[GitHub] [pulsar-client-node] Matt-Esch commented on issue #99: Authenticating using a Token

[GitBox]

Matt-Esch commented on issue #99:
URL: 
https://github.com/apache/pulsar-client-node/issues/99#issuecomment-1000215683


   I am attempting an upgrade to node 16 which means fast-forwarding the 
version of pulsar-client-node we are using from 1.2.0 to 1.4.1, which comes 
with the minimum pulsar version requirement of 2.8.0. We find that upgrading to 
pulsar-client-node@v1.4.1 with pulsar 2.8.0 causes this handshake fail issue. 
We also find that remaining on pulsar-client-node@v1.2.0 and upgrading past 
pulsar >= 2.7.0 also causes the same issue, so this is likely to be a change in 
the underlying pulsar client or some missing/additional configuration.
   
   This is replicable in our CI environment running on ubuntu with docker.
   
   We run a local pulsar node from an available pulsar image 
apachepulsar/pulsar. We were using 2.5.0 but upgraded to 2.8.1 just to 
double-check this wasn't a version incompatibility (not unreasonable to think 
the 2.8.1 client would not work entirely with a 2.5.0 broker).
   
   We generate a self-signed cert using cfssl v1.6.1, and we're using RSA 2048.
   
   We use a Makefile to generate a key secret and admin/user keys
   
   ```
   PULSAR_DOCKER_IMAGE = "apachepulsar/pulsar:2.8.1"
   
   PULSAR = docker run --rm -v "$(CURDIR)/conf:/pulsar/conf" -v 
"$(CURDIR)/auth:/pulsar/auth" $(PULSAR_DOCKER_IMAGE) bin/pulsar
   
   tokens
        $(PULSAR) tokens create-secret-key > auth/tokens/secret.key
        $(PULSAR) tokens create --secret-key 
file:///pulsar/auth/tokens/secret.key --subject admin > auth/tokens/admin-token
        $(PULSAR) tokens create --secret-key 
file:///pulsar/auth/tokens/secret.key --subject user > auth/tokens/user-token
   ```
   
   
   Client config:
   
   ```
   authParams=file:///pulsar/auth/admin-token
   authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
   brokerServiceUrl=pulsar://localhost:6650/
   tlsAllowInsecureConnection=false
   tlsEnableHostnameVerification=false
   tlsTrustCertsFilePath=/pulsar/auth/pulsar-ca/certs/ca.cert.pem
   webServiceUrl=http://localhost:8000/
   ```
   
   (we have a hostname mismatch due to localhost aliases being used i.e. if 
foo.bar.baz -> localhost)
   
   Our standalone pulsar configuration (generated broker settings with comments 
stripped)
   
