Skip to content

[DISCUSS] Improve Permission Control for Subscription. #21254

New issue
New issue
Open
Open
[DISCUSS] Improve Permission Control for Subscription.#21254
Assignees
thetumbled
Labels
Staletype/enhancementThe enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
@thetumbled

Description

@thetumbled
thetumbled
opened on Sep 26, 2023

Search before asking

  • I searched in the issues and found nothing similar.

Motivation

The concept of group in Kafka is independent of the topic, while Pulsar's group/subscription is a concept under the topic. Every Subscription corresponds to only one topic.

public class PersistentSubscription extends AbstractSubscription implements Subscription {
    protected final PersistentTopic topic;
    protected final ManagedCursor cursor;
    protected final String topicName;
    protected final String subName;

But when doing permission control, the subscriptions belongs to the namespace instead of topic. Subscriptions with same name in the same namespace, but from different topics are treated as one subscription for permission control, and the role list is saved on zk under the path /admin/policies/tenant/namespace.

Solution

Move the role list for subscription to topic policy, so that the permission control for subscription is topic specific.

Alternatives

No response

Anything else?

No response

Are you willing to submit a PR?

  • I'm willing to submit a PR!

Metadata

Metadata

Assignees

Labels

Staletype/enhancementThe enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions