Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(pulsar sink): support tls options #22148

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
Open

feat(pulsar sink): support tls options #22148

wants to merge 13 commits into from

Conversation

pomacanthidae
Copy link

@pomacanthidae pomacanthidae commented Jan 9, 2025
edited
Loading

Summary

This PR adds TLS options to enable Pulsar sinks and sources to use a custom certificate chain regarding #10888.
Integration tests for pulsar with TLS are added and test data in tests/data/ca/intermediate_server including pem files are generated by the following command.

 make ca/intermediate_server/certs/pulsar-chain.cert.pem

Change Type

  • Bug fix
  • New feature
  • Non-functional (chore, refactoring, docs)
  • Performance

Is this a breaking change?

  • Yes
  • No

How did you test this PR?

run integration test

make test-integration-pulsar

Does this PR include user facing changes?

  • Yes. Please add a changelog fragment based on our guidelines.
  • No. A maintainer will apply the "no-changelog" label to this PR.

Checklist

  • Please read our Vector contributor resources.
  • If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
    run dd-rust-license-tool write to regenerate the license inventory and commit the changes (if any). More details here.

References

@pomacanthidae pomacanthidae requested review from a team as code owners January 9, 2025 11:13
@bits-bot
Copy link

bits-bot commented Jan 9, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot added domain: sources Anything related to the Vector's sources domain: sinks Anything related to the Vector's sinks domain: ci Anything related to Vector's CI environment domain: external docs Anything related to Vector's external, public documentation labels Jan 9, 2025
@pront pront self-assigned this Jan 9, 2025
@pront pront added the sink: pulsar Anything `pulsar` sink related label Jan 9, 2025
jszwedko
jszwedko reviewed Jan 9, 2025
View reviewed changes
src/sinks/pulsar/config.rs
#[configurable_component]
#[configurable(description = "TLS options configuration for the Pulsar client.")]
#[derive(Clone, Debug)]
pub struct PulsarTlsOptions {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to reuse the existing config struct we use for TLS options:

vector/lib/vector-core/src/tls/settings.rs

Line 87 in 0720345

pub struct TlsConfig {
?

Or does the pulsar client no support all of the same options?

At the least, we should match the option names (e.g. certificate_chain_file should be ca_file to match).

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your feedback.
rust client for pulsar only supports some options https://github.com/streamnative/pulsar-rs/blob/master/src/connection_manager.rs#L73
Changed to use the same field names as TlsConfig 66821d8.

jszwedko
jszwedko reviewed Jan 9, 2025
View reviewed changes
Copy link
Member

@jszwedko jszwedko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work on this @pomacanthidae ! I appreciate you updating the integration tests including generating the test certificates. I left a question about the new config option.

@pront pront added domain: security Anything related to security domain: networking Anything related to Vector's networking labels Jan 13, 2025
jszwedko
jszwedko reviewed Jan 14, 2025
View reviewed changes
website/cue/reference/components/sources/base/pulsar.cue Outdated
description: "TLS options configuration for the Pulsar client."
required: false
type: object: options: {
allow_insecure_connection: {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be called verify_certificate in order to match the existing options.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, fixed in ed01093

pront
pront approved these changes Jan 17, 2025
View reviewed changes
Copy link
Member

@pront pront left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Not merging just yet, I would like to give @jszwedko a chance to take another look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelcretzman michaelcretzman michaelcretzman approved these changes

@pront pront pront approved these changes

@jszwedko jszwedko Awaiting requested review from jszwedko

Assignees

@pront pront

Labels
domain: ci Anything related to Vector's CI environment domain: external docs Anything related to Vector's external, public documentation domain: networking Anything related to Vector's networking domain: security Anything related to security domain: sinks Anything related to the Vector's sinks domain: sources Anything related to the Vector's sources sink: pulsar Anything `pulsar` sink related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add TLS support to the Pulsar Sink
5 participants
@pomacanthidae @bits-bot @jszwedko @pront @michaelcretzman