lhotari commented on PR #24944: URL: https://github.com/apache/pulsar/pull/24944#issuecomment-3520852664
> Thank you @lhotari! Can I carry over these changes to version 4.0.x LTS? @gulecroc Usually new features aren't immediately added to LTS versions to ensure that changes don't cause regressions. New features can be added to an LTS release by starting a discussion on the dev mailing list. In most cases, it's better to have a PIP available for referencing the changes. I'm just wondering whether this feature is completed by this PR. **Is the intention to support updates for `trustCertsFilePath`?** In that case, more changes would be needed to add support for `trustCertsFilePath` changes. I think that decoupling from AsyncHttpClient would be useful and instead having an internal abstraction that hides implementation details. One detail to take into account is that there is [PIP-337: SSL Factory Plugin to customize SSLContext/SSLEngine generation](https://github.com/apache/pulsar/blob/master/pip/pip-337.md), which is expected to be used for SSLContext/SSLEngine instance creation. For consistency, that solution should be used. It's also possible that the PIP-337 solution might require some changes to support this new use case. I think it would be useful to write a PIP document to capture the requirements and at least the high-level design. A PIP will also help when starting the community discussion and decision-making to include changes to 4.0.x LTS regarding this area. This might help [in creating a PIP](https://github.com/apache/pulsar/tree/master/pip#pulsar-improvement-proposal-pip): ([how to create an LLM generated draft](https://github.com/apache/pulsar/pull/24396#pullrequestreview-2909244330)) Btw. Regarding the AsyncHttpClient used in OAuth authentication, I'd also like it support PIP-234 changes so that the client doesn't create it's own set of threads, but has a way to reuse them from the PulsarClient / PulsarAdminClient. The solution for that is still missing. PIP-234 was planned a long time ago and it wasn't implemented until recently. The implementation is in PRs #24790, #24784 and #24893 and will be available in 4.1.2 version. More changes are needed so that there would be an interface to be used by authentication plugins for getting access to the shared resources. For authentication plugins, one possibility would be that there would be a way to directly get a HTTP client with given configuration (such as trustCertsFilePath) that is sufficiently abstracted so that there's no need to couple to AsyncHttpClient in authentication plugin implementations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
