pulsar-helm-chart icon indicating copy to clipboard operation
pulsar-helm-chart copied to clipboard
verified publisher icon datastax

Remove the need to include the proxy role in superUserRoles

Open lhotari opened this issue 4 years ago • 1 comments

Fixes #124

lhotari avatar Jan 18 '22 13:01 lhotari

I'm starting to doubt this change. In the Pulsar docs it says "You must authorize both the proxy role and the original principal to access a resource to ensure that the resource is accessible via the proxy. " in https://pulsar.apache.org/docs/en/security-authorization/#proxy-roles

I'd assume that as long as the proxy has been authorized to pass on the client's principal, the broker would trust that information for doing the authentication decision. Why would all resources need to contain the proxy role?

lhotari avatar Jan 21 '22 08:01 lhotari