[GitHub] [pulsar-site] urfreespace commented on issue #83: Wrong position settings for GitHub Stars badge

[GitBox]

urfreespace commented on issue #83:
URL: https://github.com/apache/pulsar-site/issues/83#issuecomment-1131319794

   /assign @SignorMercurio 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet commented on issue #83: Wrong position settings for GitHub Stars badge

[GitBox]

Anonymitaet commented on issue #83:
URL: https://github.com/apache/pulsar-site/issues/83#issuecomment-1131342617

   @zrsaber are you working on this issue?
   https://github.com/apache/pulsar/issues/15550#issuecomment-1127168682


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] zrsaber commented on issue #83: Wrong position settings for GitHub Stars badge

[GitBox]

zrsaber commented on issue #83:
URL: https://github.com/apache/pulsar-site/issues/83#issuecomment-1131350082

   Yes, I'm working on this issue


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet commented on issue #83: Wrong position settings for GitHub Stars badge

[GitBox]

Anonymitaet commented on issue #83:
URL: https://github.com/apache/pulsar-site/issues/83#issuecomment-1131378051

   Hi @SignorMercurio, thanks for your contribution! 
   However @zrsaber was working on this issue several days ago, would you mind 
taking care of other issues? Feel free to pick your desired ones 
[here](https://github.com/apache/pulsar/issues?q=is%3Aopen+is%3Aissue+label%3Awebsite)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] zrsaber commented on issue #83: Wrong position settings for GitHub Stars badge

[GitBox]

zrsaber commented on issue #83:
URL: https://github.com/apache/pulsar-site/issues/83#issuecomment-1131422922

   Okay, I'll pick some problems to solve


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-manager] maxsxu opened a new issue, #461: Stale description of creating environment in README

[GitBox]

maxsxu opened a new issue, #461:
URL: https://github.com/apache/pulsar-manager/issues/461

   ## Description
   In the latest pulsar manager, the way to create environment need to be 
updated, and the related gif.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-manager] maxsxu opened a new pull request, #462: Update stale description of creating environment in README

[GitBox]

maxsxu opened a new pull request, #462:
URL: https://github.com/apache/pulsar-manager/pull/462

   Fixes #461 
   
   ### Motivation
   
   Update stale description of creating environment in README.
   
   ### Modifications
   
   - Update description of creating environment
   - Create a new GIF
   
   ### Verifying this change
   
   - [x] Make sure that the change passes the `./gradlew build` checks.
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [VOTE] PIP-157: Bucketing topic metadata to allow more topics per namespace

[Hang Chen]

+1 (binding)

Thanks,
Hang

mattison chao  于2022年5月18日周三 16:44写道：
>
> +1 (non-binding)
>
> Best,
> Mattison
>
> On Wed, 18 May 2022 at 15:20, Enrico Olivelli  wrote:
>
> > +1 (binding)
> >
> > Enrico
> >
> > Il giorno mer 18 mag 2022 alle ore 08:54 Matteo Merli
> >  ha scritto:
> > >
> > > +1
> > >
> > > --
> > > Matteo Merli
> > > 
> > >
> > > On Mon, May 2, 2022 at 6:40 PM Matteo Merli 
> > wrote:
> > > >
> > > > Lari & Enrico, the discussion thread was out for 11 days and there
> > > > were 2 positive feedbacks.
> > > > I don't think this qualifies as "too early for a vote" and it would
> > > > have been better if the discussion happened then.
> > > >
> > > > As for the comments in the other thread, I think there are only a
> > > > couple of misconceptions on the proposal itself, as they are not
> > > > actual problems (eg: managed ledger is not affected at all by this
> > > > proposal, as the naming happens on top of it).
> > > >
> > > > Some parts can be clarified (as it is always the case), though I don't
> > > > think it's a good idea to stop a vote at this point.
> > > >
> > > >
> > > > Matteo
> > > >
> > > > --
> > > > Matteo Merli
> > > > 
> > > >
> > > >
> > > > On Mon, May 2, 2022 at 3:31 AM Lari Hotari  wrote:
> > > > >
> > > > > -1. It's too early to start a vote. Let's first have discussions.
> > > > >
> > > > > -Lari
> > > > >
> > > > > ma 2. toukok. 2022 klo 9.50 Andras Beni  > .invalid>
> > > > > kirjoitti:
> > > > >
> > > > > > Hi Pulsar Community,
> > > > > >
> > > > > > I would like to start a VOTE on "Bucketing topic metadata to allow
> > more
> > > > > > topics per namespace" (PIP-157).
> > > > > >
> > > > > > The proposal can be read at
> > https://github.com/apache/pulsar/issues/15254
> > > > > > and the discussion thead is available at
> > > > > > https://lists.apache.org/thread/zx6s7hyrl2vy7nhdl79wh6gn88kxpd6k.
> > > > > >
> > > > > > Voting will stay open for at least 48h.
> > > > > >
> > > > > > Thanks,
> > > > > > Andras
> > > > > >
> >

Re: [VOTE] PIP-157: Bucketing topic metadata to allow more topics per namespace

[PengHui Li]

+1 (binding)

Thanks,
Penghui

On Wed, May 18, 2022 at 4:44 PM mattison chao 
wrote:

> +1 (non-binding)
>
> Best,
> Mattison
>
> On Wed, 18 May 2022 at 15:20, Enrico Olivelli  wrote:
>
> > +1 (binding)
> >
> > Enrico
> >
> > Il giorno mer 18 mag 2022 alle ore 08:54 Matteo Merli
> >  ha scritto:
> > >
> > > +1
> > >
> > > --
> > > Matteo Merli
> > > 
> > >
> > > On Mon, May 2, 2022 at 6:40 PM Matteo Merli 
> > wrote:
> > > >
> > > > Lari & Enrico, the discussion thread was out for 11 days and there
> > > > were 2 positive feedbacks.
> > > > I don't think this qualifies as "too early for a vote" and it would
> > > > have been better if the discussion happened then.
> > > >
> > > > As for the comments in the other thread, I think there are only a
> > > > couple of misconceptions on the proposal itself, as they are not
> > > > actual problems (eg: managed ledger is not affected at all by this
> > > > proposal, as the naming happens on top of it).
> > > >
> > > > Some parts can be clarified (as it is always the case), though I
> don't
> > > > think it's a good idea to stop a vote at this point.
> > > >
> > > >
> > > > Matteo
> > > >
> > > > --
> > > > Matteo Merli
> > > > 
> > > >
> > > >
> > > > On Mon, May 2, 2022 at 3:31 AM Lari Hotari  wrote:
> > > > >
> > > > > -1. It's too early to start a vote. Let's first have discussions.
> > > > >
> > > > > -Lari
> > > > >
> > > > > ma 2. toukok. 2022 klo 9.50 Andras Beni <
> andras.b...@streamnative.io
> > .invalid>
> > > > > kirjoitti:
> > > > >
> > > > > > Hi Pulsar Community,
> > > > > >
> > > > > > I would like to start a VOTE on "Bucketing topic metadata to
> allow
> > more
> > > > > > topics per namespace" (PIP-157).
> > > > > >
> > > > > > The proposal can be read at
> > https://github.com/apache/pulsar/issues/15254
> > > > > > and the discussion thead is available at
> > > > > > https://lists.apache.org/thread/zx6s7hyrl2vy7nhdl79wh6gn88kxpd6k
> .
> > > > > >
> > > > > > Voting will stay open for at least 48h.
> > > > > >
> > > > > > Thanks,
> > > > > > Andras
> > > > > >
> >
>

[GitHub] [pulsar-manager] urfreespace commented on pull request #462: Update stale description of creating environment in README

[GitBox]

urfreespace commented on PR #462:
URL: https://github.com/apache/pulsar-manager/pull/462#issuecomment-1131474073

   LGTM thanks @maxsxu 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-manager] urfreespace closed issue #461: Stale description of creating environment in README

[GitBox]

urfreespace closed issue #461: Stale description of creating environment in 
README
URL: https://github.com/apache/pulsar-manager/issues/461


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-manager] urfreespace merged pull request #462: Update stale description of creating environment in README

[GitBox]

urfreespace merged PR #462:
URL: https://github.com/apache/pulsar-manager/pull/462


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [DISCUSS] Byte schema compatibility issue

[guo jiwei]

Good idea @Yunze
Since `isSchemaValidationEnforced` is only on broker side, I decide to
support it on namespace and topic level.


