You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rocketmq.apache.org by GitBox <gi...@apache.org> on 2022/02/14 01:39:52 UTC
[GitHub] [rocketmq] lizhiboo commented on a change in pull request #3761: [ISSUE #2986] Support for multiple ACL files in a fixed directory
lizhiboo commented on a change in pull request #3761:
URL: https://github.com/apache/rocketmq/pull/3761#discussion_r786686890
##########
File path: acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
##########
@@ -30,51 +41,74 @@
import org.apache.rocketmq.common.constant.LoggerName;
import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory;
-import org.apache.rocketmq.srvutil.FileWatchService;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import org.apache.rocketmq.srvutil.AclFileWatchService;
public class PlainPermissionManager {
private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.COMMON_LOGGER_NAME);
- private static final String DEFAULT_PLAIN_ACL_FILE = "/conf/plain_acl.yml";
-
Review comment:
remove old acl file directory incompatible with old version. Can old acl file and new acl dir coexist?
##########
File path: acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
##########
@@ -30,51 +43,145 @@
import org.apache.rocketmq.common.constant.LoggerName;
import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory;
-import org.apache.rocketmq.srvutil.FileWatchService;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import org.apache.rocketmq.srvutil.AclFileWatchService;
public class PlainPermissionManager {
private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.COMMON_LOGGER_NAME);
- private static final String DEFAULT_PLAIN_ACL_FILE = "/conf/plain_acl.yml";
-
private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY,
System.getenv(MixAll.ROCKETMQ_HOME_ENV));
- private String fileName = System.getProperty("rocketmq.acl.plain.file", DEFAULT_PLAIN_ACL_FILE);
+ private String defaultAclDir = fileHome + File.separator + "conf";
+
+ //private String defaultAclFile = fileHome + File.separator
+ // + System.getProperty("rocketmq.acl.dir", "/conf") + File.separator + "plain_acl.yml";
+ private String defaultAclFile = fileHome + File.separator + System.getProperty("rocketmq.acl.plain.file", "conf/plain_acl.yml");
+
+ private Map<String/** fileFullPath **/, Map<String/** AccessKey **/, PlainAccessResource>> aclPlainAccessResourceMap = new HashMap<>();
- private Map<String/** AccessKey **/, PlainAccessResource> plainAccessResourceMap = new HashMap<>();
+ private Map<String/** AccessKey **/, String/** fileFullPath **/> accessKeyTable = new HashMap<>();
private List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new ArrayList<>();
private RemoteAddressStrategyFactory remoteAddressStrategyFactory = new RemoteAddressStrategyFactory();
+ private Map<String/** fileFullPath **/, List<RemoteAddressStrategy>> globalWhiteRemoteAddressStrategyMap = new HashMap<>();
+
private boolean isWatchStart;
+ private Map<String/** fileFullPath **/, DataVersion> dataVersionMap = new HashMap<>();
+
+ @Deprecated
private final DataVersion dataVersion = new DataVersion();
+ private List<String> fileList = new ArrayList<>();
+
public PlainPermissionManager() {
load();
watch();
}
+ public List<String> getAllAclFiles(String path) {
+ List<String> allAclFileFullPath = new ArrayList<>();
+ File file = new File(path);
+ File[] files = file.listFiles();
+ for (int i = 0; i < files.length; i++) {
+ String fileName = files[i].getAbsolutePath();
+ File f = new File(fileName);
+ if (fileName.equals(fileHome + MixAll.ACL_CONF_TOOLS_FILE)) {
+ continue;
+ } else if (fileName.endsWith(".yml") || fileName.endsWith(".yaml")) {
+ allAclFileFullPath.add(fileName);
+ } else if (f.isDirectory()) {
+ allAclFileFullPath.addAll(getAllAclFiles(fileName));
+ }
+ }
+ return allAclFileFullPath;
+ }
+
public void load() {
+ if (fileHome == null || fileHome.isEmpty()) {
+ return;
+ }
+
+ Map<String, Map<String, PlainAccessResource>> aclPlainAccessResourceMap = new HashMap<>();
+ Map<String, String> accessKeyTable = new HashMap<>();
+ List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new ArrayList<>();
+ Map<String, List<RemoteAddressStrategy>> globalWhiteRemoteAddressStrategyMap = new HashMap<>();
+ Map<String, DataVersion> dataVersionMap = new HashMap<>();
+ fileList = getAllAclFiles(defaultAclDir);
+ if (new File(defaultAclFile).exists() && !fileList.contains(defaultAclFile)) {
+ fileList.add(defaultAclFile);
+ }
+
+ for (int i = 0; i < fileList.size(); i++) {
+ JSONObject plainAclConfData = AclUtils.getYamlDataObject(fileList.get(i),
+ JSONObject.class);
+ if (plainAclConfData == null || plainAclConfData.isEmpty()) {
+ throw new AclException(String.format("%s file is not data", fileList.get(i)));
+ }
+ log.info("Broker plain acl conf data is : ", plainAclConfData.toString());
+
+ List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategyList = new ArrayList<>();
+ JSONArray globalWhiteRemoteAddressesList = plainAclConfData.getJSONArray("globalWhiteRemoteAddresses");
+ if (globalWhiteRemoteAddressesList != null && !globalWhiteRemoteAddressesList.isEmpty()) {
+ for (int j = 0; j < globalWhiteRemoteAddressesList.size(); j++) {
+ globalWhiteRemoteAddressStrategyList.add(remoteAddressStrategyFactory.
