[improve][pip] PIP-347: add role field in consumer's stat#22564
Conversation
|
PTAL, thanks. @BewareMyPower @lhotari @codelipenghui @poorbarcode @Technoboy- |
michaeljmarshall
left a comment
There was a problem hiding this comment.
Thanks for your PIP. I agree that there is a gap here, but I think the solution requires a more nuanced approach to accommodate existing use cases.
|
Leaving aside the issue above. It looks like you want to add There are times when the role is more sensitive information and I would recommend adding a configuration to expose the role. |
|
May be we can prioritize reaching consensus on this PIP? We do need this pip to handle the problem we meet, anyone who use Subscription Permission Control Mechanism will also need this. |
|
@thetumbled After @michaeljmarshall think it's OK, you can sent a vote thread to the mail list |
This comment was marked as outdated.
This comment was marked as outdated.
eolivelli
left a comment
There was a problem hiding this comment.
I think that this PIP is telling too much about some kind of security vulnerability and I would shrink it a lot.
You should mention only the need for administrators to bind a consumer to a role, that is definitely useful.
Regarding the auto creation of subscriptions, we should tackle the problem as a separate work, and not a PIP
Agree, i have updated the motivation, PTAL, thanks. @eolivelli @nodece |
@nodece I don't understand why /cc @eolivelli |
|
In other words, I just don't want to expose the role to the regular users. |
|
@nodece I think it doesn't matter, expose role name will not affect anything |
|
WDYT, should we expose it to regular users(not everyone actually, but those who own the lookup permission of this topic)? @eolivelli @lhotari @codelipenghui @Technoboy- @michaeljmarshall |
It should be fine since we already exposed the sub name, consumer name and more information for users who has LOOKUP permission with default Pulsar authorization. And Pulsar can also support fine-grained access control by authorization plugin. |
|
PIP approved, merging... |
Motivation
pip-347
implementation pr:#22562
Modifications
Verifying this change
(Please pick either of the following options)
This change is a trivial rework / code cleanup without any test coverage.
(or)
This change is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(example:)
Does this pull request potentially affect one of the following parts:
If the box was checked, please highlight the changes
Documentation
docdoc-requireddoc-not-neededdoc-completeMatching PR in forked repository
PR in forked repository: