Skip to content

[Bug] [broker] Producer and consumer will all be disconnected while using tenant admin to produce/consume #20066

New issue
New issue
Closed
Closed
[Bug] [broker] Producer and consumer will all be disconnected while using tenant admin to produce/consume#20066
#20142 (+2)
Labels
type/bugThe PR fixed a bug or issue reported a bug
@dragonls

Description

@dragonls
dragonls
opened on Apr 11, 2023

Search before asking

  • I searched in the issues and found nothing similar.

Version

Pulsar 2.9.3

Minimal reproduce step

  1. Set up a pulsar cluster with topicLevelPoliciesEnabled=true.
  2. Create a namespace t1/n1 and set admin role tenant_admin as the admin of tenant t1.
  3. Create topic t1/n1/t1 and use role tenant_admin to produce/consumer this topic. DO NOT GRANT the permissions of tenant_admin to the topic/namespace.
  4. Update the namespace/topic policy, such as grant another role role1 with produce to topic t1/n1/t1.
  5. We can see the producers/consumers of role tenant_admin will all first disconnect and then reconnect.

What did you expect to see?

All producers and consumers should be stable.

What did you see instead?

The producers/consumers of role tenant_admin will all first disconnect and then reconnect.

Anything else?

According to the logic in org.apache.pulsar.broker.service.ServerCnx, all permission check will go to org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider#allowTopicOperationAsync, which means the tenant admin should be the super user of all namespace/topic under specific tenant.

Are you willing to submit a PR?

  • I'm willing to submit a PR!

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/bugThe PR fixed a bug or issue reported a bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions