Technoboy- opened a new pull request, #15501: URL: https://github.com/apache/pulsar/pull/15501
Fixes #14191 Master Issue: #14191 ### Motivation As #14191 described, users may get confused about the current permission. First, we only define the below actions in the grant-permission interface: ``` produce,consume,sources,sinks,functions,packages ``` Though we grant all the actions to some roles like below (`myuser` is not admin, only a normal user): ``` $ pulsar-admin namespaces grant-permission public/default --role myuser --actions produce,consume,sources,sinks,functions,packages ``` But when we list topics under a namespace: ``` $ pulsar-admin --admin-url https://dev.pulsar.xyz.com:8081 --auth-plugin "org.apache.pulsar.client.impl.auth.AuthenticationToken" --auth-params "token:<token>" topics list public/default ``` We will get the below error message : ``` HTTP 403 : Unauthorized to validateNamespaceOperation for operation [GET_BUNDLE] on namespace [mytenant/np1] ``` Because when listing topics, we will search all the topics including non-persistent topics which will validate `GET_BUNDLE` operation, but we don't have this `action` in auth action, and it's not good to add to `AuthAction`, for it's duplicate with `NamespaceOperation`. So we'd better map this to `consume` operation to solve the problem. ### Documentation - [x] `no-need-doc` (Please explain why) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
