.

Modifications

The following changes have been made:

  1. New properties for useKeyStoreTls, trustStore options and keystore options have been added in PerformanceBaseArguments.java
  2. An if check has been added in PerfClientUtils.java, to switch between trustCertsFilePath and keyStore related properties based on useKeyStoreTls.

Verifying this change

  • [ ] Make sure that the change passes the CI checks.

This change added tests and can be verified as follows:

(example:)

  • Added test cases to check parameterException when useKeyStoreTls is true but no trustStore Path is provided.
  • Added test cases to verify that arguments are correctly mapped to PulsarAdminBuilder and PulsarClientBuilder

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

  • [ ] Dependencies (add or upgrade a dependency)
  • [ ] The public API
  • [ ] The schema
  • [ ] The default values of configurations
  • [ ] The threading model
  • [ ] The binary protocol
  • [ ] The REST endpoints
  • [ ] The admin CLI options
  • [ ] The metrics
  • [ ] Anything that affects deployment

Documentation

  • [ ] doc
  • [x] doc-required
  • [ ] doc-not-needed
  • [ ] doc-complete

Matching PR in forked repository

PR in forked repository: PR

shasank112001 avatar May 10 '24 11:05 shasank112001

PIP has been accepted and merged. https://lists.apache.org/thread/61l7bdhkjy0vy61934shmh2cphb6pp06

Good work @shasank112001

lhotari avatar Jun 10 '24 11:06 lhotari

Hey @lhotari @nodece. I see the PIP related to this was already added to version 4.0.0 but the code was not? Can you explain what happened here?

shasank112001 avatar Jan 28 '25 19:01 shasank112001