michaeljmarshall commented on issue #19771: URL: https://github.com/apache/pulsar/issues/19771#issuecomment-1481804679
> It seems important that the function submitter not be able to escalate their privileges by selecting an arbitrary service account. I feel that the function worker service (e.g. the function mesh) should assign a service account. I would hesistate to automatically create service accounts, because of the complexity of setting up the workload identity. I completely agree. I had asked the question about this above, but it cannot be correct to let the client select the service account. Further, we > may benefit from an authorization plugin that would allow for group-based policies, e.g. based on the `namespace` claim. Yes, I've been thinking that because the tokens have other informative claims, it might make sense to provide a more nuanced way to check authorization with a provider that understands the claims. That cluster example is very interesting, thanks for sharing! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
