feat(pulsar sink): support tls options

[pomacanthidae]

Summary

This PR adds TLS options to enable Pulsar sinks and sources to use a custom certificate chain regarding #10888.
Integration tests for pulsar with TLS are added and test data in tests/data/ca/intermediate_server including pem files are generated by the following command.

 make ca/intermediate_server/certs/pulsar-chain.cert.pem

Change Type

• Bug fix
• New feature
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

How did you test this PR?

run integration test

make test-integration-pulsar

Does this PR include user facing changes?

• Yes. Please add a changelog fragment based on our guidelines.
• No. A maintainer will apply the "no-changelog" label to this PR.

Checklist

• Please read our Vector contributor resources.
• If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
  run dd-rust-license-tool write to regenerate the license inventory and commit the changes (if any). More details here.

References

• https://pulsar.apache.org/docs/4.0.x/security-tls-transport/
• https://pulsar.apache.org/docs/4.0.x/getting-started-docker-compose/
• https://github.com/streamnative/pulsar-rs/blob/master/src/connection_manager.rs#L72-L86

• Closes: Add TLS support to the Pulsar Sink #10888

[bits-bot]

All committers have signed the CLA.

[jszwedko]

Would it be possible to reuse the existing config struct we use for TLS options:

vector/lib/vector-core/src/tls/settings.rs

Line 87 in 0720345

pub struct TlsConfig {

?

Or does the pulsar client no support all of the same options?

At the least, we should match the option names (e.g. certificate_chain_file should be ca_file to match).

[pomacanthidae]

Thanks for your feedback.
rust client for pulsar only supports some options https://github.com/streamnative/pulsar-rs/blob/master/src/connection_manager.rs#L73
Changed to use the same field names as TlsConfig 66821d8.

[jszwedko]

Nice work on this @pomacanthidae ! I appreciate you updating the integration tests including generating the test certificates. I left a question about the new config option.

[jszwedko]

I think this should be called verify_certificate in order to match the existing options.

[pomacanthidae]

Thanks, fixed in ed01093

[pront]

This looks good to me. Not merging just yet, I would like to give @jszwedko a chance to take another look.

[jszwedko]

A couple of final comments, but otherwise 👍 Thanks for your work on this @pomacanthidae !

[jszwedko]

Suggested change

	Tls options to set custom certificate chain are now available for `pulsar` sink and source.
	The `pulsar` source and sink now support configuration of TLS options via the `tls` configuration field.

Cleaning this up a bit.

[pomacanthidae]

fixed in 85de10c

[jszwedko]

Suggested change

	pub(crate) tls_options: Option<PulsarTlsOptions>,
	pub(crate) tls: Option<PulsarTlsOptions>,

Apologies, missed this one before. We should call this tls to match the other components.

[pomacanthidae]

fixed in 59f0634

[jszwedko]

Thanks @pomacanthidae !

[pomacanthidae]

Oops, fixed the format to pass the test.
Thanks for your reviews!