Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[improve][broker] Consistently add fine-grain authorization to REST API #22202

Merged
merged 7 commits into from
Mar 6, 2024
Merged

[improve][broker] Consistently add fine-grain authorization to REST API #22202

merged 7 commits into from
Mar 6, 2024

Conversation

mattisonchao
Copy link
Member

@mattisonchao mattisonchao commented Mar 5, 2024
edited
Loading

Motivation

Add fine-grain authorization to topic management endpoints so that it can be controlled at a more fine-grain level.

Modifications

The changed endpoints are as follows:

Topic Policy

  • offload policeis
  • max unacked message on consumer
  • max unacked message on subscription
  • deduplication snapshot
  • inactive topic
  • delayed delivery
  • backlog
  • replication
  • message ttl
  • deduplication
  • dispatch pause
  • persistence
  • max subscriptions
  • max producers
  • max consumers
  • message size
  • compaction threshold
  • replication rate
  • dispatch rate
  • publish rate
  • subscribe rate
  • subscription types
  • schema compatibility
  • auto subscription creation

Topic Operation

  • examine message
  • get backlog

Verifying this change

  • Make sure that the change passes the CI checks.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@mattisonchao
[improve][broker] Add FGA to topic management endpoints
3e9b1ca 
Add fine-grained authorization(FGA) to topic management endpoints.
So that it can be controlled at a more fine-grain level.

The changed endpoints are as follows:

**Topic Policy**

- offload policeis
- max unacked message on consumer
- max unacked message on subscription
- duplication snapshot
- inactive topic
- delayed delivery
- backlog
- replication
- message ttl
- deduplication
- dispatch pause
- persistence
- max subscriptions
- max producers
- max consumers
- message size
- compaction threshold
- replication rate
- dispatch rate
- publish rate
- subscribe rate
- subscriptino types
- schema capatibility
- auto subscription creation

**Topic Operation**

- examine message
- get backlog
@mattisonchao mattisonchao self-assigned this Mar 5, 2024
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Mar 5, 2024
@mattisonchao mattisonchao changed the title [improve][broker] Add FGA to topic management endpoints [improve][broker] Consistently add fine-grain authorization to REST API Mar 6, 2024
lhotari
lhotari approved these changes Mar 6, 2024
View reviewed changes
Copy link
Member

@lhotari lhotari left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@lhotari
Copy link
Member

lhotari commented Mar 6, 2024

Good work @mattisonchao !

@mattisonchao mattisonchao marked this pull request as ready for review March 6, 2024 11:36
@Technoboy- Technoboy- added this to the 3.3.0 milestone Mar 6, 2024
gaoran10
gaoran10 reviewed Mar 6, 2024
View reviewed changes
Copy link
Contributor

@gaoran10 gaoran10 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we could make preValidation before authorization validation. WDYT?

@codecov-commenter
Copy link

Codecov Report

Attention: Patch coverage is 98.05195% with 3 lines in your changes are missing coverage. Please review.

Project coverage is 73.60%. Comparing base (bbc6224) to head (77e8ddc).
Report is 23 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #22202      +/-   ##
============================================
+ Coverage     73.57%   73.60%   +0.03%     
- Complexity    32624    32722      +98     
============================================
  Files          1877     1878       +1     
  Lines        139502   139708     +206     
  Branches      15299    15328      +29     
============================================
+ Hits         102638   102834     +196     
+ Misses        28908    28882      -26     
- Partials       7956     7992      +36
Flag Coverage Δ
inttests 26.39% <2.59%> (+1.80%) ⬆️
systests 24.23% <0.00%> (-0.10%) ⬇️
unittests 72.88% <98.05%> (+0.03%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Coverage Δ
...pache/pulsar/broker/admin/v2/PersistentTopics.java 82.60% <98.05%> (+1.67%) ⬆️

... and 84 files with indirect coverage changes

@lhotari lhotari merged commit 68c1092 into apache:master Mar 6, 2024
53 checks passed
lhotari pushed a commit that referenced this pull request Mar 6, 2024
@mattisonchao @lhotari
[improve][broker] Consistently add fine-grain authorization to REST A…
441fd68 
…PI (#22202)

(cherry picked from commit 68c1092)
@heesung-sn
Copy link
Contributor

@mattisonchao could you help to cherry-pick this PR to 3.0 branch? I see conflicts.

codelipenghui pushed a commit that referenced this pull request Mar 7, 2024
@mattisonchao @codelipenghui
[improve][broker] Consistently add fine-grain authorization to REST A…
da98b8d 
…PI (#22202)

(cherry picked from commit 68c1092)
codelipenghui pushed a commit that referenced this pull request Mar 7, 2024
@mattisonchao @codelipenghui
[improve][broker] Consistently add fine-grain authorization to REST A…
dcaf508 
…PI (#22202)

(cherry picked from commit 68c1092)
codelipenghui pushed a commit that referenced this pull request Mar 7, 2024
@mattisonchao @codelipenghui
[improve][broker] Consistently add fine-grain authorization to REST A…
e2316bc 
…PI (#22202)

(cherry picked from commit 68c1092)
codelipenghui pushed a commit that referenced this pull request Mar 7, 2024
@mattisonchao @codelipenghui
[improve][broker] Consistently add fine-grain authorization to REST A…
cb65e17 
…PI (#22202)

(cherry picked from commit 68c1092)
nikhil-ctds pushed a commit to datastax/pulsar that referenced this pull request Apr 3, 2024
@mattisonchao @nikhil-ctds
[improve][broker] Consistently add fine-grain authorization to REST A…
2dcd2ed 
…PI (apache#22202)

(cherry picked from commit 68c1092)
(cherry picked from commit dcaf508)
nikhil-ctds pushed a commit to datastax/pulsar that referenced this pull request Apr 4, 2024
@mattisonchao @nikhil-ctds
[improve][broker] Consistently add fine-grain authorization to REST A…
039b8aa 
…PI (apache#22202)

(cherry picked from commit 68c1092)
(cherry picked from commit dcaf508)
hanmz pushed a commit to hanmz/pulsar that referenced this pull request Feb 12, 2025
@mattisonchao @hanmz
[improve][broker] Consistently add fine-grain authorization to REST A…
15c579c 
…PI (apache#22202)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@lhotari lhotari lhotari approved these changes

@Technoboy- Technoboy- Technoboy- approved these changes

@gaoran10 gaoran10 gaoran10 approved these changes

@liangyepianzhou liangyepianzhou liangyepianzhou approved these changes

Assignees

@mattisonchao mattisonchao

Labels
cherry-picked/branch-2.10 cherry-picked/branch-2.11 cherry-picked/branch-3.0 cherry-picked/branch-3.1 cherry-picked/branch-3.2 doc-not-needed Your PR changes do not impact docs ready-to-test release/2.10.6 release/2.11.4 release/3.0.3 release/3.1.3 release/3.2.1
Projects
None yet
Milestone
3.3.0
Development

Successfully merging this pull request may close these issues.
8 participants
@mattisonchao @lhotari @codecov-commenter @heesung-sn @Technoboy- @gaoran10 @liangyepianzhou @codelipenghui