You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by mm...@apache.org on 2018/02/23 22:54:48 UTC
[incubator-pulsar] branch master updated: allow superuser to
consume without subscription_auth_mode check (#1273)
This is an automated email from the ASF dual-hosted git repository.
mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 7eb1002 allow superuser to consume without subscription_auth_mode check (#1273)
7eb1002 is described below
commit 7eb1002f35fc5ba3cb75d90b307215cf2290f98a
Author: hrsakai <hs...@yahoo-corp.jp>
AuthorDate: Sat Feb 24 07:54:46 2018 +0900
allow superuser to consume without subscription_auth_mode check (#1273)
---
.../apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java | 2 +-
.../src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index dc0ba83..7bd9246 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -109,7 +109,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider {
log.debug("Policies node couldn't be found for destination : {}", destination);
}
} else {
- if (isNotBlank(subscription)) {
+ if (isNotBlank(subscription) && !isSuperUser(role)) {
switch (policies.get().subscription_auth_mode) {
case Prefix:
if (!subscription.startsWith(role)) {
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
index 69bfb35..c95fbd7 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
@@ -49,6 +49,7 @@ public class AuthorizationTest extends MockedPulsarServiceBaseTest {
conf.setClusterName("c1");
conf.setAuthorizationEnabled(true);
conf.setAuthorizationAllowWildcardsMatching(true);
+ conf.setSuperUserRoles(Sets.newHashSet("pulsar.super_user"));
internalSetup();
}
@@ -206,6 +207,7 @@ public class AuthorizationTest extends MockedPulsarServiceBaseTest {
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "role1", null, "role1-sub1"), true);
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "role2", null, "role2-sub2"), true);
+ assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), "pulsar.super_user", null, "role3-sub1"), true);
admin.namespaces().deleteNamespace("p1/c1/ns1");
admin.properties().deleteProperty("p1");
--
To stop receiving notification emails like this one, please contact
mmerli@apache.org.