michaeljmarshall opened a new pull request #12515:
URL: https://github.com/apache/pulsar/pull/12515
…t topic permission
### Motivation
There are several motivating factors here.
1. The `AuthorizationProvider` interface has a method to grant permission
for a role to a topic. However, that method is not currently used. The other
methods in the interface for granting permission on namespaces and on
subscriptions are used. This PR seeks to bring the implementation into
alignment. Without this change, a custom authorization provider would not be
able to create custom logic for topic level permissions.
2. The current implementation
of`PulsarAuthorizationProvider#grantPermissionAsync(TopicName topicName,
Set<AuthAction> actions, String role, String authDataJson)` is surprising. It
currently sets permissions using the namespace method instead of setting the
permissions at the topic level. This could result in granting more permission
than intended. However, the method is not actually called right now, so this
unexpected behavior is irrelevant.
### Modifications
* Move the logic for granting topic permissions to the
`PulsarAuthorizationProvider`. This change closely resembles the existing code
in the `NamespacesBase` class.
### Verifying this change
There are already tests that cover the granting of permission at a topic
level. For example, `PersistentTopicsTest` tests this. Existing test coverage
should be sufficient for validating this change.
### Does this pull request potentially affect one of the following parts:
*If `yes` was chosen, please highlight the changes*
- Dependencies (does it add or upgrade a dependency): no
- The public API: no
- The schema: no
- The default values of configurations: no
- The wire protocol: no
- The rest endpoints: no
- The admin cli options: no
- Anything that affects deployment: no
### Documentation
Check the box below and label this PR (if you have committer privilege).
Need to update docs?
- [ ] `doc-required`
(If you need help on updating docs, create a doc issue)
- [x] `no-need-doc`
No behavior is changed here. The fundamental change is to rely on the
`AuthorizationProvider` interface when granting topic level permissions.
- [ ] `doc`
(If this PR contains doc changes)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
