sijie commented on issue #6428: [Issue 5720][authorization provider] (WIP) Add more granularity URL: https://github.com/apache/pulsar/pull/6428#issuecomment-592996876 @KannarFr Thank you for your contribution! I think we should have a clear interface about resources and verbs. I feel that you are mixing resources with verbs and generating a lot of "unneeded" operations. For example, each policy rule in a namespace policy should be treated as a resource. The operations to a given policy rule are `write` and `read`. So when you introduce a new policy rule, you don't need to introduce a new verb. Also, I don't think enum is a good way to allow extensibility. I think we can use a `string` for representing different policy rules within a namespace policy. Kubernetes' API machinery provides a good example of this. --- @joefk I think the pull request here is to allow people to define their own authorization implementation since some organizations have the need to integrate Pulsar into its owner authentication/authorization system to control those resources. The purpose of this pull request is different from PIP-49. We attempt to improve the current authorization model. This pull request should NOT change our current authorization model as the concerns have been raised when discussing PIP-49.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