Regards
Jiwei Guo (Tboy)


On Tue, May 17, 2022 at 11:24 AM Yunze Xu 
wrote:

> For case 1, if you are using bytes schema to produce messages, it will be
> user's responsibility to ensure the schema compatibility. Then at consumer
> side,
> `Message#getValue`, which decodes the bytes internally via the schema,
> should throw a `SchemaSerializationException` if the bytes of the value
> cannot
> Be decoded.
>
> Unfortunately, there is a bug that prevents bytes being decoded and it
> always
> failed before decoding. I opened a PR to fix this issue:
> https://github.com/apache/pulsar/pull/15622
>
> If you don’t want to check the schema compatibility at consumer side, you
> can
> configure `isSchemaValidationEnforced` with true so that the creation of a
> producer
> without schema on a topic with schema will fail.
>
> IMO, bytes schema is treated as “without schema”. The issue is actually:
> - Produce messages without schema
> - Consume messages with schema
>
> If `isSchemaValidationEnforced` is true, the producer cannot be created.
> Otherwise, since we cannot guarantee the format of the message at producer
> side
> and we cannot try to decode it at broker side. The only way is handling
> the error
> at consumer side:
> 1. Decoding the message successfully, return the decoded value.
> 2. Otherwise, throw a `SchemaSerializationException`.
>
> There is no problem with current implementation except what I tried to fix
> in #15622.
>
>
> Thanks,
> Yunze
>
>
>
>
> > 2022年3月8日 10:55，guo jiwei  写道：
> >
> > Hi,
> >   I want to discuss the compatibility issue with the byte schema here.
> >   For now, the byte-schema is compatible with all other schemas. This may
> > introduce more issues.
> >   Case 1:
> >  1. Consumer1 init with JSON schema for topic A.
> >  2. But producer1 init without schema and send byte messages
> > directly to topic A.
> >  This will cause consumer1 to deserialize msg error.  Also,
> > producer1 may send unsafe byte data.
> >
> > Case 2:
> >   1. Consumer1 init with byte schema for topic A.
> >   2. But producer1 init with AVRO/JSON schema and send messages
> to
> > topic A.
> >   This will cause consumer1 don't know how to deserialize msg.
> >
> >To avoid the above issues, Byte schema should also follow the schema
> > compatibility policy. I'm open #13701
> >  to track this. If the
> idea
> > is accepted, I will start a PIP.
> >
> > Please give some suggestions about this idea.
> >
> >
> > Regards
> > Jiwei Guo (Tboy)
>
>

Re: [VOTE] PIP-157: Bucketing topic metadata to allow more topics per namespace

[Lan Liang]

+1   NB






Best Regards,
Lan Liang
On 5/19/2022 17:30，PengHui Li wrote：
+1 (binding)

Thanks,
Penghui

On Wed, May 18, 2022 at 4:44 PM mattison chao 
wrote:

+1 (non-binding)

Best,
Mattison

On Wed, 18 May 2022 at 15:20, Enrico Olivelli  wrote:

+1 (binding)

Enrico

Il giorno mer 18 mag 2022 alle ore 08:54 Matteo Merli
 ha scritto:

+1

--
Matteo Merli


On Mon, May 2, 2022 at 6:40 PM Matteo Merli 
wrote:

Lari & Enrico, the discussion thread was out for 11 days and there
were 2 positive feedbacks.
I don't think this qualifies as "too early for a vote" and it would
have been better if the discussion happened then.

As for the comments in the other thread, I think there are only a
couple of misconceptions on the proposal itself, as they are not
actual problems (eg: managed ledger is not affected at all by this
proposal, as the naming happens on top of it).

Some parts can be clarified (as it is always the case), though I
don't
think it's a good idea to stop a vote at this point.


Matteo

--
Matteo Merli



On Mon, May 2, 2022 at 3:31 AM Lari Hotari  wrote:

-1. It's too early to start a vote. Let's first have discussions.

