This is an automated email from the ASF dual-hosted git repository. mattisonchao pushed a commit to branch branch-2.9 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 6e7bd706ccaa9a4ef5afe8a55c4e208d7c585237 Author: Jiwei Guo <[email protected]> AuthorDate: Mon May 9 22:05:07 2022 +0800 Fix grant all permissions but can't list topic. (#15501) (cherry picked from commit 5155b1df876bd98d173e87753cca642b82b6595a) --- .../authorization/PulsarAuthorizationProvider.java | 2 +- .../apache/pulsar/broker/auth/AuthorizationTest.java | 18 +++--------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java index 9aea1261cf2..097464bfb5f 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java @@ -542,6 +542,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider { namespaceName, role, authData, AuthAction.packages); case GET_TOPIC: case GET_TOPICS: + case GET_BUNDLE: return allowConsumeOrProduceOpsAsync(namespaceName, role, authData); case UNSUBSCRIBE: case CLEAR_BACKLOG: @@ -550,7 +551,6 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider { case CREATE_TOPIC: case DELETE_TOPIC: case ADD_BUNDLE: - case GET_BUNDLE: case DELETE_BUNDLE: case GRANT_PERMISSION: case GET_PERMISSION: diff --git a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java index 4b18791fce0..2596d243a9f 100644 --- a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java +++ b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java @@ -19,7 +19,6 @@ package org.apache.pulsar.broker.auth; import static org.mockito.Mockito.when; -import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertFalse; import static org.testng.Assert.assertTrue; import static org.testng.Assert.fail; @@ -27,7 +26,6 @@ import java.util.EnumSet; import org.apache.pulsar.broker.authorization.AuthorizationService; import org.apache.pulsar.client.admin.PulsarAdmin; import org.apache.pulsar.client.admin.PulsarAdminBuilder; -import org.apache.pulsar.client.admin.PulsarAdminException; import org.apache.pulsar.common.naming.TopicDomain; import org.apache.pulsar.common.naming.TopicName; import org.apache.pulsar.common.policies.data.AuthAction; @@ -233,7 +231,7 @@ public class AuthorizationTest extends MockedPulsarServiceBaseTest { } @Test - public void testGetListWithoutGetBundleOp() throws Exception { + public void testGetListWithGetBundleOp() throws Exception { String tenant = "p1"; String namespaceV1 = "p1/global/ns1"; String namespaceV2 = "p1/ns2"; @@ -249,18 +247,8 @@ public class AuthorizationTest extends MockedPulsarServiceBaseTest { .authentication(new MockAuthentication("pass.pass2")) .build(); when(pulsar.getAdminClient()).thenReturn(admin2); - try { - admin2.topics().getList(namespaceV1, TopicDomain.non_persistent); - } catch (Exception ex) { - assertTrue(ex instanceof PulsarAdminException.NotAuthorizedException); - assertEquals(ex.getMessage(), "Unauthorized to validateNamespaceOperation for operation [GET_BUNDLE] on namespace [p1/global/ns1]"); - } - try { - admin2.topics().getList(namespaceV2, TopicDomain.non_persistent); - } catch (Exception ex) { - assertTrue(ex instanceof PulsarAdminException.NotAuthorizedException); - assertEquals(ex.getMessage(), "Unauthorized to validateNamespaceOperation for operation [GET_BUNDLE] on namespace [p1/ns2]"); - } + Assert.assertEquals(admin2.topics().getList(namespaceV1, TopicDomain.non_persistent).size(), 0); + Assert.assertEquals(admin2.topics().getList(namespaceV2, TopicDomain.non_persistent).size(), 0); } private static void waitForChange() {
