jerrypeng commented on a change in pull request #3735: Implementing authentication for Pulsar Functions URL: https://github.com/apache/pulsar/pull/3735#discussion_r264510086
########## File path: pulsar-functions/runtime/src/main/java/org/apache/pulsar/functions/auth/FunctionAuthProvider.java ########## @@ -0,0 +1,58 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.pulsar.functions.auth; + +import org.apache.pulsar.broker.authentication.AuthenticationDataSource; +import org.apache.pulsar.functions.instance.AuthenticationConfig; +import org.apache.pulsar.functions.proto.Function; + +/** + * This is a generic interface that functions can use to cache and distribute appropriate authentication + * data that is needed to configure the runtime of functions to support appropriate authentication of function instances + */ +public interface FunctionAuthProvider { + + /** + * Set authentication configs for function instance based on the data in FunctionAuthenticationSpec + * @param authConfig authentication configs passed to the function instance + * @param functionAuthData function authentication data that is provider specific + */ + void configureAuthenticationConfig(AuthenticationConfig authConfig, FunctionAuthData functionAuthData); + + /** + * Cache auth data in as part of function metadata for function that runtime may need to configure authentication + * @param tenant tenant that the function is running under + * @param namespace namespace that is the function is running under + * @param name name of the function + * @param authenticationDataSource auth data + * @return + * @throws Exception + */ + FunctionAuthData cacheAuthData(String tenant, String namespace, String name, AuthenticationDataSource authenticationDataSource) throws Exception; Review comment: This is a mechanism to distribute auth credentials or pointers to auth credentials based on implementtion to workers that need to run an instance of the function. Since in the function architecture, submitting the function and running the function are decoupled and might not happen on the same machine we need a mechanism to distribute some information to workers about how to configure authentication for individual function instances ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services