-Lari

ma 2. toukok. 2022 klo 9.50 Andras Beni <
andras.b...@streamnative.io
.invalid>
kirjoitti:

Hi Pulsar Community,

I would like to start a VOTE on "Bucketing topic metadata to
allow
more
topics per namespace" (PIP-157).

The proposal can be read at
https://github.com/apache/pulsar/issues/15254
and the discussion thead is available at
https://lists.apache.org/thread/zx6s7hyrl2vy7nhdl79wh6gn88kxpd6k
.

Voting will stay open for at least 48h.

Thanks,
Andras

Re: PIP-156: Build and Run Pulsar Server on Java 17

[PengHui Li]

Hi Heesung,

Great work! I support the change.

Thanks,
Penghui

On Thu, May 19, 2022 at 7:46 AM Heesung Sohn
 wrote:

> Hi,
>
> As a follow-up task here, I have a proposal to update pulsar server default
> GC configs. I tried to summarize the details in my fork PR:
> https://github.com/heesung-sn/pulsar/pull/1, and It would be great if I
> could get some early feedback from the community.
>
> Thank you,
> Heesung
>
> On Thu, Apr 21, 2022 at 4:00 AM Jiuming Tao  >
> wrote:
>
> > +1
> > Thanks,
> > Tao Jiuming
> >
> > > 2022年4月19日 上午2:25，Heesung Sohn 
> > 写道：
> > >
> > > Dear Pulsar dev community,
> > >
> > > My name is Heesung Sohn, and I would like to open a discussion here
> > > about PIP-156:
> > > Build and Run Pulsar Server on Java 17
> > > .
> > >
> > >
> > > @Nicolò Boschi,
> > > I see your similar PR 
> for
> > the
> > > Java 17 runtime support. Since some of the Java 17 upgrade work could
> > > overlap, it would be great if we can discuss how to collaborate too --
> > for
> > > this PIP, we need to additionally update the `javac --release` option
> to
> > > Java 17.
> > >
> > > Regards,
> > > Heesung
> > > --
> > >
> > > 
> > >
> > > Heesung Sohn
> > >
> > > Platform Engineer
> > >
> > > e: heesung.s...@streamnative.io
> > >
> > > streamnative.io
> > >
> > > 
> > > 
> > > 
> >
> >
>

Re: [VOTE] Pulsar Manager Release 0.3.0 Candidate 3

[PengHui Li]

+1 (binding)

- Validate checksum
- Deploy pulsar-manager

Thanks,
Penghui

On Wed, May 18, 2022 at 11:03 PM Max Xu  wrote:

