equanz edited a comment on pull request #13723: URL: https://github.com/apache/pulsar/pull/13723#issuecomment-1022815572
One of the alternative approaches is using an existing definition of operation. For example, validate `TenantOperation.LIST_NAMESPACES` for a tenant and `PolicyName.ANTI_AFFINITY, PolicyOperation.READ` for each namespace. https://github.com/apache/pulsar/blob/8c8738f26cad0edf91d6b97f4c103680517900d9/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java#L1886 https://github.com/apache/pulsar/blob/8c8738f26cad0edf91d6b97f4c103680517900d9/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java#L1888-L1898 This approach doesn't add a new definition of operation. However, it requires `TenantOperation.LIST_NAMESPACES` to run the operation. Therefore, I think it is one of the breaking changes. In addition, validate tenant admin many times on the default authz provider. Another approach is using only `TenantOperation.LIST_NAMESPACES`. It validates tenant admin single times on the default authz provider. However, it also doesn't follow existing behavior and doesn't support granularity. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
