SlideShare a Scribd company logo

Building a FaaS with pulsar

StreamNative
StreamNative

At Clever Cloud, we are working on extremely light virtual machines to run WebAssembly binaries. As it’s WASM, we can write code using a lot of languages. We use a custom unikernel to run this WASM as Function-as-a-Service, using one VM per function execution. These VM can run on events from messages coming through Pulsar, or from HTTP invocation, the run is on-demand as only the consumers stay up. This can be a new model: Pulsar functions for real isolation in multi-tenancy use cases. This talk will show the use case, explain the virtualization underneath and demonstrate the multi-tenancy use case.

Internet
1 of 57
Download to read offline
Building a Function as a Service with Pulsar
Alexandre DUVAL @kannarfr IT Engineer @CleverCloud Logs systems Automatic Add-ons migration systems Stuff around Biscuit Pulsar Add-on (alpha through support) PaaS On-Call human (not today :D)
Geoffroy COUPRIE @gcouprie Security Engineer @CleverCloud Sozu HTTP reverse proxy Function as a Service Biscuit authorization tokens Working on the Pulsar Rust client 1.0
Function as a Service
Function as a Service? - Run code on demand 1@gcouprie
Function as a Service? - Run code on demand - Without caring about keeping infrastructure up 1@gcouprie
Function as a Service? - Run code on demand - Without caring about keeping infrastructure up - Or scaling 1@gcouprie
Function as a Service? - Run code on demand - Without caring about keeping infrastructure up - Or scaling - Billed on consumption 1@gcouprie
FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly 2@gcouprie
FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly - That will be compiled to machine code 2@gcouprie
FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly - That will be compiled to machine code - Loaded and executed in ephemeral virtual machines without operating systems 2@gcouprie
FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly - That will be compiled to machine code - Loaded and executed in ephemeral virtual machines without operating systems - That boot on the fly for each request or message on a topic 2@gcouprie
Web Assembly - Good compilation target (supported by various languages) 3@gcouprie
Web Assembly - Good compilation target (supported by various languages) - Designed for sandboxing 3@gcouprie
Web Assembly - Good compilation target (supported by various languages) - Designed for sandboxing - Not limited to browsers! 3@gcouprie
One Virtual Machine per request - Virtual machines are cheap: 1 to 10MB RAM 4@gcouprie
One Virtual Machine per request - Virtual machines are cheap: 1 to 10MB RAM - Fast: boot in 1ms 4@gcouprie
One Virtual Machine per request - Virtual machines are cheap: 1 to 10MB RAM - Fast: boot in 1ms - Great isolation: very limited host API, no hardware emulation 4@gcouprie
Infrastructure based on Pulsar - Compilation service gets compilation requests from a topic 5@gcouprie
Infrastructure based on Pulsar - Compilation service gets compilation requests from a topic - FaaS host gets configuration information (new apps, new code) from a topic 5@gcouprie
Infrastructure based on Pulsar - Compilation service gets compilation requests from a topic - FaaS host gets configuration information (new apps, new code) from a topic - Metrics and logs are sent via another topic 5@gcouprie
Pulsar Functions
Building Pulsar Functions - No need to start one process per function 6@gcouprie
Building Pulsar Functions - No need to start one process per function - The Faas host has 1000s of consumers 6@gcouprie
Building Pulsar Functions - No need to start one process per function - The FaaS host has 1000s of consumers - Starts a function when a message arrives on a topic 6@gcouprie
Multi-Tenancy Challenges - Functions can subscribe to topics from various clients 7@gcouprie
Multi-Tenancy Challenges - Functions can subscribe to topics from various clients - But there’s only one authentication context per connection 7@gcouprie
Multi-Tenancy Challenges - Functions can subscribe to topics from various clients - But there’s only one authentication context per connection - Should we have one TCP connection per consumer? 7@gcouprie
Biscuit
Biscuit New authentication & authorization token Specifications github.com/CleverCloud/biscuit Java Library mvnrepository.com/artifact/com.clever-cloud/biscuit-java Rust Crate crates.io/crates/biscuit-auth 8@kannarfr
Biscuit New authentication & authorization token Powerful authorization rules Based on a Datalog variant facts, rules, caveats 8@kannarfr
Biscuit New authentication & authorization token Powerful authorization rules Decentralized Verification & attenuation are decentralized 8@kannarfr
Biscuit New authentication & authorization token Powerful authorization rules Decentralized Biscuit-Pulsar plugins! Biscuit-Pulsar authorization plugin github.com/CleverCloud/biscuit-pulsar 8@kannarfr
Biscuit Example Applied to Pulsar
- Start from a token with full access to a namespace Attenuation 9@kannarfr
- Start from a token with full access to a namespace - A team needs Pulsar access: reduce access to lookup/produce/consume on a topic name prefix Attenuation 9@kannarfr
- Start from a token with full access to a namespace - A team needs Pulsar access: reduce access to lookup/produce/consume on a topic name prefix - Application specific token: reduce team token to subscribe only, on a fixed topic, with a fixed subscription name Attenuation 9@kannarfr
Authorization life cycle on FaaS
- A function comes with its Biscuit token Authorizing Pulsar Function 10@gcouprie
- A function comes with its Biscuit token - The FaaS host can authorize the token with the same rules as the Biscuit-Pulsar plugin Authorizing Pulsar Function 10@gcouprie
Authorizing Pulsar Function - A function comes with its Biscuit token - The FaaS host can authorize the token with the same rules as the Biscuit-Pulsar plugin - The FaaS host subscribes and produces with only one authentication token, on a reduced number of connections 10@gcouprie
Needs in Pulsar
Biscuit Pulsar Requirements Boolean allowNamespacePolicyOperation(NamespaceName namespaceName, PolicyName policy, PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) {} Issue #5720: fixed. Put granularity in Pulsar’s AuthorizationService 11@kannarfr
Pulsar Needs: wishlist - PIP-51: tenant policy support (and topics) 12@kannarfr
- PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers Pulsar Needs: wishlist 12@kannarfr
- PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers - Topic compaction on the fly Pulsar Needs: wishlist 12@kannarfr
- PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers - Topic compaction on the fly - Pattern implementation as Exchanges, FanOuts, … at broker level Pulsar Needs: wishlist 12@kannarfr
- PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers - Topic compaction on the fly - Pattern implementation as Exchanges, FanOuts, … at broker level - Metrics: enable pulsar to send its metrics itself to as timeseries Pulsar Needs: wishlist 12@kannarfr
clever-cloud.com
Annex 1: Biscuit Example Applied to Pulsar
authority: Block[0] { symbols: [admin] context: facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), // good practice right(#authority, #admin) ] rules: [] caveats: [] } Authority (block 0) Facts are basically data used by verifier.
blocks: [ Block[1] { symbols: [limited_right, topic_operation] context: facts: [] rules: [] caveats: [ *limited_right("tenantTest", "namespaceTest", $2, $3) <- topic_operation(#ambient, "tenantTest", "namespaceTest", $2, $3) ] } ] Attenuated (block 1) $2 is a slot for topic name, $3 for consume, producer & lookup
blocks: [ Block[1] { symbols: [limited_right, topic_operation, namespace_operation] context: facts: [] rules: [] caveats: [ *limited_right("tenantTest", "namespaceTest", $2, $3) <- topic_operation(#ambient, "tenantTest", "namespaceTest", $2, $3) || (OR) *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2) ] } ] Attenuated (block 1) Here $2 is a slot for namespace operation (#offload_write)
Verifier built from Biscuit token facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), right(#authority, #admin) ], rules: [], caveats: [ *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2) // || topic_operation query which is unused here is the final example. ] Verifier facts, rules, caveats are computed from biscuit token.
Verifier add contextual facts facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), right(#authority, #admin), namespace(#ambient, "tenantTest", "namespaceTest") namespace_operation(#ambient, "tenantTest", "namespaceTest", #offload_write) ], rules: [], caveats: [ *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2) // || topic_operation query which is unused here is the final example. ] Then authorization check adds its context.
Verifier add rules & caveats facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), right(#authority, #admin), namespace(#ambient, "tenantTest", "namespaceTest"), namespace_operation(#ambient, "tenantTest", "namespaceTest", #offload_write) ], rules: [ *right(#authority, $0, $1, $2) <- right(#authority, #admin), namespace_operation(#ambient, $0, $1, $2) @ $2 in [offload_write, ...] ], caveats: [ *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2), // || topic_operation query which is unused here is the final example. *authorized() <- (#authority, $0, $1, $2), namespace_operation(#ambient, $0, $1, $2) @ $2 in [offload_write, ...] ]
Verify life cycle - Add biscuit token facts & verifier’s facts (ambient ones) - Add rules from biscuit and verifier - Generate all the facts - Ensure that token and verifier’s caveats pass and authorize