> +1 (non-binding)
>
> - Validate checksum
> - Start pulsar-manager
> - Create an environment (add a pulsar instance)
> - Create and delete tenants/namespaces/topics. But unable to create token
>
> Thanks,
> Max Xu
>
>
>
> On Wed, May 18, 2022 at 6:58 PM Hang Chen  wrote:
>
> > +1(binding)
> > - Validate checksum
> > - Deploy pulsar-manager service and add pulsar cluster
> > - Create tenants, namespace and topics, delete topics.
> >
> > Thanks,
> > Hang
> >
> > Guangning E  于2022年5月12日周四 20:39写道：
> > >
> > > +1(non-binding)
> > > Validate checksum
> > > Start pulsar-manager service
> > > Create tenant and topic
> > >
> > > Thanks,
> > > Guangning
> > >
> > > Li Li  于2022年5月10日周二 14:14写道：
> > >
> > > > Hi everyone,
> > > > Please review and vote on the release candidate #3 for the version
> > 0.3.0,
> > > > as follows:
> > > > [ ] +1, Approve the release
> > > > [ ] -1, Do not approve the release (please provide specific comments)
> > > >
> > > > The complete staging area is available for your review, which
> includes:
> > > > * Release notes [1]
> > > > * The official Apache source and binary distributions to be deployed
> to
> > > > dist.apache.org  [2]
> > > > * Source code tag "v0.3.0-candidate-3" [4] with git sha
> > > >
> >
> 951095a71f7471dca028da0a330bc1a5e0707333a61fa4a09c8ea0f0a144d5628b511487e2442ebe290b9642b6b8ca7dee486a18a8339c893c37253724ad5fd4
> > > > apache-pulsar-manager-0.3.0-src.tar.gz
> > > >
> > > > PulsarManager's KEYS file contains PGP keys we used to sign this
> > release:
> > > > https://dist.apache.org/repos/dist/dev/pulsar/KEYS <
> > > > https://dist.apache.org/repos/dist/dev/pulsar/KEYS>
> > > >
> > > > Please download these packages and review this release candidate:
> > > >
> > > > - Review release notes
> > > > - Download the source package (verify shasum, and asc) and follow the
> > > > instructions to build and run the pulsar-manager front end and back
> end
> > > > service.
> > > > - Download the binary package (verify shasum, and asc) and follow the
> > > > instructions to run run the pulsar-manager front end and back end
> > service.
> > > >
> > > > The vote will be open for at least 72 hours. It is adopted by
> majority
> > > > approval, with at least 3 PMC affirmative votes.
> > > >
> > > >
> > > > Source and binary files:
> > > >
> > > >
> >
> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-manager/apache-pulsar-manager-0.3.0/apache-pulsar-manager-0.3.0-bin.tar.gz
> > > > <
> > > >
> >
> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-manager/apache-pulsar-manager-0.3.0/apache-pulsar-manager-0.3.0-bin.tar.gz
> > > > >
> > > >
> > > >
> >
> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-manager/apache-pulsar-manager-0.3.0/apache-pulsar-manager-0.3.0-src.tar.gz
> > > > <
> > > >
> >
> https://dist.apache.org/repos/dist/dev/pulsar/pulsar-manager/apache-pulsar-manager-0.3.0/apache-pulsar-manager-0.3.0-src.tar.gz
> > > > >
> > > >
> > > > SHA-512 checksums:
> > > >
> > > >
> >
> 6ffa5921765ee94a404792e98eb4b3cbda9e016c6661ef12e4e873e7e452301bc05650709955b012d08048e418133948a628ad55bc91ac65836022e1ea426d6f
> > > > apache-pulsar-manager-0.3.0-bin.tar.gz
> > > >
> >
> 951095a71f7471dca028da0a330bc1a5e0707333a61fa4a09c8ea0f0a144d5628b511487e2442ebe290b9642b6b8ca7dee486a18a8339c893c37253724ad5fd4
> > > > apache-pulsar-manager-0.3.0-src.tar.gz
> > > >
> > > >
> > > >
> > > >
> >
>

[VOTE][PIP-167] Make it Configurable to Require Subscription Permission

[Michael Marshall]

Hi Pulsar Community,

This is the voting thread for PIP 167.

GitHub Issue: https://github.com/apache/pulsar/issues/15597.
Discussion Thread:
https://lists.apache.org/thread/x6zg2l7hrtopd0yty93fhctsnm9n0wbt

Thanks,
Michael

--

Mailing list thread:
https://lists.apache.org/thread/x6zg2l7hrtopd0yty93fhctsnm9n0wbt

## Motivation

Pulsar supports subscription level authorization. When combined with
topic level authorization, a user can configure Pulsar to limit which
roles can consume from which topic subscriptions. However, when this
feature is left unconfigured for a subscription, a role that has
permission to consume from a topic is, by default, implicitly granted
permission to consume from any subscription on that topic. As a
consequence, a missed security configuration could lead to accidental
privilege escalation. Here is a reference to the code responsible for
the current behavior:

https://github.com/apache/pulsar/blob/6864b0ae5520e06b9d0fc5dcfa5a0a0a44feee87/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java#L115-L122

## Goal

I propose we add a namespace policy to configure a Pulsar namespace to
either allow all or reject all roles when there is no configuration
for a specific subscription’s permission. This way, a missed
configuration results in a rejected request due to insufficient
permission.

This PIP will not change the current behavior and will be backwards
compatible. It will add a new boolean field to the existing
`auth_policies` namespace policy to configure how the
`PulsarAuthorizationProvider` handles an empty set of allowed roles in
the `canConsume` method.

