Skip to content

Commit

Permalink
Generate auth params when oauth2Config is provided
Browse files Browse the repository at this point in the history
  • Loading branch information
@jiangpengcheng
jiangpengcheng committed Aug 4, 2022
1 parent c4404d6 commit de10ec5
Show file tree
Hide file tree
Showing 15 changed files with 25 additions and 79 deletions.
1 change: 0 additions & 1 deletion api/v1alpha1/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,6 @@ func (c *PulsarTLSConfig) GetMountPath() string {

type Oauth2Config struct {
Audience string `json:"audience"`
ClientID string `json:"clientId"`
IssuerURL string `json:"issuerUrl"`
// the secret name of the Oauth2 key file
KeySecretName string `json:"keySecretName"`
Expand Down
9 changes: 0 additions & 9 deletions ...erator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functionmeshes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2598,8 +2598,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2608,7 +2606,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down Expand Up @@ -5239,8 +5236,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -5249,7 +5244,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down Expand Up @@ -7841,8 +7835,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -7851,7 +7843,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
3 changes: 0 additions & 3 deletions ...sh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2617,8 +2617,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2627,7 +2625,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
3 changes: 0 additions & 3 deletions ...n-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sinks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2551,8 +2551,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2561,7 +2559,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
3 changes: 0 additions & 3 deletions ...mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2528,8 +2528,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2538,7 +2536,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
9 changes: 0 additions & 9 deletions config/crd/bases/compute.functionmesh.io_functionmeshes.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2600,8 +2600,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2610,7 +2608,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down Expand Up @@ -5241,8 +5238,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -5251,7 +5246,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down Expand Up @@ -7843,8 +7837,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -7853,7 +7845,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
3 changes: 0 additions & 3 deletions config/crd/bases/compute.functionmesh.io_functions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2597,8 +2597,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2607,7 +2605,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
3 changes: 0 additions & 3 deletions config/crd/bases/compute.functionmesh.io_sinks.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2531,8 +2531,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2541,7 +2539,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
3 changes: 0 additions & 3 deletions config/crd/bases/compute.functionmesh.io_sources.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2508,8 +2508,6 @@ spec:
properties:
audience:
type: string
clientId:
type: string
issuerUrl:
type: string
keySecretKey:
Expand All @@ -2518,7 +2516,6 @@ spec:
type: string
required:
- audience
- clientId
- issuerUrl
- keySecretKey
- keySecretName
Expand Down
35 changes: 21 additions & 14 deletions controllers/spec/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,18 +230,18 @@ func MakePodTemplate(container *corev1.Container, volumes []corev1.Volume,
}

func MakeJavaFunctionCommand(packageFile, name, clusterName, details, memory, extraDependenciesDir, uid string,
authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string {
authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string {
processCommand := setShardIDEnvironmentVariableCommand() + " && " +
strings.Join(getProcessJavaRuntimeArgs(name, packageFile, clusterName, details,
memory, extraDependenciesDir, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig), " ")
memory, extraDependenciesDir, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig, oauth2Config), " ")
return []string{"sh", "-c", processCommand}
}

func MakePythonFunctionCommand(packageFile, name, clusterName, details, uid string,
authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string {
authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string {
processCommand := setShardIDEnvironmentVariableCommand() + " && " +
strings.Join(getProcessPythonRuntimeArgs(name, packageFile, clusterName,
details, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig), " ")
details, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig, oauth2Config), " ")
return []string{"sh", "-c", processCommand}
}

Expand All @@ -264,8 +264,6 @@ func getDownloadCommand(downloadPath, componentPackage string, tlsProvided, auth
"$webServiceURL",
"--issuer-endpoint",
oauth2Config.IssuerURL,
"--client-id",
oauth2Config.ClientID,
"--audience",
oauth2Config.Audience,
"--key-file",
Expand Down Expand Up @@ -352,7 +350,7 @@ func setShardIDEnvironmentVariableCommand() string {
}

func getProcessJavaRuntimeArgs(name, packageName, clusterName, details, memory, extraDependenciesDir, uid string,
authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string {
authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string {
classPath := "/pulsar/instances/java-instance.jar"
if extraDependenciesDir != "" {
classPath = fmt.Sprintf("%s:%s/*", classPath, extraDependenciesDir)
Expand All @@ -371,7 +369,7 @@ func getProcessJavaRuntimeArgs(name, packageName, clusterName, details, memory,
"--jar",
packageName,
}
sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig)
sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig, oauth2Config)
args = append(args, sharedArgs...)
if len(secretMaps) > 0 {
secretProviderArgs := getJavaSecretProviderArgs(secretMaps)
Expand All @@ -391,7 +389,7 @@ func getProcessJavaRuntimeArgs(name, packageName, clusterName, details, memory,
}

func getProcessPythonRuntimeArgs(name, packageName, clusterName, details, uid string, authProvided, tlsProvided bool,
secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string {
secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string {
args := []string{
"exec",
"python",
Expand All @@ -408,7 +406,7 @@ func getProcessPythonRuntimeArgs(name, packageName, clusterName, details, uid st
"true",
// TODO: Maybe we don't need installUserCodeDependencies, dependency_repository, and pythonExtraDependencyRepository
}
sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig)
sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig, oauth2Config)
args = append(args, sharedArgs...)
if len(secretMaps) > 0 {
secretProviderArgs := getPythonSecretProviderArgs(secretMaps)
Expand All @@ -425,7 +423,7 @@ func getProcessPythonRuntimeArgs(name, packageName, clusterName, details, uid st
}