   ```
   zookeeperServers=
   configurationStoreServers=
   brokerServicePort=6650
   webServicePort=8000
   bindAddress=0.0.0.0
   advertisedAddress=
   numIOThreads=
   numHttpServerThreads=
   clusterName=standalone
   failureDomainsEnabled=false
   zooKeeperSessionTimeoutMillis=30000
   zooKeeperOperationTimeoutSeconds=30
   brokerShutdownTimeoutMs=60000
   backlogQuotaCheckEnabled=true
   backlogQuotaCheckIntervalInSeconds=60
   backlogQuotaDefaultLimitGB=10
   ttlDurationDefaultInSeconds=0
   brokerDeleteInactiveTopicsEnabled=true
   brokerDeleteInactiveTopicsFrequencySeconds=60
   messageExpiryCheckIntervalInMinutes=5
   activeConsumerFailoverDelayTimeMillis=1000
   subscriptionExpirationTimeMinutes=0
   subscriptionRedeliveryTrackerEnabled=true
   subscriptionExpiryCheckIntervalInMinutes=5
   brokerDeduplicationEnabled=false
   brokerDeduplicationMaxNumberOfProducers=10000
   brokerDeduplicationEntriesInterval=1000
   brokerDeduplicationProducerInactivityTimeoutMinutes=360
   defaultNumberOfNamespaceBundles=4
   clientLibraryVersionCheckEnabled=false
   statusFilePath=/usr/local/apache/htdocs
   maxUnackedMessagesPerConsumer=50000
   maxUnackedMessagesPerSubscription=200000
   maxUnackedMessagesPerBroker=0
   maxUnackedMessagesPerSubscriptionOnBrokerBlocked=0.16
   topicPublisherThrottlingTickTimeMillis=2
   brokerPublisherThrPottlingTickTimeMillis=50
   brokerPublisherThrottlingMaxMessageRate=0
   brokerPublisherThrottlingMaxByteRate=0
   dispatchThrottlingRatePerTopicInMsg=0
   dispatchThrottlingRatePerTopicInByte=0
   dispatchThrottlingRateRelativeToPublishRate=false
   dispatchThrottlingOnNonBacklogConsumerEnabled=true
   maxConcurrentLookupRequest=50000
   maxConcurrentTopicLoadRequest=5000
   maxConcurrentNonPersistentMessagePerConnection=1000
   numWorkerThreadsForNonPersistentTopic=8
   enablePersistentTopics=true
   enableNonPersistentTopics=true
   maxProducersPerTopic=0
   maxConsumersPerTopic=0
   maxConsumersPerSubscription=0
   proxyRoles=
   authenticateOriginalAuthData=false
   authenticationEnabled=true
   
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken,org.apache.pulsar.broker.authentication.AuthenticationProviderTls
   tokenSecretKey=file:///pulsar/auth/tokens/secret.key
   authorizationEnabled=true
   
authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider
   authorizationAllowWildcardsMatching=false
   superUserRoles=admin
   
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
   brokerClientAuthenticationParameters=file:///pulsar/auth/tokens/admin-token
   athenzDomainNames=
   anonymousUserRole=anonymous
   tokenAuthClaim=
   bookkeeperClientAuthenticationPlugin=
   bookkeeperClientAuthenticationParametersName=
   bookkeeperClientAuthenticationParameters=
   bookkeeperClientTimeoutInSeconds=30
   bookkeeperClientSpeculativeReadTimeoutInMillis=0
   bookkeeperClientHealthCheckEnabled=true
   bookkeeperClientHealthCheckIntervalSeconds=60
   bookkeeperClientHealthCheckErrorThresholdPerInterval=5
   bookkeeperClientHealthCheckQuarantineTimeInSeconds=1800
   bookkeeperClientRackawarePolicyEnabled=true
   bookkeeperClientRegionawarePolicyEnabled=false
   bookkeeperClientReorderReadSequenceEnabled=false
   bookkeeperClientIsolationGroups=
   bookkeeperClientSecondaryIsolationGroups=
   bookkeeperClientMinAvailableBookiesInIsolationGroups=
   bookkeeperTLSProviderFactoryClass=org.apache.bookkeeper.tls.TLSContextFactory
   bookkeeperTLSClientAuthentication=false
   bookkeeperTLSKeyFileType=PEM
   bookkeeperTLSTrustCertTypes=PEM
   bookkeeperTLSKeyStorePasswordPath=
   bookkeeperTLSTrustStorePasswordPath=