## Naming

I am not settled on the right name for this feature/namespace policy
yet. Hopefully this thread can help identify the right name.

First, the existing subscription level authorization feature has
several names. The Admin API calls this feature
`PermissionOnSubscription`, the Pulsar Admin CLI tool calls it
`subscription-permission`, the AuthPolicies interface calls it
`SubscriptionAuthentication`, and the value is stored in the metadata
store as `subscription_auth_roles`.

My preferred names for this feature are `implicit_subscription_auth`
and `implicitPermissionOnSubscription` because they work well with the
“grant” and “revoke” actions, e.g.
`grantImplicitPermissionOnSubscription` would be a PUT/POST call to
the `/implicitPermissionOnSubscription` endpoint to set the policy
value to true. However, that policy name requires the default value to
be true to maintain backwards compatibility. Enrico expressed concern
that defaulting to true is problematic for the upgrade path:
https://github.com/apache/pulsar/pull/15576#discussion_r872045946.

Alternatively, we could use the names
`PermissionOnSubscriptionRequired` and `subscription_auth_required`.
In that case, I would switch the admin API so that the admin API has a
single setter endpoint that takes the configuration as a part of the
body instead of relying on PUT to mean grant permission and DELETE to
mean revoke permission.

Please let me know if you have thoughts on what name(s) make sense for
this feature.

## Naming Conclusion
The current conclusion is to use `PermissionOnSubscriptionRequired`
and `subscription_auth_required`.

## API Changes

The API changes include updating the Admin API to enable getting and
modifying the namespace policy, as well as updating the namespace
AuthPolicy interface to store this new metadata field. There are also
analogous updates to the admin client and the `pulsar-admin` cli tool.

