michaeljmarshall commented on code in PR #18718:
URL: https://github.com/apache/pulsar/pull/18718#discussion_r1038612092
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java:
##########
@@ -161,6 +162,9 @@ public CompletableFuture<Boolean> canConsumeAsync(TopicName
topicName, String ro
@Override
public CompletableFuture<Boolean> canLookupAsync(TopicName topicName,
String role,
AuthenticationDataSource authenticationData) {
+ if (SystemTopicNames.isTransactionCoordinatorAssign(topicName)) {
+ return CompletableFuture.completedFuture(true);
+ }
Review Comment:
I am concerned that this design change could lead to other system topics
getting this kind of special treatment. Ultimately, the fact that the
transaction coordinator topic is needed for all tenants seems like an
anti-pattern in our multi-tenant system. I would prefer to add a new auth
action for lookup so that operators can choose to expose this to individual
tenants.
Additionally, it seems odd to me that we would need to grant a role
permission to lookup a topic without the need to produce or consume from that
topic.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