// This method is suitable for Java and Python runtime, not include Go runtime.
func getSharedArgs(details, clusterName, uid string, authProvided bool, tlsProvided bool, tlsConfig TLSConfig) []string {
func getSharedArgs(details, clusterName, uid string, authProvided bool, tlsProvided bool, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string {
args := []string{
"--instance_id",
"${" + EnvShardID + "}",
Expand All @@ -449,12 +447,21 @@ func getSharedArgs(details, clusterName, uid string, authProvided bool, tlsProvi
clusterName,
}

if authProvided {
if oauth2Config != nil {
params := fmt.Sprintf(`'{"privateKey":"file://%s","issuerUrl":"%s","audience":"%s"}'`, oauth2Config.GetMountFile(), oauth2Config.IssuerURL, oauth2Config.Audience)
args = append(args, []string{
"--client_auth_plugin",
"$clientAuthenticationPlugin",
"org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2",
"--client_auth_params",
"$clientAuthenticationParameters"}...)
params}...)
} else {
if authProvided {
args = append(args, []string{
"--client_auth_plugin",
"$clientAuthenticationPlugin",
"--client_auth_params",
"$clientAuthenticationParameters"}...)
}
}

// Use traditional way
Expand Down
6 changes: 0 additions & 6 deletions controllers/spec/common_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,6 @@ func TestGetDownloadCommand(t *testing.T) {
{"function://public/default/test@v1", "function-package.jar", nil,
&v1alpha1.Oauth2Config{
Audience: "test-audience",
ClientID: "test-client-id",
IssuerURL: "test-issuer-url",
KeySecretName: "test-private-key",
KeySecretKey: "auth.json",
Expand All @@ -101,8 +100,6 @@ func TestGetDownloadCommand(t *testing.T) {
"$webServiceURL",
"--issuer-endpoint",
"test-issuer-url",
"--client-id",
"test-client-id",
"--audience",
"test-audience",
"--key-file",
Expand Down Expand Up @@ -549,7 +546,6 @@ func TestGeneratePodVolumes(t *testing.T) {
},
oauth2Config: &v1alpha1.Oauth2Config{
Audience: "test-audience",
ClientID: "test-client-id",
IssuerURL: "test-issuer-url",
KeySecretName: "oauth2",
},
Expand Down Expand Up @@ -780,7 +776,6 @@ func TestGenerateContainerVolumeMounts(t *testing.T) {
},
oauth2Config: &v1alpha1.Oauth2Config{
Audience: "test-audience",
ClientID: "test-client-id",
IssuerURL: "test-issuer-url",
KeySecretName: "oauth2",
},
Expand Down Expand Up @@ -838,7 +833,6 @@ func TestGenerateContainerVolumeMounts(t *testing.T) {
},
oauth2Config: &v1alpha1.Oauth2Config{
Audience: "test-audience",
ClientID: "test-client-id",
IssuerURL: "test-issuer-url",
KeySecretName: "oauth2",
},
Expand Down
4 changes: 2 additions & 2 deletions controllers/spec/function.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,14 +129,14 @@ func makeFunctionCommand(function *v1alpha1.Function) []string {
spec.Name, spec.ClusterName, generateFunctionDetailsInJSON(function),
getDecimalSIMemory(spec.Resources.Requests.Memory()), spec.Java.ExtraDependenciesDir, string(function.UID),
spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", function.Spec.SecretsMap,
function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig)
function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig, function.Spec.Pulsar.Oauth2Config)
}
} else if spec.Python != nil {
if spec.Python.Py != "" {
return MakePythonFunctionCommand(spec.Python.Py,
spec.Name, spec.ClusterName, generateFunctionDetailsInJSON(function), string(function.UID),
spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", function.Spec.SecretsMap,
function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig)
function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig, function.Spec.Pulsar.Oauth2Config)
}
} else if spec.Golang != nil {
if spec.Golang.Go != "" {
Expand Down
2 changes: 1 addition & 1 deletion controllers/spec/sink.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ func MakeSinkCommand(sink *v1alpha1.Sink) []string {
return MakeJavaFunctionCommand(spec.Java.Jar,
spec.Name, spec.ClusterName, generateSinkDetailsInJSON(sink),
getDecimalSIMemory(spec.Resources.Requests.Memory()), spec.Java.ExtraDependenciesDir, string(sink.UID),
spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig)
spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig, spec.Pulsar.Oauth2Config)
}

func generateSinkDetailsInJSON(sink *v1alpha1.Sink) string {
Expand Down
2 changes: 1 addition & 1 deletion controllers/spec/source.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ func makeSourceCommand(source *v1alpha1.Source) []string {
return MakeJavaFunctionCommand(spec.Java.Jar,
spec.Name, spec.ClusterName, generateSourceDetailsInJSON(source),
getDecimalSIMemory(spec.Resources.Requests.Memory()), spec.Java.ExtraDependenciesDir, string(source.UID),
spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig)
spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig, spec.Pulsar.Oauth2Config)
}

func generateSourceDetailsInJSON(source *v1alpha1.Source) string {
Expand Down
Loading

0 comments on commit de10ec5

Please sign in to comment.