New endpoint for v1:

```java
@POST
@Path("/{property}/{cluster}/{namespace}/permissionOnSubscriptionRequired")
@ApiOperation(hidden = true, value = "Set whether a role requires
explicit permission to consume from a "
+ "subscription that has no subscription permission
defined in the namespace.")
@ApiResponses(value = {@ApiResponse(code = 403, message = "Don't
have admin permission"),
@ApiResponse(code = 404, message = "Property or cluster or
namespace doesn't exist"),
@ApiResponse(code = 409, message = "Concurrent modification"),
@ApiResponse(code = 501, message = "Authorization is not enabled")})
public void setPermissionOnSubscriptionRequired(
@Suspended final AsyncResponse asyncResponse,
@PathParam("property") String property,
@PathParam("cluster") String cluster,
@PathParam("namespace") String namespace,
boolean permissionOnSubscriptionRequired) {
validateNamespaceName(property, cluster, namespace);
internalSetPermissionOnSubscriptionRequired(asyncResponse,
permissionOnSubscriptionRequired);
}

@GET
@Path("/{property}/{cluster}/{namespace}/permissionOnSubscriptionRequired")
@ApiOperation(value = "Get whether a role requires explicit
permission to consume from a "
+ "subscription that has no subscription permission
defined in the namespace.")

[Discuss] Update Helm Chart to Support 2.10 Docker Image

[Michael Marshall]

Hello Pulsar Community,

With the 2.10.0 release, our Pulsar Docker images default to run as a
non-root user. In order to use the 2.10.0 Docker image with the Apache
Pulsar Helm Chart, we need to merge this PR [0]. If you're able,
please review it. Once merged, I propose that we follow up with a
release so that users wanting to upgrade to 2.10.0 have an upgrade
path.

Thanks,
Michael

[0] https://github.com/apache/pulsar-helm-chart/pull/266

[GitHub] [pulsar-site] michaeljmarshall commented on issue #86: Only Index Docs from Currently Supported Versions

[GitBox]

michaeljmarshall commented on issue #86:
URL: https://github.com/apache/pulsar-site/issues/86#issuecomment-1132128065

   > (2) Include those versions in the exclude pattern.
   
   I support this option--I assume that some users are still running outdated 
versions of Pulsar, and they would benefit from the docs being online.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [VOTE][PIP-167] Make it Configurable to Require Subscription Permission

[Enrico Olivelli]

+1 (binding)

Enrico

Il Gio 19 Mag 2022, 20:51 Michael Marshall  ha
scritto:

> Hi Pulsar Community,
>
> This is the voting thread for PIP 167.
>
> GitHub Issue: https://github.com/apache/pulsar/issues/15597.
> Discussion Thread:
> https://lists.apache.org/thread/x6zg2l7hrtopd0yty93fhctsnm9n0wbt
>
> Thanks,
> Michael
>
> --
>
> Mailing list thread:
> https://lists.apache.org/thread/x6zg2l7hrtopd0yty93fhctsnm9n0wbt
>
> ## Motivation
>
> Pulsar supports subscription level authorization. When combined with
> topic level authorization, a user can configure Pulsar to limit which
> roles can consume from which topic subscriptions. However, when this
> feature is left unconfigured for a subscription, a role that has
> permission to consume from a topic is, by default, implicitly granted
> permission to consume from any subscription on that topic. As a
> consequence, a missed security configuration could lead to accidental
> privilege escalation. Here is a reference to the code responsible for
> the current behavior:
>
>
> https://github.com/apache/pulsar/blob/6864b0ae5520e06b9d0fc5dcfa5a0a0a44feee87/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java#L115-L122
>
> ## Goal
>
> I propose we add a namespace policy to configure a Pulsar namespace to
> either allow all or reject all roles when there is no configuration
> for a specific subscription’s permission. This way, a missed
> configuration results in a rejected request due to insufficient
> permission.
>
> This PIP will not change the current behavior and will be backwards
> compatible. It will add a new boolean field to the existing
> `auth_policies` namespace policy to configure how the
> `PulsarAuthorizationProvider` handles an empty set of allowed roles in
> the `canConsume` method.
>
> ## Naming
>
> I am not settled on the right name for this feature/namespace policy
> yet. Hopefully this thread can help identify the right name.
>
> First, the existing subscription level authorization feature has
> several names. The Admin API calls this feature
> `PermissionOnSubscription`, the Pulsar Admin CLI tool calls it
> `subscription-permission`, the AuthPolicies interface calls it
> `SubscriptionAuthentication`, and the value is stored in the metadata
> store as `subscription_auth_roles`.
>
> My preferred names for this feature are `implicit_subscription_auth`
> and `implicitPermissionOnSubscription` because they work well with the
> “grant” and “revoke” actions, e.g.
> `grantImplicitPermissionOnSubscription` would be a PUT/POST call to
> the `/implicitPermissionOnSubscription` endpoint to set the policy
> value to true. However, that policy name requires the default value to
> be true to maintain backwards compatibility. Enrico expressed concern
> that defaulting to true is problematic for the upgrade path:
> https://github.com/apache/pulsar/pull/15576#discussion_r872045946.
>
> Alternatively, we could use the names
> `PermissionOnSubscriptionRequired` and `subscription_auth_required`.
