nodece commented on code in PR #16645:
URL: https://github.com/apache/pulsar/pull/16645#discussion_r928679520
##########
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/MultiRolesTokenAuthorizationProvider.java:
##########
@@ -80,58 +86,112 @@ public void initialize(ServiceConfiguration conf,
PulsarResources pulsarResource
super.initialize(conf, pulsarResources);
}
- private List<String> getRoles(AuthenticationDataSource authData) {
+ @Override
+ public CompletableFuture<Boolean> isSuperUser(String role,
AuthenticationDataSource authenticationData,
+ ServiceConfiguration
serviceConfiguration) {
+ Set<String> roles = getRoles(authenticationData);
+ if (roles.isEmpty()) {
+ return CompletableFuture.completedFuture(false);
+ }
+ Set<String> superUserRoles = serviceConfiguration.getSuperUserRoles();
+ if (superUserRoles.isEmpty()) {
+ return CompletableFuture.completedFuture(false);
+ }
+
+ return
CompletableFuture.completedFuture(roles.stream().anyMatch(superUserRoles::contains));
+ }
+
+ @Override
+ public CompletableFuture<Boolean> validateTenantAdminAccess(String
tenantName, String role,
+
AuthenticationDataSource authData) {
+ return isSuperUser(role, authData, conf)
+ .thenCompose(isSuperUser -> {
+ if (isSuperUser) {
+ return CompletableFuture.completedFuture(true);
+ }
+ Set<String> roles = getRoles(authData);
+ if (roles.isEmpty()) {
+ return CompletableFuture.completedFuture(false);
+ }
+
+ return pulsarResources.getTenantResources()
+ .getTenantAsync(tenantName)
+ .thenCompose(op -> {
+ if (op.isPresent()) {
+ TenantInfo tenantInfo = op.get();
+ if (tenantInfo.getAdminRoles() == null ||
tenantInfo.getAdminRoles().isEmpty()) {
+ return
CompletableFuture.completedFuture(false);
+ }
+
+ return
CompletableFuture.completedFuture(roles.stream()
+ .anyMatch(n ->
tenantInfo.getAdminRoles().contains(n)));
+ } else {
+ throw new
RestException(Response.Status.NOT_FOUND, "Tenant does not exist");
+ }
+ }).exceptionally(ex -> {
+ Throwable cause = ex.getCause();
+ if (cause instanceof
MetadataStoreException.NotFoundException) {
+ log.warn("Failed to get tenant info data
for non existing tenant {}", tenantName);
+ throw new
RestException(Response.Status.NOT_FOUND, "Tenant does not exist");
+ }
+ log.error("Failed to get tenant {}",
tenantName, cause);
+ throw new RestException(cause);
Review Comment:
RestException can get the real exception.
```java
public RestException(Throwable t) {
super(getResponse(t));
}
private static Response getResponse(Throwable t) {
if (t instanceof WebApplicationException) {
WebApplicationException e = (WebApplicationException) t;
return e.getResponse();
} else {
return Response
.status(Status.INTERNAL_SERVER_ERROR)
.entity(getExceptionData(t))
.type(MediaType.TEXT_PLAIN)
.build();
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
