[broker] Fix topic produced through REST not support Authorization #13771
Conversation
|
Hi , @liudezhi2098 Could you add some test for this change ? |
|
/pulsarbot run-failure-checks |
…_support_Authorization
|
/pulsarbot run-failure-checks |
2 similar comments
|
/pulsarbot run-failure-checks |
|
/pulsarbot run-failure-checks |
|
Hi @codelipenghui , The fix is critical to the existing community users who want to use the REST function. I suggest to add the fix as part of the release 2.9.2. |
Sorry , I mean the users that already implemented the Pulsar in their environment |
…_support_Authorization
|
@thomasechen Yes, we can contain it in 2.9.2 |
codelipenghui
requested review from
MarvinCai,
315157973,
gaoran10,
hangc0276,
merlimat,
hezhangjian,
Technoboy-,
tuteng and
zymap
| public void testProduceToNonPartitionedTopic(String token, int status) throws Exception { | ||
| admin.topics().createNonPartitionedTopic("persistent://" + testTenant + "/" | ||
| + testNamespace + "/" + testTopicName); | ||
| AsyncResponse asyncResponse = PowerMockito.mock(AsyncResponse.class); |
There was a problem hiding this comment.
The asyncResponse is never used, we can remove it.
There was a problem hiding this comment.
Others asyncResponse can be removed either.
| topics = spy(new Topics()); | ||
| topics.setPulsar(pulsar); |
There was a problem hiding this comment.
topics never used, we can remove it.
| admin.topics().createNonPartitionedTopic("persistent://" + testTenant + "/" | ||
| + testNamespace + "/" + testTopicName); | ||
| Schema<String> schema = StringSchema.utf8(); | ||
| ProducerMessages producerMessages = new ProducerMessages(); | ||
| producerMessages.setKeySchema(ObjectMapperFactory.getThreadLocal(). | ||
| writeValueAsString(schema.getSchemaInfo())); | ||
| producerMessages.setValueSchema(ObjectMapperFactory.getThreadLocal(). | ||
| writeValueAsString(schema.getSchemaInfo())); | ||
| String message = "[" + | ||
| "{\"key\":\"my-key\",\"payload\":\"RestProducer:1\",\"eventTime\":1603045262772,\"sequenceId\":1}," + | ||
| "{\"key\":\"my-key\",\"payload\":\"RestProducer:2\",\"eventTime\":1603045262772,\"sequenceId\":2}]"; | ||
| producerMessages.setMessages(ObjectMapperFactory.getThreadLocal().readValue(message, | ||
| new TypeReference<List<ProducerMessage>>() { | ||
| })); | ||
|
|
||
| WebTarget root = buildWebClient(); | ||
| Response response = root.path("/topics/persistent/" + testTenant + "/" + testNamespace + "/" | ||
| + testTopicName).request(MediaType.APPLICATION_JSON) | ||
| .header("Authorization", "Bearer " + token) | ||
| .post(Entity.json(producerMessages)); | ||
| Assert.assertEquals(response.getStatus(), status); |
There was a problem hiding this comment.
There are some repeated code blocks, maybe we could try to reuse the same code block. It seems that only topic names are different.
|
/pulsarbot run-failure-checks |
|
I have done the testing about producing the message through REST client. The HTTP client could produce the message successfully if I granted the authorization in the namespace or topic level. However, if I use the token which belongs to the tenant admin and there are no any permissions settings in the namespace and the topics level ,the system will refuse the HTTP client to produce the message to the topic and show the message under below. "Unauthorized to produce to topic persistent://tls/demo4/test with clientAppId [tls] and authdata org.apache.pulsar.broker.authentication.AuthenticationDataHttps@318c6550"}" Actually, if we use the client library (Java, Node), we can produce the message to the topic using the tenant admin token (the tenant admin role was set ) without granting additional permissions to the namespace or topics. Reproduce :
Conclusion: |
Master Issue: #13766
Motivation
fix topic produced through REST not support Authorization
Documentation
no-need-doc