Hi Jai,
the proposal looks good to me. My only concern is around the "proxy" action
for restricting the proxy access to some topics.
I completely agree that restricting access is a very option to have
available, but I don't think we should put "proxy" on the same level as
"produce" and "consume".
Produce and consume are action that are tied to a specific user/principal.
Eg; grant permission to "user-1" to publish on topics in namespace X
For proxy, it would be more like: "enable these topics to be exposed
through proxy"
That's why I feel "proxy" is not the same as an authorization action.
My suggestion here would be:
* Have a broker setting to set the default behavior
"allowAccessThroughProxy=true" (or similar name)
* Add a flag at the namespace level that can override the default
system-wide setting
Matteo
On Tue, Jan 2, 2018 at 12:04 PM Jai Asher <jai.ashe...@gmail.com> wrote:
> Hi all,
> I've created PIP for Adding more Security checks to Pulsar Proxy.
> High-level description:
> * The machine hosting the Pulsar proxy will have a public IP and
> susceptible to all kinds of web attacks. The aim of this PIP is to minimize
> the damage caused by a compromised proxy on the entire service.*
>
> PIP:- https://github.com/apache/incubator-pulsar/wiki/PIP-9:-Addin
> g-more-Security-checks-to-Pulsar-Proxy
> <https://github.com/apache/incubator-pulsar/wiki/PIP-9:-Adding-more-Security-checks-to-Pulsar-Proxy>
> PR:- https://github.com/apache/incubator-pulsar/pull/1002
> Issue:- https://github.com/apache/incubator-pulsar/issues/858
>
> Can you please review and provide your feedback/comments.
>
> Regards,
> Jai
>
--
Matteo Merli
<mme...@apache.org>
