Thanks for submitting this PIP. I agree there is a gap in the existing
feature offering, but I think we'll need a more nuanced approach for
compatibility with existing clusters.

Here is some relevant historical context that anyone evaluating this
PIP might find motivating.

https://github.com/apache/pulsar/pull/11113
PR proposing the exact same change as mentioned in this PIP 347.

PIP-167: Make it Configurable to Require Subscription Permission
This PIP was proposed but never accepted. It tried to solve the same problem.
https://github.com/apache/pulsar/issues/15597
https://github.com/apache/pulsar/pull/15576 (it was merged, then reverted)
https://lists.apache.org/thread/x6zg2l7hrtopd0yty93fhctsnm9n0wbt

Community meeting discussion notes on PIP 167 (see bottom of email)
Matteo suggests adding a positive permission model to match the rest of pulsar.
https://lists.apache.org/thread/6pgvpx1gxcx21d9fwcbgvfg2xgk5tfmw

My current thoughts:

The current flow is a mix of positive and negative permission models,
which is not easy to reason about.

I agree with Matteo's point from that community meeting (2 years
ago!). The best solution to this problem is to make it possible to
configure a role to consume from only one subscription. This would
translate to one call to grant permission instead of the two currently
required.

I do not think we can accept this PIP as-is. It will break any pulsar
installation that does not already configure subscription level
permission, and given that subscription level permissions are not well
documented in the project, I doubt they are used by many.

Thanks,
Michael

On Tue, Apr 23, 2024 at 3:25 AM thetumbled <wof...@qq.com.invalid> wrote:
>
> Hi, pulsar community.
> &nbsp; &nbsp; I open a new PIP for finding out the owner of subscriptions. 
> link:&nbsp;https://github.com/apache/pulsar/pull/22564.
> Thanks.
> thetumbled.

Reply via email to