RongtongJin commented on code in PR #10499:
URL: https://github.com/apache/rocketmq/pull/10499#discussion_r3434178199


##########
docs/cn/acl/user_guide.md:
##########
@@ -48,6 +49,12 @@ storePathCommitLog=/data/rocketmq/commitlog-a-m
 autoCreateSubscriptionGroup=true
 ## if acl is open,the flag will be true
 aclEnable=true
+## RocketMQ 5.x 需要额外配置以下ACL属性
+authenticationEnabled=true
+authorizationEnabled=true
+migrateAuthFromV1Enabled=true

Review Comment:
   I do not think `migrateAuthFromV1Enabled=true` should be documented as part 
of the baseline 5.x ACL setup. It is specifically for migrating v1 
`plain_acl.yml` data into the new auth model. Please move it into a migration 
note instead of the default configuration block.



##########
docs/cn/acl/user_guide.md:
##########
@@ -48,6 +49,12 @@ storePathCommitLog=/data/rocketmq/commitlog-a-m
 autoCreateSubscriptionGroup=true
 ## if acl is open,the flag will be true
 aclEnable=true
+## RocketMQ 5.x 需要额外配置以下ACL属性
+authenticationEnabled=true
+authorizationEnabled=true
+migrateAuthFromV1Enabled=true
+authenticationMetadataProvider=org.apache.rocketmq.auth.authentication.provider.LocalAuthenticationMetadataProvider
+authorizationMetadataProvider=org.apache.rocketmq.auth.authorization.provider.LocalAuthorizationMetadataProvider
 listenPort=10911

Review Comment:
   Since the default authentication/authorization providers are part of the 
effective setup, please document them explicitly or explain that they are 
defaulted by code. Otherwise users may copy an incomplete config and still be 
unclear about the provider chain.



##########
docs/en/acl/Operations_ACL.md:
##########
@@ -47,6 +48,12 @@ storePathCommitLog=/data/rocketmq/commitlog-a-m
 autoCreateSubscriptionGroup=true
 ## if acl is open,the flag will be true
 aclEnable=true
+## RocketMQ 5.x requires the following additional ACL properties
+authenticationEnabled=true
+authorizationEnabled=true
+migrateAuthFromV1Enabled=true

Review Comment:
   Same issue as the Chinese doc: `migrateAuthFromV1Enabled=true` should not be 
presented as a general required setting. Please document it only for v1 ACL 
migration scenarios.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to