clintropolis opened a new pull request #10896: URL: https://github.com/apache/druid/pull/10896
### Description This PR makes the `druid-basic-security` extension a bit more relaxed across versions by ignoring any permissions which have unknown `ResourceType` or `Action` values (they use enums). A subtle backwards incompatibility was introduced in #10812, if permissions using the `VIEW` `ResourceType` are added, rolling back to a previous version of Druid results in explosions because the enum in the older version does not contain this value. (The same backwards incompatibility would occur with the changes in #10571). Rather than rework these types to deserialize into strings and then filtering out permissions with unknown resource types or action values from the list (or, i guess null checking everywhere), this PR instead introduces a custom deserializer for the list of permissions stored in a `BasicAuthorizerRole`, chomping json processing exceptions so it can ignore any permissions which fail to deserialize. I'm open to other approaches to this too if anyone has opinions here. <hr> This PR has: - [x] been self-reviewed. - [ ] added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links. - [x] added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader. - [x] added unit tests or modified existing tests to cover new code paths, ensuring the threshold for [code coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md) is met. - [ ] added integration tests. - [ ] been tested in a test Druid cluster. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
