Variations for TLS connectivity support in Pulsar Clients

[shasank112001]

So, I noticed something in the way Pulsar Client's are built that has me confused a bit. I see there are a few ways to implement Authentication using TLS, and I would like to know your opinion on which is the best way.

In Java we have the following:

PulsarClient client = PulsarClient.builder()
            .allowTlsInsecureConnection(false)
            .serviceUrl(<SERVICE-URL>)
            .useKeyStoreTls(true)
            .tlsTrustStoreType("JKS")
            .tlsTrustStorePath(<PATH>)
            .tlsTrustStorePassword(***)
            .tlsKeyStoreType("JKS")
            .tlsKeyStorePath(<PATH>)
            .tlsKeyStorePassword(***)
            .build()

But we also have this:

PulsarClient client = PulsarClient.builder()
    .serviceUrl("pulsar+ssl://broker.example.com:6651/")
    .enableTls(true)
    .tlsTrustCertsFilePath("/path/to/ca.cert.pem")
    .authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
                    "tlsCertFile:/path/to/my-role.cert.pem,tlsKeyFile:/path/to/my-role.key-pk8.pem")
    .build();

If we move over to the C# library then we have the following:

var client = PulsarClient.Builder()
                         .AuthenticateUsingClientCertificate(clientCertificate)
                         .Build();
                         

This requires us to not use any Authentication class as was in Method 1 of Java.

However, If we now look at Python:

auth = AuthenticationTLS("/path/to/my-role.cert.pem", "/path/to/my-role.key-pk8.pem")
client = Client("pulsar+ssl://broker.example.com:6651/",
                tls_trust_certs_file_path="/path/to/ca.cert.pem",
                tls_allow_insecure_connection=False,
				authentication=auth)

We have this, with not way of providing TLS information without the use of an Authentication object.

These inconsistencies are a bit confusing, especially as the pulsar docs advertise the different java implementations on the different pages.

Now my bigger concern is as TLS is important, so much so that it is often used as a base layer, while using JWT as Authentication, how does the community see this happening?

In Java, C# and GO this combination is possible because of the TLS fields being available outside of the Authentication Scope, however in Python this is not possible (atleast to my knowledge).