   bookkeeperTLSKeyFilePath=
   bookkeeperTLSCertificateFilePath=
   bookkeeperTLSTrustCertsFilePath=
   bookkeeperDiskWeightBasedPlacementEnabled=false
   managedLedgerDefaultEnsembleSize=1
   managedLedgerDefaultWriteQuorum=1
   managedLedgerDefaultAckQuorum=1
   managedLedgerDigestType=CRC32C
   managedLedgerNumWorkerThreads=4
   managedLedgerNumSchedulerThreads=4
   managedLedgerCacheSizeMB=
   managedLedgerCacheCopyEntries=false
   managedLedgerCacheEvictionWatermark=0.9
   managedLedgerCacheEvictionFrequency=100.0
   managedLedgerCacheEvictionTimeThresholdMillis=1000
   managedLedgerCursorBackloggedThreshold=1000
   managedLedgerDefaultMarkDeleteRateLimit=0.1
   managedLedgerMaxEntriesPerLedger=50000
   managedLedgerMinLedgerRolloverTimeMinutes=10
   managedLedgerMaxLedgerRolloverTimeMinutes=240
   managedLedgerCursorMaxEntriesPerLedger=50000
   managedLedgerCursorRolloverTimeInSeconds=14400
   managedLedgerMaxUnackedRangesToPersist=10000
   managedLedgerMaxUnackedRangesToPersistInZooKeeper=1000
   autoSkipNonRecoverableData=false
   managedLedgerMetadataOperationsTimeoutSeconds=60
   managedLedgerReadEntryTimeoutSeconds=0
   managedLedgerAddEntryTimeoutSeconds=0
   managedLedgerUnackedRangesOpenCacheSetEnabled=true
   loadManagerClassName=org.apache.pulsar.broker.loadbalance.NoopLoadManager
   loadBalancerEnabled=false
   loadBalancerReportUpdateThresholdPercentage=10
   loadBalancerReportUpdateMaxIntervalMinutes=15
   loadBalancerHostUsageCheckIntervalMinutes=1
   loadBalancerSheddingIntervalMinutes=1
   loadBalancerSheddingGracePeriodMinutes=30
   loadBalancerBrokerMaxTopics=50000
   loadBalancerResourceQuotaUpdateIntervalMinutes=15
   loadBalancerAutoBundleSplitEnabled=true
   loadBalancerAutoUnloadSplitBundlesEnabled=true
   loadBalancerNamespaceBundleMaxTopics=1000
   loadBalancerNamespaceBundleMaxSessions=1000
   loadBalancerNamespaceBundleMaxMsgRate=30000
   loadBalancerNamespaceBundleMaxBandwidthMbytes=100
   loadBalancerNamespaceMaximumBundles=128
   replicationMetricsEnabled=true
   replicationConnectionsPerBroker=16
   replicationProducerQueueSize=1000
   defaultRetentionTimeInMinutes=0
   defaultRetentionSizeInMB=0
   keepAliveIntervalSeconds=30
   webSocketServiceEnabled=true
   webSocketNumIoThreads=8
   webSocketConnectionsPerBroker=8
   webSocketSessionIdleTimeoutMillis=300000
   exposeTopicLevelMetricsInPrometheus=true
   exposePublisherStats=true
   globalZookeeperServers=
   brokerServicePurgeInactiveFrequencyInSeconds=60
   ledgerStorageClass=org.apache.bookkeeper.bookie.storage.ldb.DbLedgerStorage
   dbStorage_writeCacheMaxSizeMb=
   dbStorage_readAheadCacheMaxSizeMb=
   dbStorage_readAheadCacheBatchSize=1000
   flushInterval=60000
   dbStorage_rocksDB_blockCacheSize=
   dbStorage_rocksDB_writeBufferSizeMB=4
   dbStorage_rocksDB_sstSizeInMB=4
   dbStorage_rocksDB_blockSize=4096
   dbStorage_rocksDB_bloomFilterBitsPerKey=10
   dbStorage_rocksDB_numLevels=-1
   dbStorage_rocksDB_numFilesInLevel0=4
   dbStorage_rocksDB_maxSizeInLevel1MB=256
   journalMaxGroupWaitMSec=1
   journalSyncData=false
   diskUsageThreshold=0.99
   diskUsageWarnThreshold=0.99
   allowLoopback=true
   gcWaitTime=300000
   allowAutoTopicCreation=true
   allowAutoTopicCreationType=non-partitioned
   defaultNumPartitions=1
   
transactionMetadataStoreProviderClassName=org.apache.pulsar.transaction.coordinator.impl.InMemTransactionMetadataStore
   tlsCertificateFilePath=/pulsar/auth/pulsar-ca/broker.cert.pem
   tlsKeyFilePath=/pulsar/auth/pulsar-ca/broker.key-pk8.pem
   ```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org