KannarFr commented on PR #17411: URL: https://github.com/apache/pulsar/pull/17411#issuecomment-1573386775
I sent > Hi, > > CREATE_TOPIC authorization check is not performed when trying to PRODUCE/CONSUME a topic, it has been referenced: https://github.com/apache/pulsar/issues/17406. > > I opened a PR to fix it https://github.com/apache/pulsar/pull/17411, but Michael reported issues about backward compatibility (which is totally correct). Adding support of CREATE_TOPIC authorization as-is will break current authorization system. I noticed that HTTP Admin API verifies the CREATE_TOPIC right when creating topic, so we have inconsistencies between pulsar binary protocol and the HTTP admin API on this. > > Also, the AuthorizationProvider is an interface exposing the CREATE_TOPIC feature for authZ plugins. But it is inconsistent too. > > Michael suggested to fix this interface to support the CREATE_TOPIC check and adapt the pulsar's DefaultAuthzProvider to continue as-is. > > I'd like to know what do you think? > > Thanks, > > Kannar On the ML the 20/04/2023 and still have no answers @michaeljmarshall @nodece. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
