You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ju...@apache.org on 2017/05/26 22:25:07 UTC
kafka git commit: KAFKA-5333; Remove Broker ACL resource type
Repository: kafka
Updated Branches:
refs/heads/trunk 7892b4e6c -> 68eed84f2
KAFKA-5333; Remove Broker ACL resource type
Author: Ismael Juma <is...@juma.me.uk>
Reviewers: Jun Rao <ju...@gmail.com>
Closes #3154 from ijuma/kafka-5333-remove-broker-acl-resource-type
Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/68eed84f
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/68eed84f
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/68eed84f
Branch: refs/heads/trunk
Commit: 68eed84f24a4771ccd805d8f39340eb7599df2ed
Parents: 7892b4e
Author: Ismael Juma <is...@juma.me.uk>
Authored: Fri May 26 15:25:02 2017 -0700
Committer: Jun Rao <ju...@gmail.com>
Committed: Fri May 26 15:25:02 2017 -0700
----------------------------------------------------------------------
.../errors/BrokerAuthorizationException.java | 23 --------------------
.../apache/kafka/common/protocol/Errors.java | 7 ------
.../src/main/scala/kafka/admin/AclCommand.scala | 10 ---------
.../kafka/security/auth/ResourceType.scala | 7 +-----
.../src/main/scala/kafka/server/KafkaApis.scala | 9 +++-----
.../scala/unit/kafka/admin/AclCommandTest.scala | 3 ---
6 files changed, 4 insertions(+), 55 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kafka/blob/68eed84f/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java b/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java
deleted file mode 100644
index 9f7211e..0000000
--- a/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.kafka.common.errors;
-
-public class BrokerAuthorizationException extends ApiException {
- public BrokerAuthorizationException(final String message) {
- super(message);
- }
-}
http://git-wip-us.apache.org/repos/asf/kafka/blob/68eed84f/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java b/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
index 9444eb5..dd02ff0 100644
--- a/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
+++ b/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
@@ -17,7 +17,6 @@
package org.apache.kafka.common.protocol;
import org.apache.kafka.common.errors.ApiException;
-import org.apache.kafka.common.errors.BrokerAuthorizationException;
import org.apache.kafka.common.errors.BrokerNotAvailableException;
import org.apache.kafka.common.errors.ClusterAuthorizationException;
import org.apache.kafka.common.errors.ConcurrentTransactionsException;
@@ -487,12 +486,6 @@ public enum Errors {
public ApiException build(String message) {
return new SecurityDisabledException(message);
}
- }),
- BROKER_AUTHORIZATION_FAILED(55, "Broker authorization failed", new ApiExceptionBuilder() {
- @Override
- public ApiException build(String message) {
- return new BrokerAuthorizationException(message);
- }
});
private interface ApiExceptionBuilder {
http://git-wip-us.apache.org/repos/asf/kafka/blob/68eed84f/core/src/main/scala/kafka/admin/AclCommand.scala
----------------------------------------------------------------------
diff --git a/core/src/main/scala/kafka/admin/AclCommand.scala b/core/src/main/scala/kafka/admin/AclCommand.scala
index e02b5dc..47659a9 100644
--- a/core/src/main/scala/kafka/admin/AclCommand.scala
+++ b/core/src/main/scala/kafka/admin/AclCommand.scala
@@ -31,7 +31,6 @@ object AclCommand {
val Newline = scala.util.Properties.lineSeparator
val ResourceTypeToValidOperations = Map[ResourceType, Set[Operation]] (
- Broker -> Set(DescribeConfigs),
Topic -> Set(Read, Write, Describe, Delete, DescribeConfigs, AlterConfigs, All),
Group -> Set(Read, Describe, All),
Cluster -> Set(Create, ClusterAction, DescribeConfigs, AlterConfigs, IdempotentWrite, All),
@@ -243,9 +242,6 @@ object AclCommand {
if (opts.options.has(opts.groupOpt))
opts.options.valuesOf(opts.groupOpt).asScala.foreach(group => resources += new Resource(Group, group.trim))
- if (opts.options.has(opts.brokerOpt))
- opts.options.valuesOf(opts.brokerOpt).asScala.foreach(broker => resources += new Resource(Broker, broker.toString))
-
if (opts.options.has(opts.transactionalIdOpt))
opts.options.valuesOf(opts.transactionalIdOpt).asScala.foreach(transactionalId =>
resources += new Resource(TransactionalId, transactionalId))
@@ -298,12 +294,6 @@ object AclCommand {
.describedAs("group")
.ofType(classOf[String])
- val brokerOpt = parser.accepts("broker", "broker to which the ACLs should be added or removed. " +
- "A value of * indicates the ACLs should apply to all brokers.")
- .withRequiredArg
- .describedAs("broker")
- .ofType(classOf[Int])
-
val transactionalIdOpt = parser.accepts("transactional-id", "The transactionalId to which ACLs should " +
"be added or removed. A value of * indicates the ACLs should apply to all transactionalIds.")
