I've been looking into Apache Pulsar for a while for functionality and am quite happy. However, I just got into authentication/authorization and encountered a strange error with the Java admin client.
While I was able to perform all kinds of actions, like create/delete tenant, create/delete namespaces, create/delete partitioned topics, adding admin roles to tenants etc, when trying to grant namespace permissions to a role using
org.apache.pulsar.client.admin.Namespaces.grantPermissionOnNamespace()
I get this error:
org.apache.pulsar.client.admin.PulsarAdminException$ServerSideErrorException: HTTP 501 Not Implemented
I can't believe such an important feature wouldn't be implemented, so I'm guessing the error just obscures something else.
I created a new tenant (without any admin role) with a new namespace. The role I tried to add is just made up, I'm not sure it has to be registered somewhere first (but I didn't find anything to do that). I tried granting consume or produce actions separately and both at the same time, but nothing worked.
There is no super-user configured on the broker, but considering I could literally execute all other operations without it, it seems far-fetched that only a super-user could do this. Currently all calls are not authenticated. Could that be a problem? But that would raise the same question: Why could I do everything else, just not granting permissions?
So what am I missing?
We're running Pulsar version 2.5.0 and also the Java pulsar-client-admin Maven artifact version 2.5.0.