Recommended

Transaction preview of Apache Pulsar
Transaction preview of Apache PulsarTransaction preview of Apache Pulsar
Transaction preview of Apache PulsarStreamNative
 
Pulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin Bost
Pulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin BostPulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin Bost
Pulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin BostStreamNative
 
Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)StreamNative
 
Pulsarctl & Pulsar Manager
Pulsarctl & Pulsar ManagerPulsarctl & Pulsar Manager
Pulsarctl & Pulsar ManagerStreamNative
 
Query Pulsar Streams using Apache Flink
Query Pulsar Streams using Apache FlinkQuery Pulsar Streams using Apache Flink
Query Pulsar Streams using Apache FlinkStreamNative
 
Open keynote_carolyn&matteo&sijie
Open keynote_carolyn&matteo&sijieOpen keynote_carolyn&matteo&sijie
Open keynote_carolyn&matteo&sijieStreamNative
 
Integrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemIntegrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemStreamNative
 
Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...
Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...
Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...StreamNative
 

Recommended

Transaction preview of Apache Pulsar
Transaction preview of Apache PulsarTransaction preview of Apache Pulsar
Transaction preview of Apache PulsarStreamNative
 
Pulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin Bost
Pulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin BostPulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin Bost
Pulsar Architectural Patterns for CI/CD Automation and Self-Service_Devin BostStreamNative
 
Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)Lessons from managing a Pulsar cluster (Nutanix)
Lessons from managing a Pulsar cluster (Nutanix)StreamNative
 
Pulsarctl & Pulsar Manager
Pulsarctl & Pulsar ManagerPulsarctl & Pulsar Manager
Pulsarctl & Pulsar ManagerStreamNative
 
