You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by rs...@apache.org on 2018/12/04 09:56:31 UTC
[kafka] branch 2.0 updated: KAFKA-7702: Fix matching of prefixed
ACLs to match single char prefix (#5994)
This is an automated email from the ASF dual-hosted git repository.
rsivaram pushed a commit to branch 2.0
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.0 by this push:
new 85ae92c KAFKA-7702: Fix matching of prefixed ACLs to match single char prefix (#5994)
85ae92c is described below
commit 85ae92cf89c72c4fcf553c76aaf45a065cf07320
Author: Rajini Sivaram <ra...@googlemail.com>
AuthorDate: Tue Dec 4 09:44:11 2018 +0000
KAFKA-7702: Fix matching of prefixed ACLs to match single char prefix (#5994)
Reviewers: Jun Rao <ju...@gmail.com>
---
.../main/scala/kafka/security/auth/SimpleAclAuthorizer.scala | 7 +++----
.../unit/kafka/security/auth/SimpleAclAuthorizerTest.scala | 12 ++++++++++++
2 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
index 6de81d2..b64c8c2 100644
--- a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
+++ b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
@@ -231,10 +231,9 @@ class SimpleAclAuthorizer extends Authorizer with Logging {
.map(_.acls)
.getOrElse(Set.empty[Acl])
- val prefixed = aclCache.range(
- Resource(resourceType, resourceName, PatternType.PREFIXED),
- Resource(resourceType, resourceName.take(1), PatternType.PREFIXED)
- )
+ val prefixed = aclCache
+ .from(Resource(resourceType, resourceName, PatternType.PREFIXED))
+ .to(Resource(resourceType, resourceName.take(1), PatternType.PREFIXED))
.filterKeys(resource => resourceName.startsWith(resource.name))
.flatMap { case (resource, versionedAcls) => versionedAcls.acls }
.toSet
diff --git a/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala b/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
index 5461413..1468003 100644
--- a/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
+++ b/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
@@ -630,6 +630,18 @@ class SimpleAclAuthorizerTest extends ZooKeeperTestHarness {
}
@Test
+ def testSingleCharacterResourceAcls(): Unit = {
+ simpleAclAuthorizer.addAcls(Set[Acl](allowReadAcl), Resource(Topic, "f", LITERAL))
+ assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "f", LITERAL)))
+ assertFalse(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "foo", LITERAL)))
+
+ simpleAclAuthorizer.addAcls(Set[Acl](allowReadAcl), Resource(Topic, "_", PREFIXED))
+ assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "_foo", LITERAL)))
+ assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "_", LITERAL)))
+ assertFalse(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "foo_", LITERAL)))
+ }
+
+ @Test
def testGetAclsPrincipal(): Unit = {
val aclOnSpecificPrincipal = new Acl(principal, Allow, WildCardHost, Write)
simpleAclAuthorizer.addAcls(Set[Acl](aclOnSpecificPrincipal), resource)