You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/04/03 13:04:59 UTC

[GitHub] [rocketmq] MatrixHB opened a new issue #4109: Updating broker write permission cannot take effect on broker side

MatrixHB opened a new issue #4109:
URL: https://github.com/apache/rocketmq/issues/4109


   We encountered such a case about broker write permission.
   When we execute the conmmand `sh mqadmin updateBrokerConfig -b {brokerIP}:10911  -k brokerPermission -v 4`, the Intps of this broker is expected to reduce to 0, but it didn't. 
   The possible reasons for this problem are:
   1、re-registerBroker to NameServer failed or timeout when executing the `UpdateBrokerConfigSubCommand`
   2、exception occurs when `updateTopicRouteInfoFromNameServer` on client side (Maybe lower version of client code hides bug)
   3、the client uses the send-message API selecting specific queue, not affected by the new routeInfo. 
   
   Then we found that there is no validation about topic write permission on broker side. The validation and interception is for order topic. 
   code: `org.apache.rocketmq.broker.processor.AbstractSendMessageProcessor#msgCheck`
   ```
   if (!PermName.isWriteable(this.brokerController.getBrokerConfig().getBrokerPermission())
             && this.brokerController.getTopicConfigManager().isOrderTopic(requestHeader.getTopic())) {
             response.setCode(ResponseCode.NO_PERMISSION);
             response.setRemark("the broker[" + this.brokerController.getBrokerConfig().getBrokerIP1()
                 + "] sending message is forbidden");
             return response;
   }
   ```
   Is it necessary to add validation for ordinary topic ?  The validation on broker side will cause send message error with "NO_PERMISSION" message, which means client needs to be aware of this exception. 
   
   
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org