.withRequiredArg
http://git-wip-us.apache.org/repos/asf/kafka/blob/68eed84f/core/src/main/scala/kafka/security/auth/ResourceType.scala
----------------------------------------------------------------------
diff --git a/core/src/main/scala/kafka/security/auth/ResourceType.scala b/core/src/main/scala/kafka/security/auth/ResourceType.scala
index 9cfe1cd..4deb23b 100644
--- a/core/src/main/scala/kafka/security/auth/ResourceType.scala
+++ b/core/src/main/scala/kafka/security/auth/ResourceType.scala
@@ -26,11 +26,6 @@ case object Cluster extends ResourceType {
val error = Errors.CLUSTER_AUTHORIZATION_FAILED
}
-case object Broker extends ResourceType {
- val name = "Broker"
- val error = Errors.BROKER_AUTHORIZATION_FAILED
-}
-
case object Topic extends ResourceType {
val name = "Topic"
val error = Errors.TOPIC_AUTHORIZATION_FAILED
@@ -53,5 +48,5 @@ object ResourceType {
rType.getOrElse(throw new KafkaException(resourceType + " not a valid resourceType name. The valid names are " + values.mkString(",")))
}
- def values: Seq[ResourceType] = List(Cluster, Topic, Group, TransactionalId, Broker)
+ def values: Seq[ResourceType] = List(Cluster, Topic, Group, TransactionalId)
}
http://git-wip-us.apache.org/repos/asf/kafka/blob/68eed84f/core/src/main/scala/kafka/server/KafkaApis.scala
----------------------------------------------------------------------
diff --git a/core/src/main/scala/kafka/server/KafkaApis.scala b/core/src/main/scala/kafka/server/KafkaApis.scala
index 473d108..fb69c50 100644
--- a/core/src/main/scala/kafka/server/KafkaApis.scala
+++ b/core/src/main/scala/kafka/server/KafkaApis.scala
@@ -1957,8 +1957,7 @@ class KafkaApis(val requestChannel: RequestChannel,
val (authorizedResources, unauthorizedResources) = alterConfigsRequest.configs.asScala.partition { case (resource, _) =>
resource.`type` match {
case RResourceType.BROKER =>
- authorize(request.session, AlterConfigs, new Resource(Broker, resource.name)) ||
- authorize(request.session, AlterConfigs, Resource.ClusterResource)
+ authorize(request.session, AlterConfigs, Resource.ClusterResource)
case RResourceType.TOPIC =>
authorize(request.session, AlterConfigs, new Resource(Topic, resource.name)) ||
authorize(request.session, AlterConfigs, Resource.ClusterResource)
@@ -1975,7 +1974,7 @@ class KafkaApis(val requestChannel: RequestChannel,
private def configsAuthorizationApiError(session: RequestChannel.Session, resource: RResource): ApiError = {
val error = resource.`type` match {
- case RResourceType.BROKER => Errors.BROKER_AUTHORIZATION_FAILED
+ case RResourceType.BROKER => Errors.CLUSTER_AUTHORIZATION_FAILED
case RResourceType.TOPIC =>
// Don't leak topic name unless the user has describe topic permission
if (authorize(session, Describe, new Resource(Topic, resource.name)))
@@ -1991,9 +1990,7 @@ class KafkaApis(val requestChannel: RequestChannel,
val describeConfigsRequest = request.body[DescribeConfigsRequest]
val (authorizedResources, unauthorizedResources) = describeConfigsRequest.resources.asScala.partition { resource =>
resource.`type` match {
- case RResourceType.BROKER =>
- authorize(request.session, DescribeConfigs, new Resource(Broker, resource.name)) ||
- authorize(request.session, DescribeConfigs, Resource.ClusterResource)
+ case RResourceType.BROKER => authorize(request.session, DescribeConfigs, Resource.ClusterResource)
case RResourceType.TOPIC =>
authorize(request.session, DescribeConfigs, new Resource(Topic, resource.name)) ||
authorize(request.session, DescribeConfigs, Resource.ClusterResource)
http://git-wip-us.apache.org/repos/asf/kafka/blob/68eed84f/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
----------------------------------------------------------------------
diff --git a/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala b/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
index f379585..ecf3427 100644
--- a/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
+++ b/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
@@ -35,14 +35,12 @@ class AclCommandTest extends ZooKeeperTestHarness with Logging {
private val TopicResources = Set(new Resource(Topic, "test-1"), new Resource(Topic, "test-2"))
private val GroupResources = Set(new Resource(Group, "testGroup-1"), new Resource(Group, "testGroup-2"))
- private val BrokerResources = Set(new Resource(Broker, "0"), new Resource(Broker, "1"))
private val TransactionalIdResources = Set(new Resource(TransactionalId, "t0"), new Resource(TransactionalId, "t1"))
private val ResourceToCommand = Map[Set[Resource], Array[String]](
TopicResources -> Array("--topic", "test-1", "--topic", "test-2"),
Set(Resource.ClusterResource) -> Array("--cluster"),
GroupResources -> Array("--group", "testGroup-1", "--group", "testGroup-2"),
- BrokerResources -> Array("--broker", "0", "--broker", "1"),
TransactionalIdResources -> Array("--transactional-id", "t0", "--transactional-id", "t1")
)
@@ -54,7 +52,6 @@ class AclCommandTest extends ZooKeeperTestHarness with Logging {
Array("--operation", "Create", "--operation", "ClusterAction", "--operation", "DescribeConfigs",
"--operation", "AlterConfigs", "--operation", "IdempotentWrite")),
GroupResources -> (Set(Read, Describe), Array("--operation", "Read", "--operation", "Describe")),
- BrokerResources -> (Set(DescribeConfigs), Array("--operation", "DescribeConfigs")),
TransactionalIdResources -> (Set(Describe, Write), Array("--operation", "Describe", "--operation", "Write"))
)