rdhabalia commented on a change in pull request #2981: Allow subscribers to
access subscription admin-api
URL: https://github.com/apache/pulsar/pull/2981#discussion_r233572628
##########
File path:
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
##########
@@ -71,6 +71,18 @@
CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String
role,
AuthenticationDataSource authenticationData, String subscription);
+ /**
+ * Returns authorized roles that can access admin-api for given
subscription
+ *
+ * @param topicName
+ * the fully qualified topic name associated with the topic.
+ * @param subscription
+ * the subscription name defined by the client
+ * @return
+ */
+ CompletableFuture<Set<String>> getAuthorizedRolesOnSubscription(TopicName
topicName,
Review comment:
Actually, broker stores authorization metadata by calling
AuthorizationServiceProvider::grantPermission(). and right now, broker is
having default ZK-AuthorizationProvider which stores metadata into same
global-ZK under policies so, if we want to retrieve then we can see it in
policies.
However, if one implements different provider which stores this metadata
somewhere else then broker will not have the way to get authorization metadata
and user will not be able to see stored authorization-roles.
So, I added API by considering that we can utilize this API later to fetch
auth metadata from Authorization provider. As this interface can be implemented
by user, ideally we should not try to break so, I tried to keep it generic
enough (though I am breaking the interface by adding new API but it seems it
might be fine right now).
Does it make sense? or we still want to change api to
`isAuthorizedOnSubscription(..)` instead `getAuthorizedRolesOnSubscription(..)`?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
