michaeljmarshall commented on PR #17411: URL: https://github.com/apache/pulsar/pull/17411#issuecomment-1514978383
> The HTTP admin API does not comply with this sentence. Fair point. I hadn't considered the pulsar and http endpoints together when writing that generalization. > I agree that this is introducing breaking changes in the permissions system and this is a problem, but there is authZ plugin provider providing this operation check and does not verify it during producer/consumer. Is there another way to achieve this? Perhaps we can introduce an additional check that calls the authorization service and then we'll implement the default PulsarAuthorizationProvider in such a way that there are no breaking changes. I think it might make sense to discuss this inconsistency on the pulsar mailing list. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
