I have a .pem
file containing my private key that I need to pass as an authorization header.
I've tried just using the command $(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem)
but I'm getting the response: <h1>Bad Message 400</h1><pre>reason: Illegal character LF=\n</pre>0
Can I not pass the contents of my .pem
straight into the header?
CLUSTER=standalone
TENANT=sandbox
NAMESPACE=integration_test
AUTHORIZATION=$(cat $REPO_ROOT/pulsar/tls/broker/broker.key.pem)
# Create tenant
curl -L -X PUT "http://localhost:$HOST_PULSAR_PORT/admin/v2/tenants/$TENANT" \
--header "Authorization: Bearer $AUTHORIZATION" \
--header 'Content-Type: application/json' \
--data-raw "{\"allowedClusters\": [\"$CLUSTER\"]}"
CodePudding user response:
The private key needs to be carefully secured. You should never have to pass it in an HTTP header.
For Pulsar you should be using the private key to generate a JWT token to use in the HTTP header. You can use the following command:
bin/pulsar tokens create --private-key file:///path/to/my-private.key \
--subject test-user
The subject of the token should match the authorization role on the Pulsar tenant or namespace. For more details, see https://pulsar.apache.org/docs/en/security-token-admin/
CodePudding user response:
Private keys are never meant to be sent as a header in a web request. Perhaps the public key.
When you try to send this:
Authorization: Bearer $AUTHORIZATION
I suspect you should send a signed JWT token instead?
Also, you try to send a pem file, as application/json, that does not match either. A pem file is typically a multi-line data structure and that needs to be encoded to be able to be sent in a header.