Query Pulsar Streams using Apache Flink
Query Pulsar Streams using Apache FlinkQuery Pulsar Streams using Apache Flink
Query Pulsar Streams using Apache FlinkStreamNative
 
Open keynote_carolyn&matteo&sijie
Open keynote_carolyn&matteo&sijieOpen keynote_carolyn&matteo&sijie
Open keynote_carolyn&matteo&sijieStreamNative
 
Integrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemIntegrating Apache Pulsar with Big Data Ecosystem
Integrating Apache Pulsar with Big Data EcosystemStreamNative
 
Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...
Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...
Exactly-Once Made Easy: Transactional Messaging in Apache Pulsar - Pulsar Sum...StreamNative
 
Getting Pulsar Spinning_Addison Higham
Getting Pulsar Spinning_Addison HighamGetting Pulsar Spinning_Addison Higham
Getting Pulsar Spinning_Addison HighamStreamNative
 
Apache Pulsar at Yahoo! Japan
Apache Pulsar at Yahoo! JapanApache Pulsar at Yahoo! Japan
Apache Pulsar at Yahoo! JapanStreamNative
 
Scaling customer engagement with apache pulsar
Scaling customer engagement with apache pulsarScaling customer engagement with apache pulsar
Scaling customer engagement with apache pulsarStreamNative
 
Pulsar Functions Deep Dive_Sanjeev kulkarni
Pulsar Functions Deep Dive_Sanjeev kulkarniPulsar Functions Deep Dive_Sanjeev kulkarni
Pulsar Functions Deep Dive_Sanjeev kulkarniStreamNative
 
Stream-Native Processing with Pulsar Functions
Stream-Native Processing with Pulsar FunctionsStream-Native Processing with Pulsar Functions
Stream-Native Processing with Pulsar FunctionsStreamlio
 
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...StreamNative
 
Apache Bookkeeper and Apache Zookeeper for Apache Pulsar
Apache Bookkeeper and Apache Zookeeper for Apache PulsarApache Bookkeeper and Apache Zookeeper for Apache Pulsar
Apache Bookkeeper and Apache Zookeeper for Apache PulsarEnrico Olivelli
 
Serverless Event Streaming with Pulsar Functions
Serverless Event Streaming with Pulsar FunctionsServerless Event Streaming with Pulsar Functions
Serverless Event Streaming with Pulsar FunctionsStreamNative
 
Kafka on Pulsar
Kafka on Pulsar Kafka on Pulsar
Kafka on Pulsar StreamNative
 
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...StreamNative
 
Introduction Apache Kafka
Introduction Apache KafkaIntroduction Apache Kafka
Introduction Apache KafkaJoe Stein
 
Interactive querying of streams using Apache Pulsar_Jerry peng
Interactive querying of streams using Apache Pulsar_Jerry pengInteractive querying of streams using Apache Pulsar_Jerry peng
Interactive querying of streams using Apache Pulsar_Jerry pengStreamNative
 
Strata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStrata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStreamlio
 
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021StreamNative
 
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre ZembBuilding a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre ZembStreamNative
 
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&Pierre
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&PierreKafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&Pierre
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&PierreStreamNative
 
A Unified Platform for Real-time Storage and Processing
A Unified Platform for Real-time Storage and ProcessingA Unified Platform for Real-time Storage and Processing
A Unified Platform for Real-time Storage and ProcessingStreamNative
 
Large scale log pipeline using Apache Pulsar_Nozomi
Large scale log pipeline using Apache Pulsar_NozomiLarge scale log pipeline using Apache Pulsar_Nozomi
Large scale log pipeline using Apache Pulsar_NozomiStreamNative
 
Kafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internalsKafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internalsAyyappadas Ravindran (Appu)
 
How Orange Financial combat financial frauds over 50M transactions a day usin...
How Orange Financial combat financial frauds over 50M transactions a day usin...How Orange Financial combat financial frauds over 50M transactions a day usin...
How Orange Financial combat financial frauds over 50M transactions a day usin...JinfengHuang3
 
Introducing Gridiron Security and Compliance Management Platform and Enclave ...
Introducing Gridiron Security and Compliance Management Platform and Enclave ...Introducing Gridiron Security and Compliance Management Platform and Enclave ...
Introducing Gridiron Security and Compliance Management Platform and Enclave ...Aptible
 
Extending Piwik At R7.com
Extending Piwik At R7.comExtending Piwik At R7.com
Extending Piwik At R7.comLeo Lorieri
 

More Related Content

What's hot

Getting Pulsar Spinning_Addison Higham
Getting Pulsar Spinning_Addison HighamGetting Pulsar Spinning_Addison Higham
Getting Pulsar Spinning_Addison HighamStreamNative
 
Apache Pulsar at Yahoo! Japan
Apache Pulsar at Yahoo! JapanApache Pulsar at Yahoo! Japan
Apache Pulsar at Yahoo! JapanStreamNative
 
Scaling customer engagement with apache pulsar
Scaling customer engagement with apache pulsarScaling customer engagement with apache pulsar
Scaling customer engagement with apache pulsarStreamNative
 
Pulsar Functions Deep Dive_Sanjeev kulkarni
Pulsar Functions Deep Dive_Sanjeev kulkarniPulsar Functions Deep Dive_Sanjeev kulkarni
Pulsar Functions Deep Dive_Sanjeev kulkarniStreamNative
 
