biscuit-pulsar needs protobuf 3.25.0.
The listed dependencies can be necessary to add to the /lib of pulsar folder as jars:
vavrprotobufbiscuit-javabiscuit-pulsar
We currently are using this script to put libs on pulsar nodes:
#!/bin/bash
wget -P "pulsar/lib" "https://repo1.maven.org/maven2/net/i2p/crypto/eddsa/0.3.0/eddsa-0.3.0.jar"
wget -P "pulsar/lib" "https://repo1.maven.org/maven2/io/vavr/vavr/0.10.3/vavr-0.10.3.jar"
wget -P "pulsar/lib" "https://repo1.maven.org/maven2/com/google/protobuf/protobuf-java/3.25.0/protobuf-java-3.25.0.jar"
wget -P "pulsar/lib" "https://repo1.maven.org/maven2/com/clever-cloud/biscuit-java/<VERSION>/biscuit-java-<VERSION>.jar"
wget -P "pulsar/lib" "https://repo1.maven.org/maven2/com/clever-cloud/biscuit-pulsar/<VERSION>/biscuit-pulsar-<VERSION>.jar"For nodes configuration:
In your broker.conf | proxy.conf | standalone.conf:
# Enable authentication
authenticationEnabled=true
# Autentication provider name list, which is comma separated list of class names
authenticationProviders=com.clevercloud.biscuitpulsar.AuthenticationProviderBiscuit
# Enforce authorization
authorizationEnabled=true
# Authorization provider fully qualified class-name
authorizationProvider=com.clevercloud.biscuitpulsar.AuthorizationProviderBiscuit
### --- Biscuit Authentication Provider --- ###
biscuitPublicRootKey=@@BISCUIT_PUBLIC_ROOT_KEY@@
# support JWT side by side with Biscuit for AuthenticationToken
biscuitSupportJWT=true|false
# biscuit verify run limits before TimeOut
biscuitRunLimitsMaxFacts=1000
biscuitRunLimitsMaxIterations=100
biscuitRunLimitsMaxTimeMillis=30#!/bin/bash
sed -i -e "s/@@BISCUIT_PUBLIC_ROOT_KEY@@/$1/" broker.conf
sed -i -e "s/@@BISCUIT_PUBLIC_ROOT_KEY@@/$1/" proxy.conf
sed -i -e "s/@@BISCUIT_PUBLIC_ROOT_KEY@@/$1/" standalone.confRevoked biscuit must have their revocation ids contained in /etc/biscuit/revocation_list.hex.conf, one revocation per line in hexadecimals. Here is an example.
PulsarClient client = PulsarClient.builder()
.authentication(new AuthenticationToken("<BISCUIT_b64 or JWT>"))
.serviceUrl("pulsar://localhost:6650")
.build();# run all tests and build
mvn clean install
# build without tests
mvn clean install -Dmaven.test.skip=truemvn versions:set -DnewVersion=<NEW-VERSION>Commit and tag the version. Then push and create a GitHub release.
Finally, publishing to Nexus and Maven Central is automatically triggered by creating a GitHub release using GitHub Actions.
mvn versions:set -DnewVersion=<NEW-VERSION With Minor +1 and -SNAPSHOT>Commit and push.
Publish requires following secrets:
OSSRH_USERNAMEthe Sonatype usernameOSSRH_TOKENthe Sonatype tokenOSSRH_GPG_SECRET_KEYthe gpg private key used to sign packagesOSSRH_GPG_SECRET_KEY_PASSWORDthe gpg private key password
These are stored in GitHub organisation's secrets.