Differentiate authorization between source/sink/function operations #7466
+82
−4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@srkukarni my concern with this PR is BC. Currently, if a user has "functions" permission, the user can run sources, sinks, and functions. With this change, a user has to now have the specific entitlement of sources/sinks to run them as well. |
|
@jerrypeng That is indeed a concern. Any ideas on how to solve it? |
|
Coming to think more about it, the existing sources/sinks will continue to run fine. Thus upon upgrade of cluster, things still will work ok, except that newer sources/sinks will need additional permissions. Couldn't that just be notes in upgrade process? |
|
@srkukarni can you add a note to the release notes about this? |
jerrypeng
approved these changes
Jul 7, 2020
|
Added |
|
cherry-pick the pull request to |
huangdx0726
pushed a commit
to huangdx0726/pulsar
that referenced
this pull request
Aug 24, 2020
…pache#7466) * Differentiate between source/sink/function operations * Added release notes Co-authored-by: Sanjeev Kulkarni <sanjeevk@splunk.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(If this PR fixes a github issue, please add
Fixes #<xyz>.)Fixes #
(or if this PR is one task of a github issue, please add
Master Issue: #<xyz>to link to the master issue.)Master Issue: #
Motivation
When doing any source/sink/function operation, we currently don't distinguish between sources, sinks and functions. However sources, sinks and functions are different operations, with different endpoints and often require different auth handling. This pr introduces a couple of new interfaces for checking auth for sources and sink operations.
Modifications
Describe the modifications you've done.
Verifying this change
(Please pick either of the following options)
This change is a trivial rework / code cleanup without any test coverage.
(or)
This change is already covered by existing tests, such as (please describe tests).
(or)
This change added tests and can be verified as follows:
(example:)
Does this pull request potentially affect one of the following parts:
If
yeswas chosen, please highlight the changesDocumentation