> In that case, I would switch the admin API so that the admin API has a
> single setter endpoint that takes the configuration as a part of the
> body instead of relying on PUT to mean grant permission and DELETE to
> mean revoke permission.
>
> Please let me know if you have thoughts on what name(s) make sense for
> this feature.
>
> ## Naming Conclusion
> The current conclusion is to use `PermissionOnSubscriptionRequired`
> and `subscription_auth_required`.
>
> ## API Changes
>
> The API changes include updating the Admin API to enable getting and
> modifying the namespace policy, as well as updating the namespace
> AuthPolicy interface to store this new metadata field. There are also
> analogous updates to the admin client and the `pulsar-admin` cli tool.
>
> New endpoint for v1:
>
> ```java
> @POST
>
> @Path("/{property}/{cluster}/{namespace}/permissionOnSubscriptionRequired")
> @ApiOperation(hidden = true, value = "Set whether a role requires
> explicit permission to consume from a "
> + "subscription that has no subscription permission
> defined in the namespace.")
> @ApiResponses(value = {@ApiResponse(code = 403, message = "Don't
> have admin permission"),
> @ApiResponse(code = 404, message = "Property or cluster or
> namespace doesn't exist"),
> @ApiResponse(code = 409, message = "Concurrent modification"),
> @ApiResponse(code = 501, message = "Authorization is not
> enabled")})
> public void setPermissionOnSubscriptionRequired(
> @Suspended final AsyncResponse asyncResponse,
> @PathParam("property") String property,
> @PathParam("cluster") String cluster,
> @PathParam("namespace") String namespace,
> boolean permissionOnSubscriptionRequired) {
> validateNamespaceName(property, cluster, namespace);
> internalSetPermissionOnSubscriptionRequired(asyncResponse,
> permissionOnSubscriptionRequired);
> 

[GitHub] [pulsar-site] urfreespace merged pull request #88: feat: disable old website algolia

[GitBox]

urfreespace merged PR #88:
URL: https://github.com/apache/pulsar-site/pull/88


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] yuweisung opened a new issue, #89: filesystem tiered storage markup issue

[GitBox]

yuweisung opened a new issue, #89:
URL: https://github.com/apache/pulsar-site/issues/89

   IN Configuration section of the link,
https://pulsar.apache.org/docs/tiered-storage-filesystem/

Configuration
 Configure filesystem offloader driver 
 NFS tab
The Required description concats with the mark down table. 

Please fix the mark down format


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] yuweisung commented on issue #89: filesystem tiered storage markup issue

[GitBox]

yuweisung commented on issue #89:
URL: https://github.com/apache/pulsar-site/issues/89#issuecomment-1132355892

   ![Screen Shot 2022-05-19 at 9 27 30 
AM](https://user-images.githubusercontent.com/1286000/169430754-4df78eed-1709-41a3-9bc5-0213a83d680f.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[DISCUSS] PIP-168: Support zero-copy of NIC to NIC on Proxy

[Cong Zhao]

Hello Pulsar Community,

Here is a PIP to support zero-copy of NIC to NIC on the proxy server. I
look forward to your feedback.

PIP: https://github.com/apache/pulsar/issues/15597 Thanks, Cong Zhao

[GitHub] [pulsar-site] Anonymitaet commented on issue #83: Wrong position settings for GitHub Stars badge

[GitBox]

Anonymitaet commented on issue #83:
URL: https://github.com/apache/pulsar-site/issues/83#issuecomment-1132377109

   > Okay, I'll pick some problems to solve
   
   No I mean @SignorMercurio would you mind taking care of other issues? Feel 
free to pick your desired ones 
[here](https://github.com/apache/pulsar/issues?q=is%3Aopen+is%3Aissue+label%3Awebsite)
   
   @zrsaber please continue your work on the GitHub Icon issue, thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [DISCUSS] PIP-168: Support zero-copy of NIC to NIC on Proxy

[Cong Zhao]

sorry, I made a mistake. I'll send another one

On Fri, May 20, 2022 at 10:09 AM Cong Zhao  wrote:

> Hello Pulsar Community,
>
> Here is a PIP to support zero-copy of NIC to NIC on the proxy server. I
> look forward to your feedback.
>
> PIP: https://github.com/apache/pulsar/issues/15597 Thanks, Cong Zhao
>

[DISCUSS] PIP-168: Support zero-copy of NIC to NIC on Proxy

[Cong Zhao]

Hello Pulsar Community,


Here is a PIP to support zero-copy of NIC to NIC on the proxy server. I
look forward to your feedback.


PIP: https://github.com/apache/pulsar/issues/15631


Thanks,

Cong Zhao

[GitHub] [pulsar-site] urfreespace closed issue #78: Unable navigate to edit page due to dead link

[GitBox]

urfreespace closed issue #78: Unable navigate to edit page due to dead link
URL: https://github.com/apache/pulsar-site/issues/78


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] urfreespace commented on issue #78: Unable navigate to edit page due to dead link

[GitBox]

urfreespace commented on issue #78:
URL: https://github.com/apache/pulsar-site/issues/78#issuecomment-1132395790

   fixed


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [pulsar-site] Anonymitaet closed issue #89: filesystem tiered storage markup issue

[GitBox]

Anonymitaet closed issue #89: filesystem tiered storage markup issue
URL: https://github.com/apache/pulsar-site/issues/89


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@pulsar.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org