You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2022/09/01 09:11:04 UTC
[GitHub] [pulsar] TakaHiR07 opened a new pull request, #17393: [fix][broker] fix can not revoke permission after update topic partition
TakaHiR07 opened a new pull request, #17393:
URL: https://github.com/apache/pulsar/pull/17393
### Motivation
related to #16768
### Modifications
should not fail a request that attempts to remove permission from a partition of a topic that was not already granted permission
### Verifying this change
- [x] Make sure that the change passes the CI checks.
### Does this pull request potentially affect one of the following parts:
*If `yes` was chosen, please highlight the changes*
- Dependencies (does it add or upgrade a dependency): no
- The public API: no
- The schema: no
- The default values of configurations: no
- The wire protocol: no
- The rest endpoints: no
- The admin cli options: no
- Anything that affects deployment: no
### Documentation
Check the box below or label this PR directly.
Need to update docs?
- [ ] `doc-required`
(Your PR needs to update docs and you will update later)
- [x] `doc-not-needed`
(Please explain why)
- [ ] `doc`
(Your PR contains doc changes)
- [ ] `doc-complete`
(Docs have been already added)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nodece commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
nodece commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961300330
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java:
##########
@@ -354,8 +354,12 @@ private CompletableFuture<Void> revokePermissionsAsync(String topicUri, String r
|| !policies.auth_policies.getTopicAuthentication().get(topicUri).containsKey(role)) {
log.warn("[{}] Failed to revoke permission from role {} on topic: Not set at topic level {}",
clientAppId(), role, topicUri);
- return FutureUtil.failedFuture(new RestException(Status.PRECONDITION_FAILED,
- "Permissions are not set at the topic level"));
+ if (force) {
Review Comment:
Similar to https://github.com/apache/pulsar/blob/f1d11586e96344c40cab923f0ed89961d673cd5c/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java#L4963-L4973
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nodece commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
nodece commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961349150
##########
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithJwtAuthorizationTest.java:
##########
@@ -297,6 +299,26 @@ public void testUpdatePartitionNumAndReconnect() throws Exception {
Assert.assertEquals(messageSet, receivedMessageSet);
consumer.close();
producer.close();
+
+ // revoke produce/consume permission
+ admin.topics().revokePermissions(topicName, CLIENT_ROLE);
Review Comment:
Oh, I see.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] TakaHiR07 commented on pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
TakaHiR07 commented on PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#issuecomment-1244868110
> @TakaHiR07 It looks like we got many conflicts when cherry-picking it to branch-2.9. Would you mind pushing a PR to branch-2.9? (To avoid cherry-picking involving bugs)
I can help cherry-pick this pr to branch-2.9.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] TakaHiR07 commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
TakaHiR07 commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961325747
##########
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithJwtAuthorizationTest.java:
##########
@@ -297,6 +299,26 @@ public void testUpdatePartitionNumAndReconnect() throws Exception {
Assert.assertEquals(messageSet, receivedMessageSet);
consumer.close();
producer.close();
+
+ // revoke produce/consume permission
+ admin.topics().revokePermissions(topicName, CLIENT_ROLE);
Review Comment:
I guess it has cover
1. Line274 increasing partition from 2 to 4
2. Line304 revoke topic permission
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nodece merged pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
nodece merged PR #17393:
URL: https://github.com/apache/pulsar/pull/17393
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nodece commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
nodece commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961295634
##########
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithJwtAuthorizationTest.java:
##########
@@ -297,6 +299,26 @@ public void testUpdatePartitionNumAndReconnect() throws Exception {
Assert.assertEquals(messageSet, receivedMessageSet);
consumer.close();
producer.close();
+
+ // revoke produce/consume permission
+ admin.topics().revokePermissions(topicName, CLIENT_ROLE);
Review Comment:
This test doesn't cover your changes:
1. Increasing this topic partition
2. Revoking this topic permission
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961296266
##########
pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithJwtAuthorizationTest.java:
##########
@@ -297,6 +299,26 @@ public void testUpdatePartitionNumAndReconnect() throws Exception {
Assert.assertEquals(messageSet, receivedMessageSet);
consumer.close();
producer.close();
+
+ // revoke produce/consume permission
+ admin.topics().revokePermissions(topicName, CLIENT_ROLE);
Review Comment:
Good catch.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] nodece commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
nodece commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961294204
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java:
##########
@@ -354,8 +354,12 @@ private CompletableFuture<Void> revokePermissionsAsync(String topicUri, String r
|| !policies.auth_policies.getTopicAuthentication().get(topicUri).containsKey(role)) {
log.warn("[{}] Failed to revoke permission from role {} on topic: Not set at topic level {}",
clientAppId(), role, topicUri);
- return FutureUtil.failedFuture(new RestException(Status.PRECONDITION_FAILED,
- "Permissions are not set at the topic level"));
+ if (force) {
Review Comment:
Hi @michaeljmarshall and @TakaHiR07, I don't suggest throwing an exception when the policy doesn't exist.
What do you think of this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] TakaHiR07 commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
TakaHiR07 commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961336117
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java:
##########
@@ -354,8 +354,12 @@ private CompletableFuture<Void> revokePermissionsAsync(String topicUri, String r
|| !policies.auth_policies.getTopicAuthentication().get(topicUri).containsKey(role)) {
log.warn("[{}] Failed to revoke permission from role {} on topic: Not set at topic level {}",
clientAppId(), role, topicUri);
- return FutureUtil.failedFuture(new RestException(Status.PRECONDITION_FAILED,
- "Permissions are not set at the topic level"));
+ if (force) {
Review Comment:
I prefer to keep the same behavior as pulsar old version temporarily. We can enhance this exception throw in the refactor of permission module
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] mattisonchao commented on pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
mattisonchao commented on PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#issuecomment-1244821489
@TakaHiR07
It looks like we got many conflicts when cherry-picking it to branch-2.9.
Would you mind pushing a PR to branch-2.9? (To avoid cherry-picking involving bugs)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] TakaHiR07 commented on pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
TakaHiR07 commented on PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#issuecomment-1235028252
This is the first PR only fix can not revoke permission problem. You can take a look. @michaeljmarshall @nodece
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] michaeljmarshall commented on a diff in pull request #17393: [fix][broker] fix can not revoke permission after update topic partition
Posted by GitBox <gi...@apache.org>.
michaeljmarshall commented on code in PR #17393:
URL: https://github.com/apache/pulsar/pull/17393#discussion_r961295279
##########
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java:
##########
@@ -354,8 +354,12 @@ private CompletableFuture<Void> revokePermissionsAsync(String topicUri, String r
|| !policies.auth_policies.getTopicAuthentication().get(topicUri).containsKey(role)) {
log.warn("[{}] Failed to revoke permission from role {} on topic: Not set at topic level {}",
clientAppId(), role, topicUri);
- return FutureUtil.failedFuture(new RestException(Status.PRECONDITION_FAILED,
- "Permissions are not set at the topic level"));
+ if (force) {
Review Comment:
Sure, it's worth discussing if we should fail a `DELETE` request for something that is already deleted. Do we have a common pattern in Pulsar already for this design choice? My preference is to be consistent with the rest of the API.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org