MLE-24829 Fixing cloud auth for 1.11.1 release

rjrudin · rjrudin · commit b0568dc5c2ce · 2025-10-27T12:50:39.000-04:00
diff --git a/docs/configuring-the-connector.md b/docs/configuring-the-connector.md
@@ -47,8 +47,8 @@ Regardless of the required authentication strategy, you must configure the follo
 - `ml.connection.port` = the port of the MarkLogic app server you wish to connect to
 - `ml.connection.securityContextType` = the authentication strategy required by the MarkLogic app server; defaults to DIGEST
 
-The choices for `ml.connection.securityContextType` are DIGEST, BASIC, CERTIFICATE, KERBEROS, and NONE. The additional
-properties required for each are described in the following sections.
+The choices for `ml.connection.securityContextType` are `DIGEST`, `BASIC`, `CERTIFICATE`, `KERBEROS`, `CLOUD`, and 
+`NONE`. The additional properties required for each are described in the following sections.
 
 ### Configuring digest and basic authentication
 
@@ -61,6 +61,7 @@ Both digest and basic authentication require the following properties to be conf
 
 Progress Data Cloud authentication requires the following properties to be configured:
 
+- `ml.connection.securityContextType=CLOUD`
 - `ml.connection.basePath` = the base path in your Progress Data Cloud instance that points to the REST API server you
   wish to connect to
 - `ml.connection.cloudApiKey` = the API key for authenticating with your Progress Data Cloud instance
@@ -71,13 +72,15 @@ You should also set `ml.connection.port` to 443 for connecting to Progress Data
 
 Certificate authentication requires the following properties to be configured:
 
+- `ml.connection.securityContextType=CERTIFICATE`
 - `ml.connection.certFile` = path to a PKCS12 certificate file
 - `ml.connection.certPassword` = password for the PKCS12 certificate file
 
 ### Configuring Kerberos authentication
 
 Kerberos authentication requires the following property to be configured:
 
+- `ml.connection.securityContextType=KERBEROS`
 - `ml.connection.externalName` = the name of the principal to be used in Kerberos authentication
 
 ### Configuring no authentication
diff --git a/gradle.properties b/gradle.properties
@@ -1,5 +1,5 @@
 group=com.marklogic
-version=1.11.0
+version=1.11.1
 
 # For the Confluent Connector Archive
 componentOwner=marklogic
diff --git a/src/main/java/com/marklogic/kafka/connect/MarkLogicConfig.java b/src/main/java/com/marklogic/kafka/connect/MarkLogicConfig.java
@@ -35,7 +35,7 @@ public class MarkLogicConfig extends AbstractConfig {
     public static final String SSL_HOST_VERIFIER = "ml.connection.customSsl.hostNameVerifier";
     public static final String SSL_MUTUAL_AUTH = "ml.connection.customSsl.mutualAuth";
 
-    private static final CustomRecommenderAndValidator CONNECTION_SECURITY_CONTEXT_TYPE_RV = new CustomRecommenderAndValidator("DIGEST", "BASIC", "CERTIFICATE", "KERBEROS", "NONE");
+    private static final CustomRecommenderAndValidator CONNECTION_SECURITY_CONTEXT_TYPE_RV = new CustomRecommenderAndValidator("DIGEST", "BASIC", "CERTIFICATE", "KERBEROS", "CLOUD", "NONE");
     private static final CustomRecommenderAndValidator CONNECTION_TYPE_RV = new CustomRecommenderAndValidator("DIRECT", "GATEWAY", "");
     private static final CustomRecommenderAndValidator SSL_HOST_VERIFIER_RV = new CustomRecommenderAndValidator("ANY", "COMMON", "STRICT");
 
