michaeljmarshall commented on code in PR #19830:
URL: https://github.com/apache/pulsar/pull/19830#discussion_r1139199743
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java:
##########
@@ -331,7 +327,9 @@ public boolean isValidOriginalPrincipal(String
authenticatedPrincipal,
}
} else if (StringUtils.isNotBlank(originalPrincipal)
&& !(allowNonProxyPrincipalsToBeEqual &&
originalPrincipal.equals(authenticatedPrincipal))) {
- errorMsg = "cannot specify originalPrincipal when connecting
without valid proxy role.";
+ log.warn("[{}] Non-proxy role [{}] passed originalPrincipal
[{}]. This behavior will not "
Review Comment:
This log will appear anytime proxy and original roles are validated and meet
the appropriate conditions, which is once for connections over the binary
protocol and once for each admin http request.
I think it's a justified warning log since it is warning an administrator
that their current configuration will not work in an upcoming release.
Operators will only have to update their proxy's authentication to use a
`proxyRole` and the log line will be removed in their current version.
> @lhotari It should also affect the TCP connection. No?
I think @lhotari means the Pulsar human administrator, not the admin service.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
