GitHub user git-hulk added a comment to the discussion: ACL Proposal
@jihuayu Thanks for your proposal.
> Why not use acl files for persistence?
@jihuayu @caipengbo, I think we can keep ACLs inside storage since we allow
propagation of the namespace/tokens between master and replicas. Most users
should also prefer configuring ACLs once.
```
+-------------+-------------+---------+----------------------------------+
acl|user name => | ns size | namespace | version | redis ACL SETUSER
commands string|
| (1byte: X) | (Xbyte) | (8byte) | (Nbyte)
|
+-------------+-------------+---------+----------------------------------+
struct aclSelector {
uint32_t flags; // SELECTOR_FLAG_ALLKEYS, ALLCHANNELS, ALLCOMMANDS, etc.
std::vector<uint64_t> allowed_commands; // Command permission bitmap, size
= USER_COMMAND_BITS_COUNT / 64
std::vector<std::string> patterns; // List of key patterns
std::vector<std::string> channels; // List of channel patterns
};
```
It seems that passwords and categories are missing here. Can you elaborate a
bit on how we're going to serialize the sector information?
For now, we don't have the category information in each command, so maybe we
can support the category in ACL after it's added.
cc @PragmaTwice @mapleFU @torwig.
GitHub link:
https://github.com/apache/kvrocks/discussions/3234#discussioncomment-14778431
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: [email protected]
