From de10ec5f9287d6886cd907bf4e98462a4b1e180d Mon Sep 17 00:00:00 2001 From: jiangpengcheng Date: Thu, 4 Aug 2022 02:28:29 +0000 Subject: [PATCH] Generate auth params when oauth2Config is provided --- api/v1alpha1/common.go | 1 - ...ompute.functionmesh.io-functionmeshes.yaml | 9 ----- ...crd-compute.functionmesh.io-functions.yaml | 3 -- .../crd-compute.functionmesh.io-sinks.yaml | 3 -- .../crd-compute.functionmesh.io-sources.yaml | 3 -- ...ompute.functionmesh.io_functionmeshes.yaml | 9 ----- .../compute.functionmesh.io_functions.yaml | 3 -- .../bases/compute.functionmesh.io_sinks.yaml | 3 -- .../compute.functionmesh.io_sources.yaml | 3 -- controllers/spec/common.go | 35 +++++++++++-------- controllers/spec/common_test.go | 6 ---- controllers/spec/function.go | 4 +-- controllers/spec/sink.go | 2 +- controllers/spec/source.go | 2 +- manifests/crd.yaml | 18 ---------- 15 files changed, 25 insertions(+), 79 deletions(-) diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go index fee0ad218..abf1c2f03 100644 --- a/api/v1alpha1/common.go +++ b/api/v1alpha1/common.go @@ -106,7 +106,6 @@ func (c *PulsarTLSConfig) GetMountPath() string { type Oauth2Config struct { Audience string `json:"audience"` - ClientID string `json:"clientId"` IssuerURL string `json:"issuerUrl"` // the secret name of the Oauth2 key file KeySecretName string `json:"keySecretName"` diff --git a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functionmeshes.yaml b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functionmeshes.yaml index 0e44ed113..fdb0179b8 100644 --- a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functionmeshes.yaml +++ b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functionmeshes.yaml @@ -2598,8 +2598,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2608,7 +2606,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -5239,8 +5236,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -5249,7 +5244,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -7841,8 +7835,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -7851,7 +7843,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functions.yaml b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functions.yaml index fd690e2bc..e883b6a07 100644 --- a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functions.yaml +++ b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-functions.yaml @@ -2617,8 +2617,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2627,7 +2625,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sinks.yaml b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sinks.yaml index 1c256ed08..d7e80953a 100644 --- a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sinks.yaml +++ b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sinks.yaml @@ -2551,8 +2551,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2561,7 +2559,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sources.yaml b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sources.yaml index 79d1623c4..85a319abd 100644 --- a/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sources.yaml +++ b/charts/function-mesh-operator/charts/admission-webhook/templates/crd-compute.functionmesh.io-sources.yaml @@ -2528,8 +2528,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2538,7 +2536,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/config/crd/bases/compute.functionmesh.io_functionmeshes.yaml b/config/crd/bases/compute.functionmesh.io_functionmeshes.yaml index 8d4583f80..75066b1d3 100644 --- a/config/crd/bases/compute.functionmesh.io_functionmeshes.yaml +++ b/config/crd/bases/compute.functionmesh.io_functionmeshes.yaml @@ -2600,8 +2600,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2610,7 +2608,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -5241,8 +5238,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -5251,7 +5246,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -7843,8 +7837,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -7853,7 +7845,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/config/crd/bases/compute.functionmesh.io_functions.yaml b/config/crd/bases/compute.functionmesh.io_functions.yaml index 66807b75e..f873195a9 100644 --- a/config/crd/bases/compute.functionmesh.io_functions.yaml +++ b/config/crd/bases/compute.functionmesh.io_functions.yaml @@ -2597,8 +2597,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2607,7 +2605,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/config/crd/bases/compute.functionmesh.io_sinks.yaml b/config/crd/bases/compute.functionmesh.io_sinks.yaml index 45cae4724..d3b99e943 100644 --- a/config/crd/bases/compute.functionmesh.io_sinks.yaml +++ b/config/crd/bases/compute.functionmesh.io_sinks.yaml @@ -2531,8 +2531,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2541,7 +2539,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/config/crd/bases/compute.functionmesh.io_sources.yaml b/config/crd/bases/compute.functionmesh.io_sources.yaml index 513966552..8c68ac6a2 100644 --- a/config/crd/bases/compute.functionmesh.io_sources.yaml +++ b/config/crd/bases/compute.functionmesh.io_sources.yaml @@ -2508,8 +2508,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2518,7 +2516,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName diff --git a/controllers/spec/common.go b/controllers/spec/common.go index 8d7a92642..dc7df0db2 100644 --- a/controllers/spec/common.go +++ b/controllers/spec/common.go @@ -230,18 +230,18 @@ func MakePodTemplate(container *corev1.Container, volumes []corev1.Volume, } func MakeJavaFunctionCommand(packageFile, name, clusterName, details, memory, extraDependenciesDir, uid string, - authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string { + authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string { processCommand := setShardIDEnvironmentVariableCommand() + " && " + strings.Join(getProcessJavaRuntimeArgs(name, packageFile, clusterName, details, - memory, extraDependenciesDir, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig), " ") + memory, extraDependenciesDir, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig, oauth2Config), " ") return []string{"sh", "-c", processCommand} } func MakePythonFunctionCommand(packageFile, name, clusterName, details, uid string, - authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string { + authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string { processCommand := setShardIDEnvironmentVariableCommand() + " && " + strings.Join(getProcessPythonRuntimeArgs(name, packageFile, clusterName, - details, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig), " ") + details, uid, authProvided, tlsProvided, secretMaps, state, tlsConfig, oauth2Config), " ") return []string{"sh", "-c", processCommand} } @@ -264,8 +264,6 @@ func getDownloadCommand(downloadPath, componentPackage string, tlsProvided, auth "$webServiceURL", "--issuer-endpoint", oauth2Config.IssuerURL, - "--client-id", - oauth2Config.ClientID, "--audience", oauth2Config.Audience, "--key-file", @@ -352,7 +350,7 @@ func setShardIDEnvironmentVariableCommand() string { } func getProcessJavaRuntimeArgs(name, packageName, clusterName, details, memory, extraDependenciesDir, uid string, - authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string { + authProvided, tlsProvided bool, secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string { classPath := "/pulsar/instances/java-instance.jar" if extraDependenciesDir != "" { classPath = fmt.Sprintf("%s:%s/*", classPath, extraDependenciesDir) @@ -371,7 +369,7 @@ func getProcessJavaRuntimeArgs(name, packageName, clusterName, details, memory, "--jar", packageName, } - sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig) + sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig, oauth2Config) args = append(args, sharedArgs...) if len(secretMaps) > 0 { secretProviderArgs := getJavaSecretProviderArgs(secretMaps) @@ -391,7 +389,7 @@ func getProcessJavaRuntimeArgs(name, packageName, clusterName, details, memory, } func getProcessPythonRuntimeArgs(name, packageName, clusterName, details, uid string, authProvided, tlsProvided bool, - secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig) []string { + secretMaps map[string]v1alpha1.SecretRef, state *v1alpha1.Stateful, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string { args := []string{ "exec", "python", @@ -408,7 +406,7 @@ func getProcessPythonRuntimeArgs(name, packageName, clusterName, details, uid st "true", // TODO: Maybe we don't need installUserCodeDependencies, dependency_repository, and pythonExtraDependencyRepository } - sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig) + sharedArgs := getSharedArgs(details, clusterName, uid, authProvided, tlsProvided, tlsConfig, oauth2Config) args = append(args, sharedArgs...) if len(secretMaps) > 0 { secretProviderArgs := getPythonSecretProviderArgs(secretMaps) @@ -425,7 +423,7 @@ func getProcessPythonRuntimeArgs(name, packageName, clusterName, details, uid st } // This method is suitable for Java and Python runtime, not include Go runtime. -func getSharedArgs(details, clusterName, uid string, authProvided bool, tlsProvided bool, tlsConfig TLSConfig) []string { +func getSharedArgs(details, clusterName, uid string, authProvided bool, tlsProvided bool, tlsConfig TLSConfig, oauth2Config *v1alpha1.Oauth2Config) []string { args := []string{ "--instance_id", "${" + EnvShardID + "}", @@ -449,12 +447,21 @@ func getSharedArgs(details, clusterName, uid string, authProvided bool, tlsProvi clusterName, } - if authProvided { + if oauth2Config != nil { + params := fmt.Sprintf(`'{"privateKey":"file://%s","issuerUrl":"%s","audience":"%s"}'`, oauth2Config.GetMountFile(), oauth2Config.IssuerURL, oauth2Config.Audience) args = append(args, []string{ "--client_auth_plugin", - "$clientAuthenticationPlugin", + "org.apache.pulsar.client.impl.auth.oauth2.AuthenticationOAuth2", "--client_auth_params", - "$clientAuthenticationParameters"}...) + params}...) + } else { + if authProvided { + args = append(args, []string{ + "--client_auth_plugin", + "$clientAuthenticationPlugin", + "--client_auth_params", + "$clientAuthenticationParameters"}...) + } } // Use