(kafka) branch trunk updated: KAFKA-18434: enrich the authorization error message of connecting to controller (#18436)

Wed, 08 Jan 2025 09:56:41 -0800 

This is an automated email from the ASF dual-hosted git repository.

divijv pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
     new 4b1b67e3c4f KAFKA-18434: enrich the authorization error message of 
connecting to controller (#18436)
4b1b67e3c4f is described below

commit 4b1b67e3c4f1cdd7d0b641061308b4760e6c86db
Author: PoAn Yang <[email protected]>
AuthorDate: Thu Jan 9 01:56:29 2025 +0800

    KAFKA-18434: enrich the authorization error message of connecting to 
controller (#18436)
    
    Reviewers: Divij Vaidya <[email protected]>
---
 core/src/main/scala/kafka/server/AuthHelper.scala              | 2 +-
 core/src/test/scala/unit/kafka/server/ControllerApisTest.scala | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/core/src/main/scala/kafka/server/AuthHelper.scala 
b/core/src/main/scala/kafka/server/AuthHelper.scala
index 4d21fb43859..b208f8406ba 100644
--- a/core/src/main/scala/kafka/server/AuthHelper.scala
+++ b/core/src/main/scala/kafka/server/AuthHelper.scala
@@ -55,7 +55,7 @@ class AuthHelper(authorizer: Option[Authorizer]) {
 
   def authorizeClusterOperation(request: RequestChannel.Request, operation: 
AclOperation): Unit = {
     if (!authorize(request.context, operation, CLUSTER, CLUSTER_NAME))
-      throw new ClusterAuthorizationException(s"Request $request is not 
authorized.")
+      throw new ClusterAuthorizationException(s"Request $request needs 
$operation permission.")
   }
 
   def authorizedOperations(request: RequestChannel.Request, resource: 
Resource): Int = {
diff --git a/core/src/test/scala/unit/kafka/server/ControllerApisTest.scala 
b/core/src/test/scala/unit/kafka/server/ControllerApisTest.scala
index 9706e4c1775..9e0eed874f9 100644
--- a/core/src/test/scala/unit/kafka/server/ControllerApisTest.scala
+++ b/core/src/test/scala/unit/kafka/server/ControllerApisTest.scala
@@ -1286,20 +1286,22 @@ class ControllerApisTest {
 
   @Test
   def testUnauthorizedControllerRegistrationRequest(): Unit = {
-    assertThrows(classOf[ClusterAuthorizationException], () => {
+    val exception = assertThrows(classOf[ClusterAuthorizationException], () => 
{
       controllerApis = createControllerApis(Some(createDenyAllAuthorizer()), 
new MockController.Builder().build())
       controllerApis.handleControllerRegistration(buildRequest(
         new ControllerRegistrationRequest(new 
ControllerRegistrationRequestData(), 0.toShort)))
     })
+    assertTrue(exception.getMessage.contains("needs CLUSTER_ACTION 
permission"))
   }
 
   @Test
   def testUnauthorizedDescribeClusterRequest(): Unit = {
-    assertThrows(classOf[ClusterAuthorizationException], () => {
+    val exception = assertThrows(classOf[ClusterAuthorizationException], () => 
{
       controllerApis = createControllerApis(Some(createDenyAllAuthorizer()), 
new MockController.Builder().build())
       controllerApis.handleDescribeCluster(buildRequest(
         new DescribeClusterRequest(new DescribeClusterRequestData(), 
1.toShort)))
     })
+    assertTrue(exception.getMessage.contains("needs ALTER permission"))
   }
 
   @AfterEach

Reply via email to