I update the document here https://github.com/apache/pulsar-manager/wiki/Authentication-and-Authorization-in-Pulsar-Manager, please reply to this email if you have any questions, then I will implement this feature according to the document.
Thanks, Guangning Guangning E <eguangn...@gmail.com> 于2019年11月22日周五 上午11:10写道: > I got it. I think the current architecture is ok, a developer will get a > token, he has the token, he can produce and consume messages, after > entering the platform, he can only see the topic bound with the token or > some statistical information of namespace, he does not have any permission > to change resources, I think this will be added by default, here we call > this role the service API. > > Thanks, > Guangning > > Yuva raj <uvar...@gmail.com> 于2019年11月22日周五 上午10:50写道: > >> Readonly role at pulsar-manager level. In our case we allow developers >> to access pulsar-manager to analyze topic metrics (produce /consume >> rate, list of consumers & subscriptions etc ). But we don't want to >> allow them to make any changes to the pulsar resources, such as >> clusters, namespaces or topics. >> >> On Fri, 22 Nov 2019 at 07:46, Guangning E <eguangn...@gmail.com> wrote: >> > >> > I'd like to know what you mean by read-only role and what operations it >> is >> > mainly used for. At present, pulsar-manager manages the permissions that >> > already exist in pulsar. I see that there are two PIP's on permission >> > improvement in pulsar. On this basis, we can easily expand roles in >> > pulsar-manager to adapt to pulsar's permissions. >> > >> > Yuva raj <uvar...@gmail.com> 于2019年11月21日周四 下午8:07写道: >> > >> > > Hi Guangning, Overall looks good. I am looking forward for an example >> how >> > > can we create a read only role ? Can we please add an `read` action >> also >> > > into verb list ? >> > > >> > > On Thu, Nov 21, 2019, 12:40 PM Guangning E <eguangn...@gmail.com> >> wrote: >> > > >> > > > Hi everyone, >> > > > The current pulsar-manager already supports basic JWT certification, >> > > > authorization and management, and we want to further integrate with >> > > > pulsar's multi-tenant system, so we drafted the following document >> on the >> > > > certification and authorization of the pulsar-manager. If you have >> any >> > > > ideas, you can comment directly on the document or reply to this >> email >> > > > >> > > > >> > > >> https://docs.google.com/document/d/1wAErarwtXT5A2JeiSxuXyMuqSgPVN68d2t-pnmkSrDA/edit >> > > > >> > > > Thanks, >> > > > Guangning >> > > > >> > > >> >> >> >> -- >> Thanks >> >> Yuvaraj L >> >
