[GitHub] [pulsar] tuteng commented on a change in pull request #5767: Support batch authorization of partitioned topic

Sat, 30 Nov 2019 05:33:29 -0800 

tuteng commented on a change in pull request #5767: Support batch authorization 
of partitioned topic
URL: https://github.com/apache/pulsar/pull/5767#discussion_r352285215
 
 

 ##########
 File path: 
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java
 ##########
 @@ -301,13 +295,29 @@ protected void internalGrantPermissionsOnTopic(String 
role, Set<AuthAction> acti
             log.warn("[{}] Failed to grant permissions on topic {}: concurrent 
modification", clientAppId(),
                     topicUri);
             throw new RestException(Status.CONFLICT, "Concurrent 
modification");
-        }
-        catch (Exception e) {
+        } catch (Exception e) {
             log.error("[{}] Failed to grant permissions for topic {}", 
clientAppId(), topicUri, e);
             throw new RestException(e);
         }
     }
 
+    protected void internalGrantPermissionsOnTopic(String role, 
Set<AuthAction> actions) {
+        // This operation should be reading from zookeeper and it should be 
allowed without having admin privileges
+        validateAdminAccessForTenant(namespaceName.getTenant());
+        validatePoliciesReadOnlyAccess();
+
+        PartitionedTopicMetadata meta = getPartitionedTopicMetadata(topicName, 
true, false);
 
 Review comment:
   Before that, we seem to add a version of judgment. I'm not sure whether the 
partition topic is supported in the v1 version because the v1 version of the 
domain path has `cluster` attribute, and the v2 version does not have this 
attribute, So calling function `getPartitionedTopicMetadata` directly will 
throw an exception. therefore, I think it may need to add a version check here. 
   
   ```
   if (topicName.isV2()) {
      getPartitionedTopicMetadata(topicName, true, false);
      // Auth to parititioned topic
     ....
   } else {
       // Non-partitioned topic normal authorization
   }
   ```
   
   REST API v1:
   ```
   persistent://tenant/cluster-name/namespace/topic-name
   ```
   
   REST API
   ```
   persistent://tenant/namespace/topic-name
   ```
   
   
   @sijie  I'd like to hear your opinion. I don't know whether rest API v1 
supports partitioned topic or not.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to