tuteng commented on a change in pull request #5767: Support batch authorization of partitioned topic URL: https://github.com/apache/pulsar/pull/5767#discussion_r352285215
########## File path: pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java ########## @@ -301,13 +295,29 @@ protected void internalGrantPermissionsOnTopic(String role, Set<AuthAction> acti log.warn("[{}] Failed to grant permissions on topic {}: concurrent modification", clientAppId(), topicUri); throw new RestException(Status.CONFLICT, "Concurrent modification"); - } - catch (Exception e) { + } catch (Exception e) { log.error("[{}] Failed to grant permissions for topic {}", clientAppId(), topicUri, e); throw new RestException(e); } } + protected void internalGrantPermissionsOnTopic(String role, Set<AuthAction> actions) { + // This operation should be reading from zookeeper and it should be allowed without having admin privileges + validateAdminAccessForTenant(namespaceName.getTenant()); + validatePoliciesReadOnlyAccess(); + + PartitionedTopicMetadata meta = getPartitionedTopicMetadata(topicName, true, false); Review comment: Before that, we seem to add a version of judgment. I'm not sure whether the partition topic is supported in the v1 version because the v1 version of the domain path has `cluster` attribute, and the v2 version does not have this attribute, So calling function `getPartitionedTopicMetadata` directly will throw an exception. therefore, I think it may need to add a version check here. ``` if (topicName.isV2()) { getPartitionedTopicMetadata(topicName, true, false); // Auth to parititioned topic .... } else { // Non-partitioned topic normal authorization } ``` REST API v1: ``` persistent://tenant/cluster-name/namespace/topic-name ``` REST API ``` persistent://tenant/namespace/topic-name ``` @sijie I'd like to hear your opinion. I don't know whether rest API v1 supports partitioned topic or not. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services