streamnative / function-mesh

The serverless framework purpose-built for event streaming applications.
https://functionmesh.io/
Apache License 2.0
212 stars 28 forks source link

go function failed to run with authentication enabled #362

Open wexgjduv opened 2 years ago

wexgjduv commented 2 years ago

Hi, I have a pulsar cluster with auth enabled, using AuthenticationProviderToken.

authenticationEnabled: "true"
authenticationProviders: "org.apache.pulsar.broker.authentication.AuthenticationProviderToken"

However, the go function runs with this error.

go-function-sample-function-0 pulsar-function 2022/05/11 16:04:04.677 asm_amd64.s:1581: [info] [TCP connection established] remote_addr=pulsar://pulsar-broker.pulsar:6650 local_addr=172.20.11.22:51436
go-function-sample-function-0 pulsar-function 2022/05/11 16:04:04.682 connection.go:225: [warning] Failed to establish connection with broker: 'Unable to authenticate' remote_addr=pulsar://pulsar-broker.pulsar:6650 local_addr=172.20.11.22:51436

How does my go function use AuthenticationToken, provided in the test-auth secret, to connect the broker? Any examples?

Here's my config file:

apiVersion: compute.functionmesh.io/v1alpha1
kind: Function
metadata:
  name: go-function-sample
  namespace: default
spec:
  image: lichuan33/pulsar-go-function:t1
  forwardSourceMessageProperty: true
  maxPendingAsyncRequests: 1000
  replicas: 1
  maxReplicas: 1
  logTopic: persistent://public/default/go-function-logs
  input:
    topics:
      - persistent://public/default/go-function-input-topic
  output:
    topic: persistent://public/default/go-function-output-topic
  resources:
    requests:
      cpu: "0.1"
      memory: 1G
    limits:
      cpu: "0.2"
      memory: 1.1G
  pulsar:
    pulsarConfig: "test-go-pulsar"
    authSecret: "test-auth"
  golang:
    go: /pulsar/examples/go-function
    goLocation: ""
  clusterName: pulsar
  autoAck: true
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: test-go-pulsar
data:
  webServiceURL: http://pulsar-broker.pulsar:8080
  brokerServiceURL: pulsar://pulsar-broker.pulsar:6650
---
apiVersion: v1
kind: Secret
metadata:
  name: test-auth
stringData:
  clientAuthenticationPlugin: "org.apache.pulsar.client.impl.auth.AuthenticationToken"
  clientAuthenticationParameters: "token:xxx.yyy.zzz"

Thanks.

freeznet commented 2 years ago

@lichuan6 thanks for asking, but pulsar golang functions do not support auth yet. So function mesh cannot pass the auth data to golang functions. Should add auth support to pulsar go functions, then support passing auth data to go instance via function mesh.

liangyuanpeng commented 2 years ago

This PR is work for pulsar function go auth. https://github.com/apache/pulsar/pull/15907