Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add parameters for KeyStore TLS in Pulsar test client #22678

Open
2 tasks done
shasank112001 opened this issue May 8, 2024 · 0 comments · May be fixed by #22692
Open
2 tasks done

Add parameters for KeyStore TLS in Pulsar test client #22678

shasank112001 opened this issue May 8, 2024 · 0 comments · May be fixed by #22692
Labels
type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages

Comments

@shasank112001
Copy link
Contributor

Search before asking

  • I searched in the issues and found nothing similar.

Motivation

If you want to create a TestClient which uses AuthenticationKeyStoreTls as its authPlugin, Pulsar Test Admin/Client utilized in Pulsar-perf is unable to setup a vaild SSL context due to the requirement of the property "useKeyStoreTls" to be "true" for using keystores properly.
Moreover, utilizing the property "useKeyStoreTls" requires the use of trust-store and not trust certificates, therefore requiring additional trustStoreType, trustStorePath and trustStorePass as parameters to be available, to utilize PulsarPerf.

The main reason to require this change is the following code in AsyncHttpConnector

if (conf.isUseKeyStoreTls()) {
                    KeyStoreParams params = authData.hasDataForTls() ? authData.getTlsKeyStoreParams() :
                            new KeyStoreParams(conf.getTlsKeyStoreType(), conf.getTlsKeyStorePath(),
                                    conf.getTlsKeyStorePassword());

                    final SSLContext sslCtx = KeyStoreSSLContext.createClientSslContext(
                            conf.getSslProvider(),
                            params.getKeyStoreType(),
                            params.getKeyStorePath(),
                            params.getKeyStorePassword(),
                            conf.isTlsAllowInsecureConnection(),
                            conf.getTlsTrustStoreType(),
                            conf.getTlsTrustStorePath(),
                            conf.getTlsTrustStorePassword(),
                            conf.getTlsCiphers(),
                            conf.getTlsProtocols());

                    JsseSslEngineFactory sslEngineFactory = new JsseSslEngineFactory(sslCtx);
                    confBuilder.setSslEngineFactory(sslEngineFactory);
                }

I understand that users can just use AuthenticationTls instead of AuthenticationKeyStoreTls for Performance testing as it will work with the mTLS authentication scheme, but my motivation to provide these arguments is to allow for custom authentication/authorization providers that utilize keystores and want to perform performance testing using Pulsar Perf.

Solution

Create new Arguments for the following properties, in PerformanceBaseArguments.java :

  1. useKeyStoreTls
  2. trustStoreType
  3. trustStorePath
  4. trustStorePass
  5. keyStoreType
  6. keyStorePath
  7. keyStorePass

Update the code to change between TrustCerts and TrustStore based on useKeyStoreTls.

Alternatives

An alternative solution is to update AuthenticationDataProviders that utilize keystores to override functions to provide trustStore as stream and the private key as well, not depending on the "useKeyStoreTls" property, but as we already have properties for trustStoreType, trustStorePath and trustStorePass which are only invoked when useKeyStoreTls is true, it makes more sense to expose these properties as parameters in Perf Clients.

Anything else?

No response

Are you willing to submit a PR?

  • I'm willing to submit a PR!
@shasank112001 shasank112001 added the type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages label May 8, 2024
This was referenced May 10, 2024
Open
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Projects
None yet
Milestone
No milestone
1 participant
@shasank112001