+ getRemoteAddressStrategy(globalWhiteRemoteAddressesList.getString(j)));
+ }
+ }
+ if (globalWhiteRemoteAddressStrategyList.size() > 0) {
+ globalWhiteRemoteAddressStrategyMap.put(fileList.get(i), globalWhiteRemoteAddressStrategyList);
+ globalWhiteRemoteAddressStrategy.addAll(globalWhiteRemoteAddressStrategyList);
+ }
+
+ JSONArray accounts = plainAclConfData.getJSONArray(AclConstants.CONFIG_ACCOUNTS);
+ Map<String, PlainAccessResource> plainAccessResourceMap = new HashMap<>();
+ if (accounts != null && !accounts.isEmpty()) {
+ List<PlainAccessConfig> plainAccessConfigList = accounts.toJavaList(PlainAccessConfig.class);
+ for (PlainAccessConfig plainAccessConfig : plainAccessConfigList) {
+ PlainAccessResource plainAccessResource = buildPlainAccessResource(plainAccessConfig);
+ //AccessKey can not be defined in multiple ACL files
+ if (accessKeyTable.get(plainAccessResource.getAccessKey()) == null) {
Review comment:
IMO, if accessKeyTable contains aplainAccessResource.getAccessKey(), print warn log will be better.
##########
File path: acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
##########
@@ -30,51 +43,145 @@
import org.apache.rocketmq.common.constant.LoggerName;
import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory;
-import org.apache.rocketmq.srvutil.FileWatchService;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import org.apache.rocketmq.srvutil.AclFileWatchService;
public class PlainPermissionManager {
private static final InternalLogger log = InternalLoggerFactory.getLogger(LoggerName.COMMON_LOGGER_NAME);
- private static final String DEFAULT_PLAIN_ACL_FILE = "/conf/plain_acl.yml";
-
private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY,
System.getenv(MixAll.ROCKETMQ_HOME_ENV));
- private String fileName = System.getProperty("rocketmq.acl.plain.file", DEFAULT_PLAIN_ACL_FILE);
+ private String defaultAclDir = fileHome + File.separator + "conf";
+
+ //private String defaultAclFile = fileHome + File.separator
+ // + System.getProperty("rocketmq.acl.dir", "/conf") + File.separator + "plain_acl.yml";
+ private String defaultAclFile = fileHome + File.separator + System.getProperty("rocketmq.acl.plain.file", "conf/plain_acl.yml");
+
+ private Map<String/** fileFullPath **/, Map<String/** AccessKey **/, PlainAccessResource>> aclPlainAccessResourceMap = new HashMap<>();
- private Map<String/** AccessKey **/, PlainAccessResource> plainAccessResourceMap = new HashMap<>();
+ private Map<String/** AccessKey **/, String/** fileFullPath **/> accessKeyTable = new HashMap<>();
private List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new ArrayList<>();
private RemoteAddressStrategyFactory remoteAddressStrategyFactory = new RemoteAddressStrategyFactory();
+ private Map<String/** fileFullPath **/, List<RemoteAddressStrategy>> globalWhiteRemoteAddressStrategyMap = new HashMap<>();
+
private boolean isWatchStart;
+ private Map<String/** fileFullPath **/, DataVersion> dataVersionMap = new HashMap<>();
+
+ @Deprecated
private final DataVersion dataVersion = new DataVersion();
+ private List<String> fileList = new ArrayList<>();
+
public PlainPermissionManager() {
load();
watch();
}
+ public List<String> getAllAclFiles(String path) {
+ List<String> allAclFileFullPath = new ArrayList<>();
+ File file = new File(path);
+ File[] files = file.listFiles();
Review comment:
IMO, check file is directory will be better
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@rocketmq.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org