You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/06/20 13:01:55 UTC

[GitHub] [pulsar] jiazhai edited a comment on issue #4560: when authentication enabled pulsar-admin topics list will fail for nonpersistent topics

jiazhai edited a comment on issue #4560: when authentication enabled pulsar-admin topics list will fail for nonpersistent topics
URL: https://github.com/apache/pulsar/issues/4560#issuecomment-504016817
 
 
   looking and debugging into the code,  
   **this issue happens under this condition**
   1. broker enable authentication. 
   2. broker not set ”brokerClientAuthenticationPlugin" and "brokerClientAuthenticationParameters“
   
   **this issue happens like this**
   1. user use pulsar-admin topics list to get all the topics, and internally this command will send request for both persistent and non-persistent rest endpoint. 
   2. for persistent rest endpoint, it runs well, since all the topics information could be get from /managed-ledgers in zk.
   3. while for non-persistent, it will first get all the bundles of this namespace, and these bundles may spread across different brokers,  so for each bundle, it will call 
   `pulsar().getAdminClient().topics().getListInBundleAsync(namespaceName.toString(), bundle)`
   to get the topic list in each bundle.
   4. in method `getAdminClient()`, it will create an internal pulsar admin client, and its authentication method is determined by parameter ”brokerClientAuthenticationPlugin" and "brokerClientAuthenticationParameters“. 
   
   ```
   public synchronized PulsarAdmin getAdminClient() throws PulsarServerException {
           if (this.adminClient == null) {
                   ServiceConfiguration conf = this.getConfiguration();
                   String adminApiUrl = conf.isBrokerClientTlsEnabled() ? webAddressTls(config) : webAddress(config);
                   PulsarAdminBuilder builder = PulsarAdmin.builder().serviceHttpUrl(adminApiUrl) //
                           .authentication( //
                                   conf.getBrokerClientAuthenticationPlugin(), //   < === 
                                   conf.getBrokerClientAuthenticationParameters());  < ===
   ...
                   builder.readTimeout(conf.getZooKeeperOperationTimeoutSeconds(), TimeUnit.SECONDS);
                   this.adminClient = builder.build();
               } 
       
           return this.adminClient;
       }
   ```
   since auth parameter not provided, so it will return 401, as in the picture.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services