merlimat commented on a change in pull request #2981: Allow subscribers to
access subscription admin-api
URL: https://github.com/apache/pulsar/pull/2981#discussion_r233611602
##########
File path:
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
##########
@@ -71,6 +71,18 @@
CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String
role,
AuthenticationDataSource authenticationData, String subscription);
+ /**
+ * Returns authorized roles that can access admin-api for given
subscription
+ *
+ * @param topicName
+ * the fully qualified topic name associated with the topic.
+ * @param subscription
+ * the subscription name defined by the client
+ * @return
+ */
+ CompletableFuture<Set<String>> getAuthorizedRolesOnSubscription(TopicName
topicName,
Review comment:
I don't see admin api permissions as different from "consume" permissions.
If a use has consume access to some topic (on all the subscriptions) than it
can "mess up" some other consumer by attaching to the wrong subscription and
stealing someone else's messages.
It's exactly the same as opening the admin API to all the users who have
consume access on the topic.
To solve that, you can :
1. Grant per-subscription authorization to each user on its subscription
2. Remove the per-namespace consume authorization
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
