Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What
Use RaftLog to handle policy persistence on the cluster.
Add DeprecationWarning for file-based authorization method.
Add
AddPolicy
,RevokePolicy
andListPolicy
endpoints to handle ACL policy changes.In general , via
AddPolicy
,RevokePolicy
andListPolicy
, the root client can interact with the cluster to modify ACL permissions. It can be either follower server for metadata leader. The RaftLog logic is completely abstracted from user viewpoint.To simplify the design, authorization now does not allow user to change authorization model (e.g: from ACL to RBAC for example). A default ACL-with-superuser model is used.
Minor bug fix: In case of
Subscribe
endpoint, previously, authorization is enforced only when the client requested to create a subscription stream. If somehow the permission is revoked, the client can continue to listen to message from the subscription stream which remains open. The issue is fixed in the PR.Why
To solve #409
Depends on liftbridge-io/go-liftbridge#122 and liftbridge-io/liftbridge-api#57