You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/09/07 09:57:47 UTC
[GitHub] [pulsar] eolivelli opened a new issue #11945: Admin/Permissions: getPartitionedTopicListshould work even with Topic Level Permissions
eolivelli opened a new issue #11945:
URL: https://github.com/apache/pulsar/issues/11945
Currently (Pulsar 2.8.x) in order to use admin().topics().getPartitionedTopicListAsync(topicName) you have to have "Tenant admin" role.
**Describe the solution you'd like**
It should be enough to require topic level permissions and allow users that are allowed to produce/consumer on the topic to use that API.
**Describe alternatives you've considered**
I don't see any alternative
**Additional context**
I am working on a Pulsar Proxy for KOP and currently in KOP we require only Topic Level permissions, but if I use PulsarAdmin I am not able to get the partitions for a topic using a regular user that has only these permissions:
```
admin.topics().grantPermission(fullNewTopicName,
ANOTHER_USER,
Sets.newHashSet(AuthAction.consume, AuthAction.produce));
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] BewareMyPower commented on issue #11945: Admin/Permissions: getPartitionedTopicListshould work even with Topic Level Permissions
Posted by GitBox <gi...@apache.org>.
BewareMyPower commented on issue #11945:
URL: https://github.com/apache/pulsar/issues/11945#issuecomment-914176801
I'm not so familiar with the authentication part. I only know the admin permission cannot only be granted to the tenant role. And `AuthAction` doesn't have admin related permissions.
https://github.com/apache/pulsar/blob/981cb626e59267e38c3b29faa02c14f0848a530f/pulsar-client-admin-api/src/main/java/org/apache/pulsar/common/policies/data/AuthAction.java#L24-L42
IMO we can add a readonly admin permission for non-admin roles, like lookup for topics. But it looks like to be a significant change for Pulsar. It might need a discussion for opinions from others.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] github-actions[bot] commented on issue #11945: Admin/Permissions: getPartitionedTopicListshould work even with Topic Level Permissions
Posted by GitBox <gi...@apache.org>.
github-actions[bot] commented on issue #11945:
URL: https://github.com/apache/pulsar/issues/11945#issuecomment-1057583529
The issue had no activity for 30 days, mark with Stale label.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] eolivelli commented on issue #11945: Admin/Permissions: getPartitionedTopicListshould work even with Topic Level Permissions
Posted by GitBox <gi...@apache.org>.
eolivelli commented on issue #11945:
URL: https://github.com/apache/pulsar/issues/11945#issuecomment-914168361
@BewareMyPower @codelipenghui PTAL
if this request makes sense to you I will send a PR for this enhancement.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org