JiangHe12 opened a new issue, #1238:
URL: https://github.com/apache/rocketmq-client-go/issues/1238

   ### Background
   
   As of the latest release **v2.1.2**, the public `admin.Admin` interface 
exposes only:
   
   ```
   CreateTopic, DeleteTopic, GetAllSubscriptionGroup,
   FetchAllTopicList, FetchPublishMessageQueues, Close
   ```
   
   There is **no API to manage broker ACLs** (create/update/delete/list 
`AclConfig` / `PlainAccessConfig`). The one `RegisterACL()` call in the package 
(`admin.go`, inside `GetAllSubscriptionGroup`) only signs the admin client's 
*own* outgoing request with ACL credentials — it is client-side authentication, 
not ACL administration.
   
   ### Request
   
   Could a clean, cgo-free ACL admin surface be added to `admin.Admin`, e.g. 
`CreateAndUpdatePlainAccessConfig` / `DeletePlainAccessConfig` / 
`GetBrokerClusterAclConfig` (mirroring the Java `MQAdminExt` ACL operations and 
the broker's `UpdateAclConfig` / `GetBrokerClusterAclConfig` remoting commands)?
   
   ### Motivation
   
   The other major Go broker clients already expose ACL administration (Kafka 
via `kadm`, RabbitMQ via the management API, Pulsar via the admin REST API). A 
governed multi-broker CLI we maintain 
([mqgov-cli](https://github.com/JiangHe12/mqgov-cli)) supports native ACL 
grant/revoke/list for Kafka, RabbitMQ and Pulsar, but has to lock **RocketMQ 
ACL as fail-closed `NOT_IMPLEMENTED`** purely because there is no clean 
cgo-free admin ACL API in this client — we will not hand-roll raw remoting to 
fake it. A first-class admin ACL API would let downstream tools govern RocketMQ 
ACLs honestly.
   
   ### Environment
   
   - `rocketmq-client-go/v2` v2.1.2
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to