[pulsar] 20/31: Fix grant all permissions but can't list topic. (#15501)

penghui Fri, 20 May 2022 08:05:59 -0700

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git


commit 3dcdf2a69932b166975e4d0ba2eab7c65c34e14b
Author: Jiwei Guo <techno...@apache.org>
AuthorDate: Mon May 9 22:05:07 2022 +0800

    Fix grant all permissions but can't list topic. (#15501)
    
    (cherry picked from commit 5155b1df876bd98d173e87753cca642b82b6595a)
---
 .../authorization/PulsarAuthorizationProvider.java     |  2 +-
 .../apache/pulsar/broker/auth/AuthorizationTest.java   | 18 +++---------------
 2 files changed, 4 insertions(+), 16 deletions(-)

diff --git 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index 1ad8fbe3e09..a01a2a735f0 100644
--- 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -584,6 +584,7 @@ public class PulsarAuthorizationProvider implements 
AuthorizationProvider {
                                         namespaceName, role, authData, 
AuthAction.packages);
                             case GET_TOPIC:
                             case GET_TOPICS:
+                            case GET_BUNDLE:
                                 return 
allowConsumeOrProduceOpsAsync(namespaceName, role, authData);
                             case UNSUBSCRIBE:
                             case CLEAR_BACKLOG:
@@ -592,7 +593,6 @@ public class PulsarAuthorizationProvider implements 
AuthorizationProvider {
                             case CREATE_TOPIC:
                             case DELETE_TOPIC:
                             case ADD_BUNDLE:
-                            case GET_BUNDLE:
                             case DELETE_BUNDLE:
                             case GRANT_PERMISSION:
                             case GET_PERMISSION:
diff --git 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
index 574e7a14c43..39a91f72dc7 100644
--- 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
+++ 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
@@ -19,7 +19,6 @@
 package org.apache.pulsar.broker.auth;
 
 import static org.mockito.Mockito.when;
-import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertFalse;
 import static org.testng.Assert.assertTrue;
 import static org.testng.Assert.fail;
@@ -27,7 +26,6 @@ import java.util.EnumSet;
 import org.apache.pulsar.broker.authorization.AuthorizationService;
 import org.apache.pulsar.client.admin.PulsarAdmin;
 import org.apache.pulsar.client.admin.PulsarAdminBuilder;
-import org.apache.pulsar.client.admin.PulsarAdminException;
 import org.apache.pulsar.common.naming.TopicDomain;
 import org.apache.pulsar.common.naming.TopicName;
 import org.apache.pulsar.common.policies.data.AuthAction;
@@ -232,7 +230,7 @@ public class AuthorizationTest extends 
MockedPulsarServiceBaseTest {
     }
 
     @Test
-    public void testGetListWithoutGetBundleOp() throws Exception {
+    public void testGetListWithGetBundleOp() throws Exception {
         String tenant = "p1";
         String namespaceV1 = "p1/global/ns1";
         String namespaceV2 = "p1/ns2";
@@ -248,18 +246,8 @@ public class AuthorizationTest extends 
MockedPulsarServiceBaseTest {
                 .authentication(new MockAuthentication("pass.pass2"))
                 .build();
         when(pulsar.getAdminClient()).thenReturn(admin2);
-        try {
-            admin2.topics().getList(namespaceV1, TopicDomain.non_persistent);
-        } catch (Exception ex) {
-            assertTrue(ex instanceof 
PulsarAdminException.NotAuthorizedException);
-            assertEquals(ex.getMessage(), "Unauthorized to 
validateNamespaceOperation for operation [GET_BUNDLE] on namespace 
[p1/global/ns1]");
-        }
-        try {
-            admin2.topics().getList(namespaceV2, TopicDomain.non_persistent);
-        } catch (Exception ex) {
-            assertTrue(ex instanceof 
PulsarAdminException.NotAuthorizedException);
-            assertEquals(ex.getMessage(), "Unauthorized to 
validateNamespaceOperation for operation [GET_BUNDLE] on namespace [p1/ns2]");
-        }
+        Assert.assertEquals(admin2.topics().getList(namespaceV1, 
TopicDomain.non_persistent).size(), 0);
+        Assert.assertEquals(admin2.topics().getList(namespaceV2, 
TopicDomain.non_persistent).size(), 0);
     }
 
     private static void waitForChange() {

[pulsar] 20/31: Fix grant all permissions but can't list topic. (#15501)

Reply via email to