Hi Liu, Only 2 new properties are added. I have already implemented code extending AuthenticationProviderTls
I have gone through older tickets which asked for this feature https://github.com/apache/pulsar/issues/4696 Environments like SPIFFE would get out-of-the-box support from pulsar with this PIP as well as above ticket. Are you suggesting the pulsar community wont benefit from this and host it in other git repo as separate plugin ? Thanks Naresh On Thu, 20 Jun 2024 at 7:54 PM, Zixuan Liu <node...@gmail.com> wrote: > Hi naresh, > > Right now the Pulsar can only get the role from a common name, your PIP is > an awesome idea that supports URI, DNS, RID, IP based Token as role, and is > very helpful for large organizations. > > In this PIP, you will introduce many configurations of identity mechanisms, > which are complex if users are not clear about their application scenarios. > > I voted 0 for this PIP, and I suggest you implement your authentication > provider by https://pulsar.apache.org/docs/next/security-extending. > > Thanks, > Zixuan > > naresh <vnareshku...@gmail.com> 于2024年6月15日周六 16:24写道: > > > Hello, > > > > This is my PIP Request at https://github.com/apache/pulsar/pull/22917 > > > > If this PIP is acceptable, i am considering the following for the code > > changes: > > > > 1. Enhance the existing > > org.apache.pulsar.broker.authentication.AuthenticationProviderTls > class > > to > > support these changes > > 2. Create a new class > > org.apache.pulsar.broker.authentication.AuthenticationProviderTlsSan > > thats > > backward compatible with current implementation > > > > Currently, I have made code changes on my local to support option-2. > Before > > I go far, requesting some feedback on the overall proposal. > > > > Thanks > > Naresh > > >
