[GitHub] [pulsar] michaeljmarshall commented on pull request #12515: [Authorization] Use AuthorizationService#grantPermissionAsync to gran…

Wed, 27 Oct 2021 22:44:20 -0700 


michaeljmarshall commented on pull request #12515:
URL: https://github.com/apache/pulsar/pull/12515#issuecomment-953520355


   @merlimat - it looks like the `AuthorizationProvider` and the 
`AuthorizationService` have some out of date Javadocs. For example, the 
`AuthroizationProvider` has this one:
   
   ```java
       /**
        * Grant authorization-action permission on a topic to the given client
        *
        * @param topicName
        * @param role
        * @param authDataJson
        *            additional authdata in json format
        * @return CompletableFuture
        * @completesWith <br/>
        *                IllegalArgumentException when namespace not found<br/>
        *                IllegalStateException when failed to grant permission
        */
       CompletableFuture<Void> grantPermissionAsync(TopicName topicName, 
Set<AuthAction> actions, String role,
               String authDataJson);
   ```
   Based on inspecting the `setPoliciesAsync` method, it looks like the 
expected exceptions are more specific. I see that exceptions are expected to be 
of type `MetadataStoreException` when there are issues like a namespace not 
being found or a concurrent modification exception. Of course other errors can 
happen too. I am assuming this all stems back to the work for PIP-45. What is 
your recommendation for the right way to reconcile the behavior described above 
and the new behaviors introduced in PIP-45? My main thought is that this could 
introduce a breaking change in behavior for any users that have implemented 
their own `AuthorizationProvider`. (Technically, there is already a change here 
because this `grantPermissionAsync` method wasn't called by the 
`AuthorizationService`.) The problem is the same for the variant of this method 
that updates the permissions on the whole namespace, so we'll need to solve for 
that as well. 
   
   Since we're already fully in on PIP-45, I think we should just update these 
Javadocs and make sure that the changes are mentioned in the release notes for 
2.10.
   
   Let me know how you think we should proceed. I'm happy to open up a PR to 
update the Javadocs.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to