Stream-Native Processing with Pulsar Functions
Stream-Native Processing with Pulsar FunctionsStream-Native Processing with Pulsar Functions
Stream-Native Processing with Pulsar FunctionsStreamlio
 
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...StreamNative
 
Apache Bookkeeper and Apache Zookeeper for Apache Pulsar
Apache Bookkeeper and Apache Zookeeper for Apache PulsarApache Bookkeeper and Apache Zookeeper for Apache Pulsar
Apache Bookkeeper and Apache Zookeeper for Apache PulsarEnrico Olivelli
 
Serverless Event Streaming with Pulsar Functions
Serverless Event Streaming with Pulsar FunctionsServerless Event Streaming with Pulsar Functions
Serverless Event Streaming with Pulsar FunctionsStreamNative
 
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...StreamNative
 
Introduction Apache Kafka
Introduction Apache KafkaIntroduction Apache Kafka
Introduction Apache KafkaJoe Stein
 
Interactive querying of streams using Apache Pulsar_Jerry peng
Interactive querying of streams using Apache Pulsar_Jerry pengInteractive querying of streams using Apache Pulsar_Jerry peng
Interactive querying of streams using Apache Pulsar_Jerry pengStreamNative
 
Strata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStrata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStreamlio
 
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021StreamNative
 
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre ZembBuilding a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre ZembStreamNative
 
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&Pierre
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&PierreKafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&Pierre
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&PierreStreamNative
 
A Unified Platform for Real-time Storage and Processing
A Unified Platform for Real-time Storage and ProcessingA Unified Platform for Real-time Storage and Processing
A Unified Platform for Real-time Storage and ProcessingStreamNative
 
Large scale log pipeline using Apache Pulsar_Nozomi
Large scale log pipeline using Apache Pulsar_NozomiLarge scale log pipeline using Apache Pulsar_Nozomi
Large scale log pipeline using Apache Pulsar_NozomiStreamNative
 
How Orange Financial combat financial frauds over 50M transactions a day usin...
How Orange Financial combat financial frauds over 50M transactions a day usin...How Orange Financial combat financial frauds over 50M transactions a day usin...
How Orange Financial combat financial frauds over 50M transactions a day usin...JinfengHuang3
 

What's hot (20)

Getting Pulsar Spinning_Addison Higham
Getting Pulsar Spinning_Addison HighamGetting Pulsar Spinning_Addison Higham
Getting Pulsar Spinning_Addison Higham
 
Apache Pulsar at Yahoo! Japan
Apache Pulsar at Yahoo! JapanApache Pulsar at Yahoo! Japan
Apache Pulsar at Yahoo! Japan
 
Scaling customer engagement with apache pulsar
Scaling customer engagement with apache pulsarScaling customer engagement with apache pulsar
Scaling customer engagement with apache pulsar
 
Pulsar Functions Deep Dive_Sanjeev kulkarni
Pulsar Functions Deep Dive_Sanjeev kulkarniPulsar Functions Deep Dive_Sanjeev kulkarni
Pulsar Functions Deep Dive_Sanjeev kulkarni
 
Stream-Native Processing with Pulsar Functions
Stream-Native Processing with Pulsar FunctionsStream-Native Processing with Pulsar Functions
Stream-Native Processing with Pulsar Functions
 
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...
Introducing Kafka-on-Pulsar: bring native Kafka protocol support to Apache Pu...
 
Apache Bookkeeper and Apache Zookeeper for Apache Pulsar
Apache Bookkeeper and Apache Zookeeper for Apache PulsarApache Bookkeeper and Apache Zookeeper for Apache Pulsar
Apache Bookkeeper and Apache Zookeeper for Apache Pulsar
 
Serverless Event Streaming with Pulsar Functions
Serverless Event Streaming with Pulsar FunctionsServerless Event Streaming with Pulsar Functions
Serverless Event Streaming with Pulsar Functions
 
Kafka on Pulsar
Kafka on Pulsar Kafka on Pulsar
Kafka on Pulsar
 
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
Introducing HerdDB - a distributed JVM embeddable database built upon Apache ...
 
Introduction Apache Kafka
Introduction Apache KafkaIntroduction Apache Kafka
Introduction Apache Kafka
 
Interactive querying of streams using Apache Pulsar_Jerry peng
Interactive querying of streams using Apache Pulsar_Jerry pengInteractive querying of streams using Apache Pulsar_Jerry peng
Interactive querying of streams using Apache Pulsar_Jerry peng
 
Strata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache PulsarStrata London 2018: Multi-everything with Apache Pulsar
Strata London 2018: Multi-everything with Apache Pulsar
 
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021
No Surprises Geo Replication - Pulsar Virtual Summit Europe 2021
 
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre ZembBuilding a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
Building a Messaging Solutions for OVHcloud with Apache Pulsar_Pierre Zemb
 
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&Pierre
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&PierreKafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&Pierre
Kafka on Pulsar:bringing native Kafka protocol support to Pulsar_Sijie&Pierre
 
A Unified Platform for Real-time Storage and Processing
A Unified Platform for Real-time Storage and ProcessingA Unified Platform for Real-time Storage and Processing
A Unified Platform for Real-time Storage and Processing
 
Large scale log pipeline using Apache Pulsar_Nozomi
Large scale log pipeline using Apache Pulsar_NozomiLarge scale log pipeline using Apache Pulsar_Nozomi
Large scale log pipeline using Apache Pulsar_Nozomi
 
Kafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internalsKafka blr-meetup-presentation - Kafka internals
Kafka blr-meetup-presentation - Kafka internals
 
How Orange Financial combat financial frauds over 50M transactions a day usin...
How Orange Financial combat financial frauds over 50M transactions a day usin...How Orange Financial combat financial frauds over 50M transactions a day usin...
How Orange Financial combat financial frauds over 50M transactions a day usin...
 