traditional way diff --git a/controllers/spec/common_test.go b/controllers/spec/common_test.go index 4f9387ee2..36f1ef3d2 100644 --- a/controllers/spec/common_test.go +++ b/controllers/spec/common_test.go @@ -87,7 +87,6 @@ func TestGetDownloadCommand(t *testing.T) { {"function://public/default/test@v1", "function-package.jar", nil, &v1alpha1.Oauth2Config{ Audience: "test-audience", - ClientID: "test-client-id", IssuerURL: "test-issuer-url", KeySecretName: "test-private-key", KeySecretKey: "auth.json", @@ -101,8 +100,6 @@ func TestGetDownloadCommand(t *testing.T) { "$webServiceURL", "--issuer-endpoint", "test-issuer-url", - "--client-id", - "test-client-id", "--audience", "test-audience", "--key-file", @@ -549,7 +546,6 @@ func TestGeneratePodVolumes(t *testing.T) { }, oauth2Config: &v1alpha1.Oauth2Config{ Audience: "test-audience", - ClientID: "test-client-id", IssuerURL: "test-issuer-url", KeySecretName: "oauth2", }, @@ -780,7 +776,6 @@ func TestGenerateContainerVolumeMounts(t *testing.T) { }, oauth2Config: &v1alpha1.Oauth2Config{ Audience: "test-audience", - ClientID: "test-client-id", IssuerURL: "test-issuer-url", KeySecretName: "oauth2", }, @@ -838,7 +833,6 @@ func TestGenerateContainerVolumeMounts(t *testing.T) { }, oauth2Config: &v1alpha1.Oauth2Config{ Audience: "test-audience", - ClientID: "test-client-id", IssuerURL: "test-issuer-url", KeySecretName: "oauth2", }, diff --git a/controllers/spec/function.go b/controllers/spec/function.go index f1155ace7..65851a274 100644 --- a/controllers/spec/function.go +++ b/controllers/spec/function.go @@ -129,14 +129,14 @@ func makeFunctionCommand(function *v1alpha1.Function) []string { spec.Name, spec.ClusterName, generateFunctionDetailsInJSON(function), getDecimalSIMemory(spec.Resources.Requests.Memory()), spec.Java.ExtraDependenciesDir, string(function.UID), spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", function.Spec.SecretsMap, - function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig) + function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig, function.Spec.Pulsar.Oauth2Config) } } else if spec.Python != nil { if spec.Python.Py != "" { return MakePythonFunctionCommand(spec.Python.Py, spec.Name, spec.ClusterName, generateFunctionDetailsInJSON(function), string(function.UID), spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", function.Spec.SecretsMap, - function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig) + function.Spec.StateConfig, function.Spec.Pulsar.TLSConfig, function.Spec.Pulsar.Oauth2Config) } } else if spec.Golang != nil { if spec.Golang.Go != "" { diff --git a/controllers/spec/sink.go b/controllers/spec/sink.go index f18395a48..4804c6cf7 100644 --- a/controllers/spec/sink.go +++ b/controllers/spec/sink.go @@ -119,7 +119,7 @@ func MakeSinkCommand(sink *v1alpha1.Sink) []string { return MakeJavaFunctionCommand(spec.Java.Jar, spec.Name, spec.ClusterName, generateSinkDetailsInJSON(sink), getDecimalSIMemory(spec.Resources.Requests.Memory()), spec.Java.ExtraDependenciesDir, string(sink.UID), - spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig) + spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig, spec.Pulsar.Oauth2Config) } func generateSinkDetailsInJSON(sink *v1alpha1.Sink) string { diff --git a/controllers/spec/source.go b/controllers/spec/source.go index d31eb99e1..f0347b932 100644 --- a/controllers/spec/source.go +++ b/controllers/spec/source.go @@ -114,7 +114,7 @@ func makeSourceCommand(source *v1alpha1.Source) []string { return MakeJavaFunctionCommand(spec.Java.Jar, spec.Name, spec.ClusterName, generateSourceDetailsInJSON(source), getDecimalSIMemory(spec.Resources.Requests.Memory()), spec.Java.ExtraDependenciesDir, string(source.UID), - spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig) + spec.Pulsar.AuthSecret != "", spec.Pulsar.TLSSecret != "", spec.SecretsMap, nil, spec.Pulsar.TLSConfig, spec.Pulsar.Oauth2Config) } func generateSourceDetailsInJSON(source *v1alpha1.Source) string { diff --git a/manifests/crd.yaml b/manifests/crd.yaml index 06f31c3a0..d01811067 100644 --- a/manifests/crd.yaml +++ b/manifests/crd.yaml @@ -2610,8 +2610,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -2620,7 +2618,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -5251,8 +5248,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -5261,7 +5256,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -7853,8 +7847,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -7863,7 +7855,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -10617,8 +10608,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -10627,7 +10616,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -13334,8 +13322,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -13344,7 +13330,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName @@ -16012,8 +15997,6 @@ spec: properties: audience: type: string - clientId: - type: string issuerUrl: type: string keySecretKey: @@ -16022,7 +16005,6 @@ spec: type: string required: - audience - - clientId - issuerUrl - keySecretKey - keySecretName