You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by si...@apache.org on 2020/07/27 04:35:41 UTC
[pulsar] branch master updated: Use Consume/Produce/Lookup
interfaces for specific operations in allowTopicOperation (#7587)
This is an automated email from the ASF dual-hosted git repository.
sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 516bad1 Use Consume/Produce/Lookup interfaces for specific operations in allowTopicOperation (#7587)
516bad1 is described below
commit 516bad1079830b3f5f5046b4237e12861f9ec3a9
Author: Sanjeev Kulkarni <sa...@gmail.com>
AuthorDate: Sun Jul 26 21:35:31 2020 -0700
Use Consume/Produce/Lookup interfaces for specific operations in allowTopicOperation (#7587)
### Motivation
Several parts of the code use allowTopicOperation while others use canConsume/canProduce/canLookup for those specific operations. This mr makes the former use the latter calls for specific operataions
---
.../authorization/AuthorizationProvider.java | 30 ++++++++++++----------
.../apache/pulsar/broker/admin/v2/Namespaces.java | 2 --
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
index 987ee77..57147e7 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
@@ -228,10 +228,7 @@ public interface AuthorizationProvider extends Closeable {
default CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, String originalRole, String role,
TenantOperation operation,
AuthenticationDataSource authData) {
- return FutureUtil.failedFuture(new IllegalStateException(
- String.format("allowTenantOperation(%s) on tenant %s is not supported by the Authorization" +
- " provider you are using.",
- operation.toString(), tenantName)));
+ return isTenantAdmin(tenantName, role, null, authData);
}
default Boolean allowTenantOperation(String tenantName, String originalRole, String role, TenantOperation operation,
@@ -287,11 +284,7 @@ public interface AuthorizationProvider extends Closeable {
default CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(NamespaceName namespaceName, PolicyName policy,
PolicyOperation operation, String originalRole,
String role, AuthenticationDataSource authData) {
- return FutureUtil.failedFuture(
- new IllegalStateException(
- String.format("NamespacePolicyOperation(%s) on namespace(%s) by role(%s) is not supported" +
- " by the Authorization provider you are using.", operation.toString(),
- namespaceName.toString(), role == null ? "null" : role)));
+ return isTenantAdmin(namespaceName.getTenant(), role, null, authData);
}
default Boolean allowNamespacePolicyOperation(NamespaceName namespaceName, PolicyName policy, PolicyOperation operation,
@@ -318,11 +311,20 @@ public interface AuthorizationProvider extends Closeable {
default CompletableFuture<Boolean> allowTopicOperationAsync(TopicName topic, String originalRole, String role,
TopicOperation operation,
AuthenticationDataSource authData) {
- return FutureUtil.failedFuture(
- new IllegalStateException(
- String.format("TopicOperation(%s) on topic(%s) by role(%s) is not supported" +
- " by the Authorization provider you are using.",
- operation.toString(), topic.toString(), role == null ? "null" : null)));
+ switch (operation) {
+ case PRODUCE:
+ return canProduceAsync(topic, role, authData);
+ case CONSUME:
+ return canConsumeAsync(topic, role, authData, null);
+ case LOOKUP:
+ return canLookupAsync(topic, role, authData);
+ default:
+ return FutureUtil.failedFuture(
+ new IllegalStateException(
+ String.format("TopicOperation(%s) on topic(%s) by role(%s) is not supported" +
+ " by the Authorization provider you are using.",
+ operation.toString(), topic.toString(), role == null ? "null" : null)));
+ }
}
default Boolean allowTopicOperation(TopicName topicName, String originalRole, String role, TopicOperation operation,
diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java
index 4dab8f2..0a9ec96 100644
--- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java
+++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java
@@ -133,7 +133,6 @@ public class Namespaces extends NamespacesBase {
public void createNamespace(@PathParam("tenant") String tenant, @PathParam("namespace") String namespace,
@ApiParam(value = "Policies for the namespace") Policies policies) {
validateNamespaceName(tenant, namespace);
- validateTenantOperation(tenant, TenantOperation.CREATE_NAMESPACE);
policies = getDefaultPolicesIfNull(policies);
internalCreateNamespace(policies);
}
@@ -250,7 +249,6 @@ public class Namespaces extends NamespacesBase {
public Set<String> getNamespaceReplicationClusters(@PathParam("tenant") String tenant,
@PathParam("namespace") String namespace) {
validateNamespaceName(tenant, namespace);
- validateNamespacePolicyOperation(NamespaceName.get(tenant, namespace), PolicyName.REPLICATION, PolicyOperation.READ);
return internalGetNamespaceReplicationClusters();
}