Similar to Building a FaaS with pulsar

Introducing Gridiron Security and Compliance Management Platform and Enclave ...
Introducing Gridiron Security and Compliance Management Platform and Enclave ...Introducing Gridiron Security and Compliance Management Platform and Enclave ...
Introducing Gridiron Security and Compliance Management Platform and Enclave ...Aptible
 
Extending Piwik At R7.com
Extending Piwik At R7.comExtending Piwik At R7.com
Extending Piwik At R7.comLeo Lorieri
 
Azure Functions @ global azure day 2017
Azure Functions @ global azure day 2017Azure Functions @ global azure day 2017
Azure Functions @ global azure day 2017Sean Feldman
 
10 Lessons Learned from using Kafka in 1000 microservices - ScalaUA
10 Lessons Learned from using Kafka in 1000 microservices - ScalaUA10 Lessons Learned from using Kafka in 1000 microservices - ScalaUA
10 Lessons Learned from using Kafka in 1000 microservices - ScalaUANatan Silnitsky
 
Puppet Camp Tokyo 2014: Keynote
Puppet Camp Tokyo 2014: KeynotePuppet Camp Tokyo 2014: Keynote
Puppet Camp Tokyo 2014: KeynotePuppet
 
Juniper Network Automation for KrDAG
Juniper Network Automation for KrDAGJuniper Network Automation for KrDAG
Juniper Network Automation for KrDAGKwonSun Bae
 
10 Lessons Learned from using Kafka with 1000 microservices - java global summit
10 Lessons Learned from using Kafka with 1000 microservices - java global summit10 Lessons Learned from using Kafka with 1000 microservices - java global summit
10 Lessons Learned from using Kafka with 1000 microservices - java global summitNatan Silnitsky
 
What is serveless?
What is serveless? What is serveless?
What is serveless? Provectus
 
OSDN: Serverless technologies with Kubernetes
OSDN: Serverless technologies with Kubernetes OSDN: Serverless technologies with Kubernetes
OSDN: Serverless technologies with Kubernetes Provectus
 
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...VMworld
 
Tuning Apache Ambari performance for Big Data at scale with 3000 agents
Tuning Apache Ambari performance for Big Data at scale with 3000 agentsTuning Apache Ambari performance for Big Data at scale with 3000 agents
Tuning Apache Ambari performance for Big Data at scale with 3000 agentsDataWorks Summit
 
Tuning Apache Ambari Performance for Big Data at Scale with 3,000 Agents
Tuning Apache Ambari Performance for Big Data at Scale with 3,000 AgentsTuning Apache Ambari Performance for Big Data at Scale with 3,000 Agents
Tuning Apache Ambari Performance for Big Data at Scale with 3,000 AgentsAlejandro Fernandez
 
Monitoring and tuning your chef server - chef conf talk
Monitoring and tuning your chef server - chef conf talk Monitoring and tuning your chef server - chef conf talk
Monitoring and tuning your chef server - chef conf talk Andrew DuFour
 
Taking devops to the Next Level - Max Martin
Taking devops to the Next Level - Max MartinTaking devops to the Next Level - Max Martin
Taking devops to the Next Level - Max MartinDevopsdays
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesAidan Venn MSc
 
Decoupling Decisions with Apache Kafka
Decoupling Decisions with Apache KafkaDecoupling Decisions with Apache Kafka
Decoupling Decisions with Apache KafkaGrant Henke
 

Similar to Building a FaaS with pulsar (20)

Introducing Gridiron Security and Compliance Management Platform and Enclave ...
Introducing Gridiron Security and Compliance Management Platform and Enclave ...Introducing Gridiron Security and Compliance Management Platform and Enclave ...
Introducing Gridiron Security and Compliance Management Platform and Enclave ...
 
Extending Piwik At R7.com
Extending Piwik At R7.comExtending Piwik At R7.com
Extending Piwik At R7.com
 
Azure Functions @ global azure day 2017
Azure Functions @ global azure day 2017Azure Functions @ global azure day 2017
Azure Functions @ global azure day 2017
 
10 Lessons Learned from using Kafka in 1000 microservices - ScalaUA
10 Lessons Learned from using Kafka in 1000 microservices - ScalaUA10 Lessons Learned from using Kafka in 1000 microservices - ScalaUA
10 Lessons Learned from using Kafka in 1000 microservices - ScalaUA
 
Puppet Camp Tokyo 2014: Keynote
Puppet Camp Tokyo 2014: KeynotePuppet Camp Tokyo 2014: Keynote
Puppet Camp Tokyo 2014: Keynote
 
Juniper Network Automation for KrDAG
Juniper Network Automation for KrDAGJuniper Network Automation for KrDAG
Juniper Network Automation for KrDAG
 
10 Lessons Learned from using Kafka with 1000 microservices - java global summit
10 Lessons Learned from using Kafka with 1000 microservices - java global summit10 Lessons Learned from using Kafka with 1000 microservices - java global summit
10 Lessons Learned from using Kafka with 1000 microservices - java global summit
 
Automation Suite PPT (2).pptx
Automation Suite PPT (2).pptxAutomation Suite PPT (2).pptx
Automation Suite PPT (2).pptx
 
What is serveless?
What is serveless? What is serveless?
What is serveless?
 
