[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-08-21 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-414568135
 
 
   >  was the proxy auth action ever added?
   No, and we don't need to
   
   > @jai1  @merlimat  is
   authRole correct here? Surely if we are coming from the proxy and
   originalPrincipal is set, we should be checking if the original principle
   which can access the resource?
   
   The code looks convoluted but I think it's correct so basically if,  '
   originalPrincipal  != null' then check if both proxy role (authRole) and
   client role (original Principal) can lookup on the topic. So on line 251
   (first call to canLookupAsync) we check whether the proxy (authRole) has
   permission to lookup then on line 261 (call to lookupTopicAsync) we check
   if client role (original Principal)  has permission to lookup.
   
   Basic reasoning for this was that we don't want the proxy to have access to
   all Pulsar namespaces - we want to have a configuration where proxy X can
   only access namespace Y.
   
   On Mon, Aug 20, 2018 at 5:45 AM, Ivan Kelly 
   wrote:
   
   > @jai1  was the proxy auth action ever added?
   >
   > —
   > You are receiving this because you were mentioned.
   > Reply to this email directly, view it on GitHub
   > 
,
   > or mute the thread
   > 

   > .
   >
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-30 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-361755903
 
 
   retest this please


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-29 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-361408368
 
 
   retest this please


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-29 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-361228242
 
 
   retest this please


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-28 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-361100949
 
 
   retest this please


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-27 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-361034301
 
 
   @merlimat @rdhabalia @saandrews - thanks for the feedback - have addressed 
all your comments
   Just need a +1 to merge


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-26 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-360889807
 
 
   retest this please


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-26 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-360865541
 
 
   @saandrews - have addressed your comments
   
   @merlimat @rdhabalia @msb-at-yahoo - please review the PR when you get time


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-23 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-359900818
 
 
   @merlimat @rdhabalia @saandrews @msb-at-yahoo  - please review this whenever 
you find time
   
   I am open to exchanging PR reviews too as an incentive to get this checked 
in :-P


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-22 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-359371344
 
 
   @merlimat  @rdhabalia  - This last PR addresses all outstanding concerns we 
had discussed in the mail chain. 
   
   Only @msb-at-yahoo suggestions remain - which will be addressed as a 
separate PR once this is merged since the suggestions are still under 
discussion.


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-18 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-358822404
 
 
   @merlimat @rdhabalia @saandrews - please review this whenever you find time 
   
   I am open to exchanging PR reviews too as an incentive to get this checked 
in :-P


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-15 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-357870142
 
 
   retest this please


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2018-01-02 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-354862417
 
 
   @merlimat 
   Created a PIP
   
https://github.com/apache/incubator-pulsar/wiki/PIP-9:-Adding-more-Security-checks-to-Pulsar-Proxy


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2017-12-28 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-354403940
 
 
   retest this please


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2017-12-21 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-353492995
 
 
   > I don't think "proxy" it's a good match for an action. An action in the 
ACLs is associated with a "role" while for proxy is just a flag
   
   Should we rename the action to _lookup_ and add another or condition to  
   
https://github.com/apache/incubator-pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationManager.java?utf8=%E2%9C%93#L109
 
   
   
   OR
   
   Not add any Action and enforce that proxy has same AuthAcion permission as 
the client (produce and consume) - finer control


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

[GitHub] jai1 commented on issue #1002: Making Pulsar Proxy more secure

2017-12-21 Thread GitBox 
jai1 commented on issue #1002: Making Pulsar Proxy more secure
URL: https://github.com/apache/incubator-pulsar/pull/1002#issuecomment-353492995
 
 
   > I don't think "proxy" it's a good match for an action. An action in the 
ACLs is associated with a "role" while for proxy is just a flag
   
   Should we rename the action to _lookup_ and add another or condition to  
   
https://github.com/apache/incubator-pulsar/blob/master/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationManager.java?utf8=%E2%9C%93#L109
 
   


This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services