Merge pull request #384 from liftbridge-io/v1.7.1

Prepare v1.7.1
liftbridge-io · Jan 21, 2022 · 99e2930 · 99e2930
2 parents 80a935e + acc4930
commit 99e2930
Show file tree

Hide file tree

Showing 10 changed files with 451 additions and 17 deletions.
diff --git a/documentation/configuration.md b/documentation/configuration.md
@@ -24,7 +24,7 @@ USAGE:
    liftbridge [global options] command [command options] [arguments...]
 
 VERSION:
-   v1.7.0
+   v1.7.1
 
 COMMANDS:
    help, h  Shows a list of commands or help for one command

diff --git a/documentation/quick_start.md b/documentation/quick_start.md
@@ -46,7 +46,7 @@ only be set on one server when bootstrapping a cluster.**
 
 ```shell
 $ liftbridge --raft-bootstrap-seed --embedded-nats
-INFO[2020-12-29 13:19:33] Liftbridge Version:        v1.7.0
+INFO[2020-12-29 13:19:33] Liftbridge Version:        v1.7.1
 INFO[2020-12-29 13:19:33] Server ID:                 m6nxFIddI395AaQABIQqNL
 INFO[2020-12-29 13:19:33] Namespace:                 liftbridge-default
 INFO[2020-12-29 13:19:33] NATS Servers:              [nats://127.0.0.1:4222]
@@ -62,7 +62,7 @@ We set the `--data-dir` and `--port` flags to avoid clobbering the first server.
 
 ```shell
 $ liftbridge --data-dir /tmp/liftbridge/server-2 --port=9293
-INFO[2020-12-29 13:21:09] Liftbridge Version:        v1.7.0
+INFO[2020-12-29 13:21:09] Liftbridge Version:        v1.7.1
 INFO[2020-12-29 13:21:09] Server ID:                 8mTiXh8VSFFBB8kIK0IOGU
 INFO[2020-12-29 13:21:09] Namespace:                 liftbridge-default
 INFO[2020-12-29 13:21:09] NATS Servers:              [nats://127.0.0.1:4222]

diff --git a/go.mod b/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/hashicorp/raft v1.1.2
 	github.com/hashicorp/raft-boltdb/v2 v2.2.0
 	github.com/liftbridge-io/go-liftbridge/v2 v2.2.0
-	github.com/liftbridge-io/liftbridge-api v1.7.0
+	github.com/liftbridge-io/liftbridge-api v1.7.1
 	github.com/liftbridge-io/nats-on-a-log v0.0.0-20200818183806-bb17516cf3a3
 	github.com/natefinch/atomic v1.0.1
 	github.com/nats-io/nats-server/v2 v2.6.4
@@ -59,11 +59,11 @@ require (
 	github.com/subosito/gotenv v1.2.0 // indirect
 	go.etcd.io/bbolt v1.3.5 // indirect
 	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e // indirect
-	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
-	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
+	golang.org/x/net v0.0.0-20220121175114-2ed6ce1e1725 // indirect
+	golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1 // indirect
-	google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb // indirect
+	google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/ini.v1 v1.57.0 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect

diff --git a/go.sum b/go.sum
@@ -272,8 +272,8 @@ github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/liftbridge-io/go-liftbridge/v2 v2.2.0 h1:lWj9NcKAe3e6kc2RxvJez+wKr0NA5b6eq7vsrQ4EdGU=
 github.com/liftbridge-io/go-liftbridge/v2 v2.2.0/go.mod h1:+GxDuLwnTCMw0GmuEdf61SZUojirDg5DT70NSwM+3Hw=
 github.com/liftbridge-io/liftbridge-api v1.6.1-0.20210922165337-44d2c9612f09/go.mod h1:6IFEFZ4ncnOgeDVjSt0vh1lKNhlJ5YT9xnG1eRa9LC8=
-github.com/liftbridge-io/liftbridge-api v1.7.0 h1:ABXleIplvt8Pt/MDEpuvNKZvVyUxs+9o5SjTNxHE1r4=
-github.com/liftbridge-io/liftbridge-api v1.7.0/go.mod h1:6IFEFZ4ncnOgeDVjSt0vh1lKNhlJ5YT9xnG1eRa9LC8=
+github.com/liftbridge-io/liftbridge-api v1.7.1 h1:OALXJzR1Q8D7H2oy0laHCBPf9wAB1O6pmLPQGlRtQ4g=
+github.com/liftbridge-io/liftbridge-api v1.7.1/go.mod h1:6IFEFZ4ncnOgeDVjSt0vh1lKNhlJ5YT9xnG1eRa9LC8=
 github.com/liftbridge-io/nats-on-a-log v0.0.0-20200818183806-bb17516cf3a3 h1:O4mg1NEmukgY8hxen3grrG5RY34LadMTzpbjf8kM2tA=
 github.com/liftbridge-io/nats-on-a-log v0.0.0-20200818183806-bb17516cf3a3/go.mod h1:wmIIYVq+psahPlB1rvtTkGiltdihsKJbqwE1DkIPwj4=
 github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzRKO2BQ4=
@@ -520,8 +520,8 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20201002202402-0a1ea396d57c/go.mod h1:iQL9McJNjoIa5mjH6nYTCTZXUN6RP+XW3eib7Ya3XcI=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=
-golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220121175114-2ed6ce1e1725 h1:YtkHkox9J+kfAdNdlvEXp2SkLMQSkSjWFP4sjgxEPa8=
+golang.org/x/net v0.0.0-20220121175114-2ed6ce1e1725/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -581,20 +581,20 @@ golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9 h1:XfKQ4OlFl8okEOr5UvAqFRVj8pY/4yfcXrddB8qAbU0=
+golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -708,8 +708,8 @@ google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201002142447-3860012362da/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb h1:ZrsicilzPCS/Xr8qtBZZLpy4P9TYXAfl49ctG1/5tgw=
-google.golang.org/genproto v0.0.0-20211223182754-3ac035c7e7cb/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
+google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5 h1:zzNejm+EgrbLfDZ6lu9Uud2IVvHySPl8vQzf04laR5Q=
+google.golang.org/genproto v0.0.0-20220118154757-00ab72f36ad5/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=

diff --git a/server/version.go b/server/version.go
@@ -1,4 +1,4 @@
 package server
 
 // Version of the Liftbridge server.
-const Version = "v1.7.0"
+const Version = "v1.7.1"
diff --git a/website/versioned_docs/version-v1.7.1/authentication_authorization.md b/website/versioned_docs/version-v1.7.1/authentication_authorization.md
@@ -0,0 +1,59 @@
+---
+id: version-v1.7.1-authentication-authorization
+title: Authentication and Authorization
+original_id: authentication-authorization
+---
+
+Liftbridge currently supports authentication via mutual TLS. This allows both
+the client to authenticate the server and the server to authenticate clients
+using certificates.
+
+Liftbridge does not currently support authorization, but ACL-based
+authorization is planned for a future release.
+
+## Authentication
+
+Authentication is currently supported using mutual TLS. There are several
+parameters for TLS configuration on the server side.
+
+```yaml
+tls:
+    key: server-key.pem
+    cert: server-cert.pem
+    client.auth.enabled: true
+    client.auth.ca: ca-cert.pem
+```
+
+`client.auth.enabled` enables client authentication, and `client.auth.ca`
+specifies the path on the server to the client's certificate authority. Refer
+to the `tls` settings in
+[Configuration](./configuration.md#configuration-settings) for more details.
+
+With these configurations set on the server, only authenticated clients can
+open connections to the server. Using `ca-cert.pem`, `client-key.pem` and
+`client-cert.pem`, the client can safely open a connection to a Liftbridge
+server. Example Go code to connect to a Liftbridge server using TLS is shown
+below:
+
+```golang
+certPool := x509.NewCertPool()
+ca, err := ioutil.ReadFile("ca-cert.pem")
+if err != nil {
+	panic(err)
+}
+certPool.AppendCertsFromPEM(ca)
+certificate, err := tls.LoadX509KeyPair("client-cert.pem", "client-key.pem")
+if err != nil {
+	panic(err)
+}
+config := &tls.Config{
+	ServerName:   "localhost",
+	Certificates: []tls.Certificate{certificate},
+	RootCAs:      certPool,
+}
+client, err := lift.Connect([]string{"localhost:9292"}, lift.TLSConfig(config))
+```
+
+## Authorization
+
+Support for authorization is not yet provided. It will be implemented in the future.