You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/03/06 00:55:27 UTC

[GitHub] [pulsar] jerrypeng opened a new issue #3763: Pulsar Function Authorization

jerrypeng opened a new issue #3763: Pulsar Function Authorization
URL: https://github.com/apache/pulsar/issues/3763
 
 
   After Pulsar Function Authentication is implemented, we also need to implement the authorization model for functions.
   
   I propose we add the following methods to the AuthorizationProvider (https://github.com/apache/pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java) interface:
   
   ```
   /**
   * Allow all function operations with in this namespace
   * @param namespaceName The namespace that the function operations can be executed in
   * @param role The role to check
   * @param authenticationData authentication data related to the role
   * @return a boolean to determine whether authorized or not
   */
   CompletableFuture<Boolean> allowFunctionOps(NamespaceName namespaceName, String role,
                                              AuthenticationDataSource authenticationData);
   
   ```
   We should also add an action to AuthAction for functions:
   
   ```
   public enum AuthAction {
      /** Permission to produce/publish messages */
      produce,
   
      /** Permission to consume messages */
      consume,
     
      /** Permissions for functions ops **/
      functions,
   }
   ```
   
   And admins and tenant admins can grant the permission “functions” to users for a namespace and they can perform all function operations(create, update, delete, get)  within that namespace.  
   
   I also think we a user has the permissions to perform all function operations within a namespace, he or she should also be able to consume and produce to a any topic within that namespace
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services