Feature/tlsauth

api/v1alpha1/common.go

@@ -55,6 +55,9 @@ type PulsarAuthentication struct {
 	// For detailed information on the OAuth2 fields, refer to the PulsarAuthenticationOAuth2 struct.
 	// +optional
 	OAuth2 *PulsarAuthenticationOAuth2 `json:"oauth2,omitempty"`
+
+	// +optional
+	TLS *PulsarAuthenticationTLS `json:"tls,omitempty"`
 }
 
 // PulsarResourceLifeCyclePolicy defines the behavior for managing Pulsar resources
@@ -107,6 +110,12 @@ type PulsarAuthenticationOAuth2 struct {
 	Scope string `json:"scope,omitempty"`
 }
 
+// PulsarAuthenticationTLS indicates the parameters which are need by pulsar TLS Authentication
+type PulsarAuthenticationTLS struct {
+	ClientCertificatePath    string `json:"clientCertificatePath"`
+	ClientCertificateKeyPath string `json:"clientCertificateKeyPath"`
+}
+
 // IsPulsarResourceReady returns true if resource satisfies with these condition
 // 1. The instance is not deleted
 // 2. Status ObservedGeneration is equal with meta.ObservedGeneration

api/v1alpha1/pulsarconnection_types.go

@@ -74,6 +74,19 @@ type PulsarConnectionSpec struct {
 	// When setting up Geo-Replication between Pulsar instances, this should be enabled to identify the cluster.
 	// +optional
 	ClusterName string `json:"clusterName,omitempty"`
+
+	// TLSEnableHostnameVerification indicates whether to verify the hostname of the broker.
+	// Only used when using secure urls.
+	// +optional
+	TLSEnableHostnameVerification bool `json:"tlsEnableHostnameVerification,omitempty"`
+
+	// TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker.
+	// +optional
+	TLSAllowInsecureConnection bool `json:"tlsAllowInsecureConnection,omitempty"`
+
+	// TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS.
+	// +optional
+	TLSTrustCertsFilePath string `json:"tlsTrustCertsFilePath,omitempty"`
 }
 
 // PulsarConnectionStatus defines the observed state of PulsarConnection.

config/crd/bases/resource.streamnative.io_pulsarconnections.yaml

@@ -169,6 +169,18 @@ spec:
                     - issuerEndpoint
                     - key
                     type: object
+                  tls:
+                    description: PulsarAuthenticationTLS indicates the parameters
+                      which are need by pulsar TLS Authentication
+                    properties:
+                      clientCertificateKeyPath:
+                        type: string
+                      clientCertificatePath:
+                        type: string
+                    required:
+                    - clientCertificateKeyPath
+                    - clientCertificatePath
+                    type: object
                   token:
                     description: |-
                       Token specifies the configuration for token-based authentication.
@@ -212,6 +224,16 @@ spec:
                   ClusterName specifies the name of the local Pulsar cluster.
                   When setting up Geo-Replication between Pulsar instances, this should be enabled to identify the cluster.
                 type: string
+              tlsEnableHostnameVerification:
+                description: TLSEnableHostnameVerification indicates whether to verify the hostname of the broker.
+                  Only used when using secure urls.
+                type: boolean
+              tlsAllowInsecureConnection:
+                description: TLSAllowInsecureConnection indicates whether to allow insecure connection to the broker.
+                type: boolean
+              tlsTrustCertsFilePath:
+                description: TLSTrustCertsFilePath Path for the TLS certificate used to validate the broker endpoint when using TLS.
+                type: string
             type: object
           status:
             description: |-