-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Authorization] Role with namespace produce authz can also get topics #13773
[Authorization] Role with namespace produce authz can also get topics #13773
Conversation
log.debug("Namespace [{}] Role [{}] exception occurred while trying to check " | ||
+ "Consume permissions. {}", namespaceName, role, ex.getMessage()); | ||
} | ||
finalResult.completeExceptionally(e); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something strange here, do we need e
or ex
?
Besides, we need getCause()
in the exception of CompletableFuture, otherwise, we will get CompletionException
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- we need
ex
in finalResult.completeExceptionally(). - I has used
getCause()
.
PTAL again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good work
I left some feedback
...common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
Outdated
Show resolved
Hide resolved
return; | ||
} | ||
} else { | ||
if (log.isDebugEnabled()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we cannot let pass every exception
we should fall back to checking the second action only in case of missing authentication, otherwise if there is a system error (system overloaded?) we are going to generate the error twice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we cannot let pass every exception
If there is an exception or error when checking the first action and we end the subsequent checks, so even if the user has the second permission and it will not take effect. Does this not meet expectations?
we should fall back to checking the second action only in case of missing authentication
I traced the implementation of allowTheSpecifiedActionOpsAsync
and not found exceptions related to authentication
, so I can't tell whether to perform the second check.
In addition, the implementation logic of this PR is similar canLookupAsync
, as follows:
Lines 179 to 211 in d972990
public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String role, | |
AuthenticationDataSource authenticationData) { | |
CompletableFuture<Boolean> finalResult = new CompletableFuture<Boolean>(); | |
canProduceAsync(topicName, role, authenticationData).whenComplete((produceAuthorized, ex) -> { | |
if (ex == null) { | |
if (produceAuthorized) { | |
finalResult.complete(produceAuthorized); | |
return; | |
} | |
} else { | |
if (log.isDebugEnabled()) { | |
log.debug( | |
"Topic [{}] Role [{}] exception occurred while trying to check Produce permissions. {}", | |
topicName.toString(), role, ex.getMessage()); | |
} | |
} | |
canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) | |
-> { | |
if (e == null) { | |
finalResult.complete(consumeAuthorized); | |
} else { | |
if (log.isDebugEnabled()) { | |
log.debug( | |
"Topic [{}] Role [{}] exception occurred while trying to check Consume permissions. {}", | |
topicName.toString(), role, e.getMessage()); | |
} | |
finalResult.completeExceptionally(e); | |
} | |
}); | |
}); | |
return finalResult; | |
} |
…apache#13773) (cherry picked from commit 89d60af) (cherry picked from commit b172fc8)
Add the |
Motivation
From this comment
Role with namespace
produce
orconsume
authz can get topics.Documentation
no-need-doc