yush1ga commented on a change in pull request #543: Added documents for wildcard matching in authorization URL: https://github.com/apache/incubator-pulsar/pull/543#discussion_r125122342
########## File path: docs/Authorization.md ########## @@ -59,6 +59,41 @@ $ bin/pulsar-admin namespaces grant-permission \ After this, clients identifying with the role `my-client-role`, will be able to use topics in the specified namespace. +Wildcard authorization can be performed when `authorizationAllowWildcardsMatching` is set to `true` in `broker.conf`. + +e.g. +``` +$ bin/pulsar-admin namespaces grant-permission \ + my-property/us-west/my-namespace \ + --role my.role.* \ + --actions produce,consume +``` + +Then, roles `my.role.1`, `my.role.2`, `my.role.foo`, `my.role.bar`, etc. can produce and consume. + +``` +$ bin/pulsar-admin namespaces grant-permission \ + my-property/us-west/my-namespace \ + --role *.role.my \ + --actions produce,consume +``` + +Then, roles `1.role.my`, `2.role.my`, `foo.role.my`, `bar.role.my`, etc. can produce and consume. + + +**Note**: A wildcard mathing works at **the beginning or end of the role name only**. Review comment: Yes, I fixed it. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
