From 12db85e626f19da93fe20bf0b14c20fbb494bdd9 Mon Sep 17 00:00:00 2001 From: joshvanl Date: Tue, 1 Aug 2023 11:33:59 +0100 Subject: [PATCH] Adds `OIDC` authentication to pulsar pubsub options Signed-off-by: joshvanl --- .../supported-pubsub/setup-pulsar.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-pulsar.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-pulsar.md index d7e53c00825..839640b0e9c 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-pulsar.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-pulsar.md @@ -26,6 +26,8 @@ spec: value: "false" - name: tenant value: "public" + - name: authType + value: "token" - name: token value: "eyJrZXlJZCI6InB1bHNhci1wajU0cXd3ZHB6NGIiLCJhbGciOiJIUzI1NiJ9.eyJzd" - name: consumerID @@ -66,7 +68,6 @@ spec: |--------------------|:--------:|---------|---------| | host | Y | Address of the Pulsar broker. Default is `"localhost:6650"` | `"localhost:6650"` OR `"http://pulsar-pj54qwwdpz4b-pulsar.ap-sg.public.pulsar.com:8080"`| | enableTLS | N | Enable TLS. Default: `"false"` | `"true"`, `"false"` | -| token | N | Enable Authentication. | [How to create pulsar token](https://pulsar.apache.org/docs/en/security-jwt/#generate-tokens)| | tenant | N | The topic tenant within the instance. Tenants are essential to multi-tenancy in Pulsar, and spread across clusters. Default: `"public"` | `"public"` | | consumerID | N | Used to set the subscription name or consumer ID. | `"topic1"` | namespace | N | The administrative unit of the topic, which acts as a grouping mechanism for related topics. Default: `"default"` | `"default"` @@ -80,6 +81,14 @@ spec: | publicKey | N | A public key to be used for publisher and consumer encryption. Value can be one of two options: file path for a local PEM cert, or the cert data string value | | privateKey | N | A private key to be used for consumer encryption. Value can be one of two options: file path for a local PEM cert, or the cert data string value | | keys | N | A comma delimited string containing names of [Pulsar session keys](https://pulsar.apache.org/docs/3.0.x/security-encryption/#how-it-works-in-pulsar). Used in conjunction with `publicKey` for publisher encryption | +| authType | N | One of `"none"`, `"token"` or `"oidc"`. The type of authentication mechanism to use. Defaults to `"none"`, unless `token` is defined in which case it defaults to `"token"`. | "oidc" | +| token | N | `authType: token`. Token used for authentication. | [How to create pulsar token](https://pulsar.apache.org/docs/en/security-jwt/#generate-tokens)| +| oidcTokenURL | N | `authType: oidc`. URL to request the OIDC client_credentials token from. Must use `https` protocol, as per the [OIDC spec](https://openid.net/specs/openid-connect-core-1_0.html) | "https://oauth.example.com/o/oauth2/token" | +| oidcTokenCAPEM | N | `authType: oidc`. CA PEM certificate bundle to connect to the OIDC issuer. If not defined, the system's certificate pool will be used. | "---BEGIN CERTIFICATE---\n...\n---END CERTIFICATE---" | +| oidcClientID | N | `authType: oidc`. OIDC client ID. | "my-client-id" | +| oidcClientSecret | N | `authType: oidc`. OIDC client secret. | "my-client-secret" | +| oidcAudiences | N | `authType: oidc`. Comma separated list of audiences to request for. Must not be empty. | "my-audience-1,my-audience-2" | +| oidcScopes | N | `authType: oidc`. Comma separated list of scopes to request. If empty, defaults to `"openid"`. If defined, `"openid"` must be present. | "openid,profile,email" | ### Enabling message delivery retries