linhu93 commented on issue #403: ACL feature request URL: https://github.com/apache/rocketmq/issues/403#issuecomment-412746295 # 第二组,为RocketMQ添加ACL功能 ## Goal 为RocketMQ添加权限控制,使得某个用户对某个topic有写权限,某个group的某个consumer对某个topic有读权限。 ## Design 在NameServer中添加RocketMQ的权限控制表 含义 rocketmq.client.name 主题 权限 属性名 instanceName topic operation 取值 “name” “topicName” r/w RocketMQ可以使用CLI admin tools实现管理。在bash mqadmin列表中添加对ACL的操作,并将权限控制表推送到NameServer上,实现对权限控制表的读写操作(其他操作后续可以扩展)。 目前操作主要包含权限读写两类,其RequestCode分别为ACL_WRITE_CONFIG = 323和ACL_READ_CONFIG = 324。 写入权限控制项 bash mqadmin aclWrite -i “instanceName” -t “topic” -o “operation” 其中operation为“r”或“w”表示读写权限 读取权限控制项 bash mqadmin aclRead -i “instanceName” -t “topic” -r “r” ## Impl Add adminTool impl, RpcHook impl and NameServer communication protocol. ## Test UnitTest for most functions. ## Verification Verified,compile succeed. ## Future work NameServer listener implementation to improve cache, namesrv act table persistence store. [PR addr](https://github.com/apache/rocketmq/pull/415)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