OSDN: Serverless technologies with Kubernetes
OSDN: Serverless technologies with Kubernetes OSDN: Serverless technologies with Kubernetes
OSDN: Serverless technologies with Kubernetes
 
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
VMworld 2013: Deploying vSphere with OpenStack: What It Means to Your Cloud E...
 
Shareplex Presentation
Shareplex PresentationShareplex Presentation
Shareplex Presentation
 
Tuning Apache Ambari performance for Big Data at scale with 3000 agents
Tuning Apache Ambari performance for Big Data at scale with 3000 agentsTuning Apache Ambari performance for Big Data at scale with 3000 agents
Tuning Apache Ambari performance for Big Data at scale with 3000 agents
 
Tuning Apache Ambari Performance for Big Data at Scale with 3,000 Agents
Tuning Apache Ambari Performance for Big Data at Scale with 3,000 AgentsTuning Apache Ambari Performance for Big Data at Scale with 3,000 Agents
Tuning Apache Ambari Performance for Big Data at Scale with 3,000 Agents
 
Final terraform
Final terraformFinal terraform
Final terraform
 
Monitoring and tuning your chef server - chef conf talk
Monitoring and tuning your chef server - chef conf talk Monitoring and tuning your chef server - chef conf talk
Monitoring and tuning your chef server - chef conf talk
 
Taking devops to the Next Level - Max Martin
Taking devops to the Next Level - Max MartinTaking devops to the Next Level - Max Martin
Taking devops to the Next Level - Max Martin
 
Wireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devicesWireless Developing Wireless Monitoring and Control devices
Wireless Developing Wireless Monitoring and Control devices
 
clara-rules
clara-rulesclara-rules
clara-rules
 
Decoupling Decisions with Apache Kafka
Decoupling Decisions with Apache KafkaDecoupling Decisions with Apache Kafka
Decoupling Decisions with Apache Kafka
 

More from StreamNative

Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022
Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022
Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022StreamNative
 
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...StreamNative
 
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...StreamNative
 
Distributed Database Design Decisions to Support High Performance Event Strea...
Distributed Database Design Decisions to Support High Performance Event Strea...Distributed Database Design Decisions to Support High Performance Event Strea...
Distributed Database Design Decisions to Support High Performance Event Strea...StreamNative
 
Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022
Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022
Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022StreamNative
 
Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022
Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022
Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022StreamNative
 
Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...
Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...
Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...StreamNative
 
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...StreamNative
 
Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022
Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022
Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022StreamNative
 
Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...
Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...
Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...StreamNative
 
Understanding Broker Load Balancing - Pulsar Summit SF 2022
Understanding Broker Load Balancing - Pulsar Summit SF 2022Understanding Broker Load Balancing - Pulsar Summit SF 2022
Understanding Broker Load Balancing - Pulsar Summit SF 2022StreamNative
 
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...StreamNative
 
Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022
Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022
Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022StreamNative
 
Event-Driven Applications Done Right - Pulsar Summit SF 2022
Event-Driven Applications Done Right - Pulsar Summit SF 2022Event-Driven Applications Done Right - Pulsar Summit SF 2022
Event-Driven Applications Done Right - Pulsar Summit SF 2022StreamNative
 
Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022
Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022
Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022StreamNative
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022StreamNative
 
Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022
Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022
Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022StreamNative
 
Welcome and Opening Remarks - Pulsar Summit SF 2022
Welcome and Opening Remarks - Pulsar Summit SF 2022Welcome and Opening Remarks - Pulsar Summit SF 2022
Welcome and Opening Remarks - Pulsar Summit SF 2022StreamNative
 
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...StreamNative
 
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...StreamNative
 

More from StreamNative (20)

Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022
Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022
Is Using KoP (Kafka-on-Pulsar) a Good Idea? - Pulsar Summit SF 2022
 
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
 
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
Blue-green deploys with Pulsar & Envoy in an event-driven microservice ecosys...
 
Distributed Database Design Decisions to Support High Performance Event Strea...
Distributed Database Design Decisions to Support High Performance Event Strea...Distributed Database Design Decisions to Support High Performance Event Strea...
Distributed Database Design Decisions to Support High Performance Event Strea...
 
Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022
Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022
Simplify Pulsar Functions Development with SQL - Pulsar Summit SF 2022
 
Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022
Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022
Towards a ZooKeeper-less Pulsar, etcd, etcd, etcd. - Pulsar Summit SF 2022
 
Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...
Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...
Validating Apache Pulsar’s Behavior under Failure Conditions - Pulsar Summit ...
 
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
Cross the Streams! Creating Streaming Data Pipelines with Apache Flink + Apac...
 
Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022
Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022
Message Redelivery: An Unexpected Journey - Pulsar Summit SF 2022
 
Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...
Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...
Unlocking the Power of Lakehouse Architectures with Apache Pulsar and Apache ...
 
