From 5a56563dec0154e238a961ff0d872e306b13b491 Mon Sep 17 00:00:00 2001 From: Yuri Mizushima Date: Fri, 7 Feb 2025 19:01:17 +0900 Subject: [PATCH] feat: support ztsProxyUrl in pulsar-client-auth-athenz --- pom.xml | 2 +- .../impl/auth/AuthenticationAthenz.java | 8 ++- .../impl/auth/AuthenticationAthenzTest.java | 57 +++++++++++++++++++ 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 047e014838f78..f391e6e21f7c1 100644 --- a/pom.xml +++ b/pom.xml @@ -151,7 +151,7 @@ flexible messaging model and an intuitive client API. 9.4.56.v20240826 2.5.2 2.42 - 1.10.50 + 1.10.62 0.16.0 4.5.10 7.9.2 diff --git a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java index 84d81c5d94301..33f3ffb2ad500 100644 --- a/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java +++ b/pulsar-client-auth-athenz/src/main/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenz.java @@ -63,6 +63,7 @@ public class AuthenticationAthenz implements Authentication, EncodedAuthenticati private transient KeyRefresher keyRefresher = null; private transient ZTSClient ztsClient = null; private String ztsUrl = null; + private String ztsProxyUrl = null; private String tenantDomain; private String tenantService; private String providerDomain; @@ -193,6 +194,9 @@ private void setAuthParams(Map authParams) { if (isNotBlank(authParams.get("ztsUrl"))) { this.ztsUrl = authParams.get("ztsUrl"); } + if (isNotBlank(authParams.get("ztsProxyUrl"))) { + this.ztsProxyUrl = authParams.get("ztsProxyUrl"); + } } @Override @@ -219,11 +223,11 @@ private ZTSClient getZtsClient() throws InterruptedException, IOException, KeyRe } final SSLContext sslContext = Utils.buildSSLContext(keyRefresher.getKeyManagerProxy(), keyRefresher.getTrustManagerProxy()); - ztsClient = new ZTSClient(ztsUrl, sslContext); + ztsClient = new ZTSClient(ztsUrl, ztsProxyUrl, sslContext); } else { ServiceIdentityProvider siaProvider = new SimpleServiceIdentityProvider(tenantDomain, tenantService, privateKey, keyId); - ztsClient = new ZTSClient(ztsUrl, tenantDomain, tenantService, siaProvider); + ztsClient = new ZTSClient(ztsUrl, ztsProxyUrl, tenantDomain, tenantService, siaProvider); } ztsClient.setPrefetchAutoEnable(this.autoPrefetchEnabled); } diff --git a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java index b4b92eddd57f6..28261e2c977e0 100644 --- a/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java +++ b/pulsar-client-auth-athenz/src/test/java/org/apache/pulsar/client/impl/auth/AuthenticationAthenzTest.java @@ -18,10 +18,18 @@ */ package org.apache.pulsar.client.impl.auth; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyBoolean; +import static org.mockito.ArgumentMatchers.anyInt; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; +import static org.testng.Assert.assertNull; import static org.testng.Assert.assertTrue; import static org.testng.Assert.fail; +import org.mockito.MockedConstruction; +import org.mockito.Mockito; import org.testng.annotations.Test; import org.apache.pulsar.common.util.ObjectMapperFactory; import static org.apache.pulsar.common.util.Codec.encode; @@ -287,4 +295,53 @@ public void testRoleHeaderSetting() throws Exception { assertEquals(auth2.getAuthData().getHttpHeaders().iterator().next().getKey(), "Test-Role-Header"); auth2.close(); } + + @Test + public void testZtsProxyUrlSetting() throws Exception { + final String ztsProxyUrl = "https://example.com:4443/"; + final String paramsStr = new String(Files.readAllBytes(Paths.get("./src/test/resources/authParams.json"))); + final ObjectMapper jsonMapper = ObjectMapperFactory.create(); + final Map authParamsMap = jsonMapper.readValue(paramsStr, new TypeReference>() { }); + + try (MockedConstruction mockedZTSClient = Mockito.mockConstruction(ZTSClient.class, (mock, context) -> { + final String actualZtsProxyUrl = (String) context.arguments().get(1); + assertNull(actualZtsProxyUrl); + + when(mock.getRoleToken(any(), any(), anyInt(), anyInt(), anyBoolean())).thenReturn(mock(RoleToken.class)); + })) { + authParamsMap.remove("ztsProxyUrl"); + final AuthenticationAthenz auth1 = new AuthenticationAthenz(); + auth1.configure(jsonMapper.writeValueAsString(authParamsMap)); + auth1.getAuthData(); + + assertEquals(mockedZTSClient.constructed().size(), 1); + + auth1.close(); + + authParamsMap.put("ztsProxyUrl", ""); + final AuthenticationAthenz auth2 = new AuthenticationAthenz(); + auth2.configure(jsonMapper.writeValueAsString(authParamsMap)); + auth2.getAuthData(); + + assertEquals(mockedZTSClient.constructed().size(), 2); + + auth2.close(); + } + + try (MockedConstruction mockedZTSClient = Mockito.mockConstruction(ZTSClient.class, (mock, context) -> { + final String actualZtsProxyUrl = (String) context.arguments().get(1); + assertEquals(actualZtsProxyUrl, ztsProxyUrl); + + when(mock.getRoleToken(any(), any(), anyInt(), anyInt(), anyBoolean())).thenReturn(mock(RoleToken.class)); + })) { + authParamsMap.put("ztsProxyUrl", ztsProxyUrl); + final AuthenticationAthenz auth3 = new AuthenticationAthenz(); + auth3.configure(jsonMapper.writeValueAsString(authParamsMap)); + auth3.getAuthData(); + + assertEquals(mockedZTSClient.constructed().size(), 1); + + auth3.close(); + } + } }