@@ -73,7 +73,7 @@ public static void addDefinitions(ConfigDef configDef) {
                         "External name for 'KERBEROS' authentication",
                         GROUP, -1, ConfigDef.Width.MEDIUM, "Kerberos External Name")
                 .define(CONNECTION_CLOUD_API_KEY, Type.STRING, null, Importance.MEDIUM,
-                        "API key for connecting to MarkLogic Cloud. Should set port to 443 when connecting to MarkLogic Cloud.",
+                        "API key for connecting to Progress Data Cloud. Should set port to 443 when connecting to Progress Data Cloud.",
                         GROUP, -1, ConfigDef.Width.MEDIUM, "Cloud API Key")
                 .define(CONNECTION_TYPE, Type.STRING, "", CONNECTION_TYPE_RV, Importance.MEDIUM,
                         "Set to 'GATEWAY' when the host identified by ml.connection.host is a load balancer. See https://docs.marklogic.com/guide/java/data-movement#id_26583 for more information.",
diff --git a/src/test/java/com/marklogic/kafka/connect/BuildDatabaseClientConfigTest.java b/src/test/java/com/marklogic/kafka/connect/BuildDatabaseClientConfigTest.java
@@ -182,7 +182,7 @@ void testInvalidAuthentication() {
         securityContextConfig.put(MarkLogicSinkConfig.CONNECTION_SECURITY_CONTEXT_TYPE, "IncorrectValue");
         ConfigException ex = assertThrows(ConfigException.class, () -> MarkLogicSinkConfig.CONFIG_DEF.parse(securityContextConfig),
             "Should throw ConfigException when an invalid authentication type is provided.");
-        assertEquals("Invalid value: IncorrectValue; must be one of: [DIGEST, BASIC, CERTIFICATE, KERBEROS, NONE]", ex.getMessage());
+        assertEquals("Invalid value: IncorrectValue; must be one of: [DIGEST, BASIC, CERTIFICATE, KERBEROS, CLOUD, NONE]", ex.getMessage());
     }
 
     @Test
diff --git a/src/test/java/com/marklogic/kafka/connect/source/ReadRowsViaOpticDslTest.java b/src/test/java/com/marklogic/kafka/connect/source/ReadRowsViaOpticDslTest.java
@@ -11,9 +11,7 @@
 import java.util.List;
 import java.util.Map;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertNull;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 class ReadRowsViaOpticDslTest extends AbstractIntegrationSourceTest {
 
@@ -46,6 +44,23 @@ void readFifteenAuthorsAsJson() throws InterruptedException {
         verifyRecordKeysAreSetToIDColumn(records);
     }
 
+    @Test
+    void cloudAuth() {
+        RuntimeException ex = assertThrows(RuntimeException.class, () -> startSourceTask(
+            MarkLogicSourceConfig.CONNECTION_SECURITY_CONTEXT_TYPE, "cloud",
+            MarkLogicSourceConfig.CONNECTION_CLOUD_API_KEY, "abc123",
+            MarkLogicSourceConfig.DSL_QUERY, AUTHORS_ORDERED_BY_ID_OPTIC_DSL,
+            MarkLogicSourceConfig.TOPIC, AUTHORS_TOPIC,
+            MarkLogicSourceConfig.KEY_COLUMN, "Medical.Authors.ID"
+        ));
+
+        String message = ex.getMessage();
+        assertTrue(message.contains("Unable to call token endpoint"),
+            "We expect this test to fail because it can't talk to PDC, and that's fine. What this verifies " +
+                "is that the user can configure the connector to talk to PDC - i.e. 'cloud' is accepted as a " +
+                "security context type. Actual error: " + message);
+    }
+
     @Test
     void includeColumnTypes() throws InterruptedException {
         loadFifteenAuthorsIntoMarkLogic();

Original file line number	Diff line number	Diff line change
`@@ -182,7 +182,7 @@ void testInvalidAuthentication() {`
`182`	`182`	`securityContextConfig.put(MarkLogicSinkConfig.CONNECTION_SECURITY_CONTEXT_TYPE, "IncorrectValue");`
`183`	`183`	`ConfigException ex = assertThrows(ConfigException.class, () -> MarkLogicSinkConfig.CONFIG_DEF.parse(securityContextConfig),`
`184`	`184`	`"Should throw ConfigException when an invalid authentication type is provided.");`
`185`		`- assertEquals("Invalid value: IncorrectValue; must be one of: [DIGEST, BASIC, CERTIFICATE, KERBEROS, NONE]", ex.getMessage());`
	`185`	`+ assertEquals("Invalid value: IncorrectValue; must be one of: [DIGEST, BASIC, CERTIFICATE, KERBEROS, CLOUD, NONE]", ex.getMessage());`
`186`	`186`	`}`
`187`	`187`
`188`	`188`	`@Test`