Understanding Broker Load Balancing - Pulsar Summit SF 2022
Understanding Broker Load Balancing - Pulsar Summit SF 2022Understanding Broker Load Balancing - Pulsar Summit SF 2022
Understanding Broker Load Balancing - Pulsar Summit SF 2022
 
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
Building an Asynchronous Application Framework with Python and Pulsar - Pulsa...
 
Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022
Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022
Pulsar's Journey in Yahoo!: On-prem, Cloud and Hybrid - Pulsar Summit SF 2022
 
Event-Driven Applications Done Right - Pulsar Summit SF 2022
Event-Driven Applications Done Right - Pulsar Summit SF 2022Event-Driven Applications Done Right - Pulsar Summit SF 2022
Event-Driven Applications Done Right - Pulsar Summit SF 2022
 
Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022
Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022
Pulsar @ Scale. 200M RPM and 1K instances - Pulsar Summit SF 2022
 
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
Data Democracy: Journey to User-Facing Analytics - Pulsar Summit SF 2022
 
Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022
Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022
Beam + Pulsar: Powerful Stream Processing at Scale - Pulsar Summit SF 2022
 
Welcome and Opening Remarks - Pulsar Summit SF 2022
Welcome and Opening Remarks - Pulsar Summit SF 2022Welcome and Opening Remarks - Pulsar Summit SF 2022
Welcome and Opening Remarks - Pulsar Summit SF 2022
 
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
 
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
 

Recently uploaded

Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 

Recently uploaded (20)

Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 

Building a FaaS with pulsar

  • 1. Building a Function as a Service with Pulsar
  • 2. Alexandre DUVAL @kannarfr IT Engineer @CleverCloud Logs systems Automatic Add-ons migration systems Stuff around Biscuit Pulsar Add-on (alpha through support) PaaS On-Call human (not today :D)
  • 3. Geoffroy COUPRIE @gcouprie Security Engineer @CleverCloud Sozu HTTP reverse proxy Function as a Service Biscuit authorization tokens Working on the Pulsar Rust client 1.0
  • 4. Function as a Service
  • 5. Function as a Service? - Run code on demand 1@gcouprie
  • 6. Function as a Service? - Run code on demand - Without caring about keeping infrastructure up 1@gcouprie
  • 7. Function as a Service? - Run code on demand - Without caring about keeping infrastructure up - Or scaling 1@gcouprie
  • 8. Function as a Service? - Run code on demand - Without caring about keeping infrastructure up - Or scaling - Billed on consumption 1@gcouprie
  • 9. FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly 2@gcouprie
  • 10. FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly - That will be compiled to machine code 2@gcouprie
  • 11. FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly - That will be compiled to machine code - Loaded and executed in ephemeral virtual machines without operating systems 2@gcouprie
  • 12. FaaS by Clever Cloud - Build your functions in a language that can generate Web Assembly - That will be compiled to machine code - Loaded and executed in ephemeral virtual machines without operating systems - That boot on the fly for each request or message on a topic 2@gcouprie
  • 13. Web Assembly - Good compilation target (supported by various languages) 3@gcouprie
  • 14. Web Assembly - Good compilation target (supported by various languages) - Designed for sandboxing 3@gcouprie
  • 15. Web Assembly - Good compilation target (supported by various languages) - Designed for sandboxing - Not limited to browsers! 3@gcouprie
  • 16. One Virtual Machine per request - Virtual machines are cheap: 1 to 10MB RAM 4@gcouprie
  • 17. One Virtual Machine per request - Virtual machines are cheap: 1 to 10MB RAM - Fast: boot in 1ms 4@gcouprie
  • 18. One Virtual Machine per request - Virtual machines are cheap: 1 to 10MB RAM - Fast: boot in 1ms - Great isolation: very limited host API, no hardware emulation 4@gcouprie
  • 19. Infrastructure based on Pulsar - Compilation service gets compilation requests from a topic 5@gcouprie
  • 20. Infrastructure based on Pulsar - Compilation service gets compilation requests from a topic - FaaS host gets configuration information (new apps, new code) from a topic 5@gcouprie
  • 21. Infrastructure based on Pulsar - Compilation service gets compilation requests from a topic - FaaS host gets configuration information (new apps, new code) from a topic - Metrics and logs are sent via another topic 5@gcouprie
  • 23. Building Pulsar Functions - No need to start one process per function 6@gcouprie
  • 24. Building Pulsar Functions - No need to start one process per function - The Faas host has 1000s of consumers 6@gcouprie
  • 25. Building Pulsar Functions - No need to start one process per function - The FaaS host has 1000s of consumers - Starts a function when a message arrives on a topic 6@gcouprie
  • 26. Multi-Tenancy Challenges - Functions can subscribe to topics from various clients 7@gcouprie
  • 27. Multi-Tenancy Challenges - Functions can subscribe to topics from various clients - But there’s only one authentication context per connection 7@gcouprie
  • 28. Multi-Tenancy Challenges - Functions can subscribe to topics from various clients - But there’s only one authentication context per connection - Should we have one TCP connection per consumer? 7@gcouprie
  • 30. Biscuit New authentication & authorization token Specifications github.com/CleverCloud/biscuit Java Library mvnrepository.com/artifact/com.clever-cloud/biscuit-java Rust Crate crates.io/crates/biscuit-auth 8@kannarfr
  • 31. Biscuit New authentication & authorization token Powerful authorization rules Based on a Datalog variant facts, rules, caveats 8@kannarfr
  • 32. Biscuit New authentication & authorization token Powerful authorization rules Decentralized Verification & attenuation are decentralized 8@kannarfr
  • 33. Biscuit New authentication & authorization token Powerful authorization rules Decentralized Biscuit-Pulsar plugins! Biscuit-Pulsar authorization plugin github.com/CleverCloud/biscuit-pulsar 8@kannarfr
  • 35. - Start from a token with full access to a namespace Attenuation 9@kannarfr
  • 36. - Start from a token with full access to a namespace - A team needs Pulsar access: reduce access to lookup/produce/consume on a topic name prefix Attenuation 9@kannarfr
  • 37. - Start from a token with full access to a namespace - A team needs Pulsar access: reduce access to lookup/produce/consume on a topic name prefix - Application specific token: reduce team token to subscribe only, on a fixed topic, with a fixed subscription name Attenuation 9@kannarfr
  • 39. - A function comes with its Biscuit token Authorizing Pulsar Function 10@gcouprie
  • 40. - A function comes with its Biscuit token - The FaaS host can authorize the token with the same rules as the Biscuit-Pulsar plugin Authorizing Pulsar Function 10@gcouprie
  • 41. Authorizing Pulsar Function - A function comes with its Biscuit token - The FaaS host can authorize the token with the same rules as the Biscuit-Pulsar plugin - The FaaS host subscribes and produces with only one authentication token, on a reduced number of connections 10@gcouprie
  • 43. Biscuit Pulsar Requirements Boolean allowNamespacePolicyOperation(NamespaceName namespaceName, PolicyName policy, PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) {} Issue #5720: fixed. Put granularity in Pulsar’s AuthorizationService 11@kannarfr
  • 44. Pulsar Needs: wishlist - PIP-51: tenant policy support (and topics) 12@kannarfr
  • 45. - PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers Pulsar Needs: wishlist 12@kannarfr
  • 46. - PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers - Topic compaction on the fly Pulsar Needs: wishlist 12@kannarfr
  • 47. - PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers - Topic compaction on the fly - Pattern implementation as Exchanges, FanOuts, … at broker level Pulsar Needs: wishlist 12@kannarfr
  • 48. - PIP-51: tenant policy support (and topics) - Pulsar Proxy for protocols handlers - Topic compaction on the fly - Pattern implementation as Exchanges, FanOuts, … at broker level - Metrics: enable pulsar to send its metrics itself to as timeseries Pulsar Needs: wishlist 12@kannarfr
  • 50. Annex 1: Biscuit Example Applied to Pulsar
  • 51. authority: Block[0] { symbols: [admin] context: facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), // good practice right(#authority, #admin) ] rules: [] caveats: [] } Authority (block 0) Facts are basically data used by verifier.
  • 52. blocks: [ Block[1] { symbols: [limited_right, topic_operation] context: facts: [] rules: [] caveats: [ *limited_right("tenantTest", "namespaceTest", $2, $3) <- topic_operation(#ambient, "tenantTest", "namespaceTest", $2, $3) ] } ] Attenuated (block 1) $2 is a slot for topic name, $3 for consume, producer & lookup
  • 53. blocks: [ Block[1] { symbols: [limited_right, topic_operation, namespace_operation] context: facts: [] rules: [] caveats: [ *limited_right("tenantTest", "namespaceTest", $2, $3) <- topic_operation(#ambient, "tenantTest", "namespaceTest", $2, $3) || (OR) *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2) ] } ] Attenuated (block 1) Here $2 is a slot for namespace operation (#offload_write)
  • 54. Verifier built from Biscuit token facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), right(#authority, #admin) ], rules: [], caveats: [ *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2) // || topic_operation query which is unused here is the final example. ] Verifier facts, rules, caveats are computed from biscuit token.
  • 55. Verifier add contextual facts facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), right(#authority, #admin), namespace(#ambient, "tenantTest", "namespaceTest") namespace_operation(#ambient, "tenantTest", "namespaceTest", #offload_write) ], rules: [], caveats: [ *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2) // || topic_operation query which is unused here is the final example. ] Then authorization check adds its context.
  • 56. Verifier add rules & caveats facts: [ revocation_id("af136428-b9c3-4360-8535-3a147ce80d99"), right(#authority, #admin), namespace(#ambient, "tenantTest", "namespaceTest"), namespace_operation(#ambient, "tenantTest", "namespaceTest", #offload_write) ], rules: [ *right(#authority, $0, $1, $2) <- right(#authority, #admin), namespace_operation(#ambient, $0, $1, $2) @ $2 in [offload_write, ...] ], caveats: [ *limited_right("tenantTest", "namespaceTest", $2) <- namespace_operation(#ambient, "tenantTest", "namespaceTest", $2), // || topic_operation query which is unused here is the final example. *authorized() <- (#authority, $0, $1, $2), namespace_operation(#ambient, $0, $1, $2) @ $2 in [offload_write, ...] ]
  • 57. Verify life cycle - Add biscuit token facts & verifier’s facts (ambient ones) - Add rules from biscuit and verifier - Generate all the facts - Ensure that token and verifier’s caveats pass and authorize