This is an automated email from the ASF dual-hosted git repository.
rxl pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 8268665f78c2266725836dc0aa12c7f260a34950
Author: Jia Zhai <zhai...@apache.org>
AuthorDate: Tue Jul 28 23:49:20 2020 +0800
[oauth2 cpp] add support to read credentials from file (#7606)
### Motivation
Add support to read credentials from file, make it align with java client.
### Modifications
- Add support to read credentials from file, make it align with java client.
- add a test for it.
Co-authored-by: xiaolong.ran <r...@apache.org>
(cherry picked from commit 42d17c85fc9460ec0aa678cf3e3663de2aa61524)
---
.../authentication/token/cpp_credentials_file.json | 4 ++
pulsar-client-cpp/lib/auth/AuthOauth2.cc | 45 +++++++++++++++++++++-
pulsar-client-cpp/lib/auth/AuthOauth2.h | 2 +
pulsar-client-cpp/tests/AuthPluginTest.cc | 19 +++++++++
4 files changed, 68 insertions(+), 2 deletions(-)
diff --git
a/pulsar-broker/src/test/resources/authentication/token/cpp_credentials_file.json
b/pulsar-broker/src/test/resources/authentication/token/cpp_credentials_file.json
new file mode 100644
index 0000000..db1eccd
--- /dev/null
+++
b/pulsar-broker/src/test/resources/authentication/token/cpp_credentials_file.json
@@ -0,0 +1,4 @@
+{
+ "client_id":"Xd23RHsUnvUlP7wchjNYOaIfazgeHd9x",
+
"client_secret":"rT7ps7WY8uhdVuBTKWZkttwLdQotmdEliaM5rLfmgNibvqziZ-g07ZH52N_poGAb"
+}
diff --git a/pulsar-client-cpp/lib/auth/AuthOauth2.cc
b/pulsar-client-cpp/lib/auth/AuthOauth2.cc
index 3104c4d..72cdf97 100644
--- a/pulsar-client-cpp/lib/auth/AuthOauth2.cc
+++ b/pulsar-client-cpp/lib/auth/AuthOauth2.cc
@@ -119,6 +119,12 @@ Oauth2Flow::Oauth2Flow() {}
Oauth2Flow::~Oauth2Flow() {}
// ClientCredentialFlow
+static std::string readFromFile(const std::string& credentialsFilePath) {
+ std::ifstream input(credentialsFilePath);
+ std::stringstream buffer;
+ buffer << input.rdbuf();
+ return buffer.str();
+}
ClientCredentialFlow::ClientCredentialFlow(const std::string& issuerUrl, const
std::string& clientId,
const std::string& clientSecret,
const std::string& audience) {
@@ -128,6 +134,33 @@ ClientCredentialFlow::ClientCredentialFlow(const
std::string& issuerUrl, const s
audience_ = audience;
}
+// read clientId/clientSecret from passed in `credentialsFilePath`
+ClientCredentialFlow::ClientCredentialFlow(const std::string& issuerUrl,
+ const std::string&
credentialsFilePath,
+ const std::string& audience) {
+ issuerUrl_ = issuerUrl;
+ audience_ = audience;
+
+ boost::property_tree::ptree loadPtreeRoot;
+ try {
+ boost::property_tree::read_json(credentialsFilePath, loadPtreeRoot);
+ } catch (boost::property_tree::json_parser_error& e) {
+ LOG_ERROR("Failed to parse json input file for credentialsFilePath: "
<< credentialsFilePath
+
<< "with error:" << e.what());
+ return;
+ }
+
+ const std::string defaultNotFoundString = "Client Id / Secret Not Found";
+
+ clientId_ = loadPtreeRoot.get<std::string>("client_id",
defaultNotFoundString);
+ clientSecret_ = loadPtreeRoot.get<std::string>("client_secret",
defaultNotFoundString);
+
+ if (clientId_ == defaultNotFoundString || clientSecret_ ==
defaultNotFoundString) {
+ LOG_ERROR("Not get valid clientId / clientSecret: " << clientId_ <<
"/" << clientSecret_);
+ return;
+ }
+}
+
void ClientCredentialFlow::initialize() {}
void ClientCredentialFlow::close() {}
@@ -225,8 +258,16 @@ Oauth2TokenResultPtr ClientCredentialFlow::authenticate() {
// AuthOauth2
AuthOauth2::AuthOauth2(ParamMap& params) {
- flowPtr_ = FlowPtr(new ClientCredentialFlow(params["issuer_url"],
params["client_id"],
- params["client_secret"],
params["audience"]));
+ std::map<std::string, std::string>::iterator it;
+ it = params.find("private_key");
+
+ if (it != params.end()) {
+ flowPtr_ = FlowPtr(
+ new ClientCredentialFlow(params["issuer_url"],
params["private_key"], params["audience"]));
+ } else {
+ flowPtr_ = FlowPtr(new ClientCredentialFlow(params["issuer_url"],
params["client_id"],
+ params["client_secret"],
params["audience"]));
+ }
}
AuthOauth2::~AuthOauth2() {}
diff --git a/pulsar-client-cpp/lib/auth/AuthOauth2.h
b/pulsar-client-cpp/lib/auth/AuthOauth2.h
index 0090976..874dc39 100644
--- a/pulsar-client-cpp/lib/auth/AuthOauth2.h
+++ b/pulsar-client-cpp/lib/auth/AuthOauth2.h
@@ -33,6 +33,8 @@ class ClientCredentialFlow : public Oauth2Flow {
public:
ClientCredentialFlow(const std::string& issuerUrl, const std::string&
clientId,
const std::string& clientSecret, const std::string&
audience);
+ ClientCredentialFlow(const std::string& issuerUrl, const std::string&
credentialsFilePath,
+ const std::string& audience);
void initialize();
Oauth2TokenResultPtr authenticate();
void close();
diff --git a/pulsar-client-cpp/tests/AuthPluginTest.cc
b/pulsar-client-cpp/tests/AuthPluginTest.cc
index 183c880..6430fd8 100644
--- a/pulsar-client-cpp/tests/AuthPluginTest.cc
+++ b/pulsar-client-cpp/tests/AuthPluginTest.cc
@@ -381,3 +381,22 @@ TEST(AuthPluginTest, testOauth2WrongSecret) {
// expected
}
}
+
+TEST(AuthPluginTest, testOauth2CredentialFile) {
+ // test success get token from oauth2 server.
+ pulsar::AuthenticationDataPtr data;
+ std::string params = R"({
+ "type": "client_credentials",
+ "issuer_url": "https://dev-kt-aa9ne.us.auth0.com/oauth/token";,
+ "private_key":
"../../pulsar-broker/src/test/resources/authentication/token/cpp_credentials_file.json",
+ "audience": "https://dev-kt-aa9ne.us.auth0.com/api/v2/"})";
+
+ int expectedTokenLength = 3379;
+ LOG_INFO("PARAMS: " << params);
+ pulsar::AuthenticationPtr auth = pulsar::AuthOauth2::create(params);
+ ASSERT_EQ(auth->getAuthMethodName(), "token");
+ ASSERT_EQ(auth->getAuthData(data), pulsar::ResultOk);
+ ASSERT_EQ(data->hasDataForHttp(), true);
+ ASSERT_EQ(data->hasDataFromCommand(), true);
+ ASSERT_EQ(data->getCommandData().length(), expectedTokenLength);
+}
