You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by pe...@apache.org on 2022/05/09 14:05:17 UTC
[pulsar] branch master updated: Fix grant all permissions but can't list topic. (#15501)
This is an automated email from the ASF dual-hosted git repository.
penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 5155b1df876 Fix grant all permissions but can't list topic. (#15501)
5155b1df876 is described below
commit 5155b1df876bd98d173e87753cca642b82b6595a
Author: Jiwei Guo <te...@apache.org>
AuthorDate: Mon May 9 22:05:07 2022 +0800
Fix grant all permissions but can't list topic. (#15501)
---
.../authorization/PulsarAuthorizationProvider.java | 2 +-
.../apache/pulsar/broker/auth/AuthorizationTest.java | 18 +++---------------
2 files changed, 4 insertions(+), 16 deletions(-)
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index 087b37345f9..77e7edb64d7 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -480,6 +480,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider {
namespaceName, role, authData, AuthAction.packages);
case GET_TOPIC:
case GET_TOPICS:
+ case GET_BUNDLE:
return allowConsumeOrProduceOpsAsync(namespaceName, role, authData);
case UNSUBSCRIBE:
case CLEAR_BACKLOG:
@@ -488,7 +489,6 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider {
case CREATE_TOPIC:
case DELETE_TOPIC:
case ADD_BUNDLE:
- case GET_BUNDLE:
case DELETE_BUNDLE:
case GRANT_PERMISSION:
case GET_PERMISSION:
diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
index 574e7a14c43..39a91f72dc7 100644
--- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
+++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
@@ -19,7 +19,6 @@
package org.apache.pulsar.broker.auth;
import static org.mockito.Mockito.when;
-import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertFalse;
import static org.testng.Assert.assertTrue;
import static org.testng.Assert.fail;
@@ -27,7 +26,6 @@ import java.util.EnumSet;
import org.apache.pulsar.broker.authorization.AuthorizationService;
import org.apache.pulsar.client.admin.PulsarAdmin;
import org.apache.pulsar.client.admin.PulsarAdminBuilder;
-import org.apache.pulsar.client.admin.PulsarAdminException;
import org.apache.pulsar.common.naming.TopicDomain;
import org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.common.policies.data.AuthAction;
@@ -232,7 +230,7 @@ public class AuthorizationTest extends MockedPulsarServiceBaseTest {
}
@Test
- public void testGetListWithoutGetBundleOp() throws Exception {
+ public void testGetListWithGetBundleOp() throws Exception {
String tenant = "p1";
String namespaceV1 = "p1/global/ns1";
String namespaceV2 = "p1/ns2";
@@ -248,18 +246,8 @@ public class AuthorizationTest extends MockedPulsarServiceBaseTest {
.authentication(new MockAuthentication("pass.pass2"))
.build();
when(pulsar.getAdminClient()).thenReturn(admin2);
- try {
- admin2.topics().getList(namespaceV1, TopicDomain.non_persistent);
- } catch (Exception ex) {
- assertTrue(ex instanceof PulsarAdminException.NotAuthorizedException);
- assertEquals(ex.getMessage(), "Unauthorized to validateNamespaceOperation for operation [GET_BUNDLE] on namespace [p1/global/ns1]");
- }
- try {
- admin2.topics().getList(namespaceV2, TopicDomain.non_persistent);
- } catch (Exception ex) {
- assertTrue(ex instanceof PulsarAdminException.NotAuthorizedException);
- assertEquals(ex.getMessage(), "Unauthorized to validateNamespaceOperation for operation [GET_BUNDLE] on namespace [p1/ns2]");
- }
+ Assert.assertEquals(admin2.topics().getList(namespaceV1, TopicDomain.non_persistent).size(), 0);
+ Assert.assertEquals(admin2.topics().getList(namespaceV2, TopicDomain.non_persistent).size(), 0);
}
private static void waitForChange() {