This is an automated email from the ASF dual-hosted git repository.
bogong pushed a commit to branch branch-2.9
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.9 by this push:
new 604c8720b64 [improve][schema] Change update schema auth from tenant to
produce (#18074)
604c8720b64 is described below
commit 604c8720b6461e8f9209182e9631d1902b5ec850
Author: congbo <[email protected]>
AuthorDate: Wed Oct 19 15:54:10 2022 +0800
[improve][schema] Change update schema auth from tenant to produce (#18074)
(cherry picked from commit 26b47ffbcdc7f91425ed1ff1cc6cd4d7644a2451)
---
.../org/apache/pulsar/broker/admin/impl/SchemasResourceBase.java | 2 +-
.../apache/pulsar/broker/admin/AdminApiSchemaWithAuthTest.java | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/SchemasResourceBase.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/SchemasResourceBase.java
index 304b311cbea..b94b8a2d962 100644
---
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/SchemasResourceBase.java
+++
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/SchemasResourceBase.java
@@ -292,7 +292,7 @@ public class SchemasResourceBase extends AdminResource {
private void validateDestinationAndAdminOperation(boolean authoritative) {
try {
- validateAdminAccessForTenant(topicName.getTenant());
+ validateTopicOperation(topicName, TopicOperation.PRODUCE);
validateTopicOwnership(topicName, authoritative);
} catch (RestException e) {
if (e.getResponse().getStatus() ==
Response.Status.UNAUTHORIZED.getStatusCode()) {
diff --git
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiSchemaWithAuthTest.java
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiSchemaWithAuthTest.java
index 6e8fa4c8027..20fa07979e0 100644
---
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiSchemaWithAuthTest.java
+++
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/AdminApiSchemaWithAuthTest.java
@@ -60,6 +60,8 @@ public class AdminApiSchemaWithAuthTest extends
MockedPulsarServiceBaseTest {
private static final String ADMIN_TOKEN =
Jwts.builder().setSubject("admin").signWith(SECRET_KEY).compact();
private static final String CONSUME_TOKEN =
Jwts.builder().setSubject("consumer").signWith(SECRET_KEY).compact();
+ private static final String PRODUCE_TOKEN =
Jwts.builder().setSubject("producer").signWith(SECRET_KEY).compact();
+
@BeforeMethod
@Override
public void setup() throws Exception {
@@ -110,11 +112,18 @@ public class AdminApiSchemaWithAuthTest extends
MockedPulsarServiceBaseTest {
.serviceHttpUrl(brokerUrl != null ? brokerUrl.toString() :
brokerUrlTls.toString())
.authentication(AuthenticationToken.class.getName(),
CONSUME_TOKEN)
.build();
+
+ PulsarAdmin adminWithProducePermission = PulsarAdmin.builder()
+ .serviceHttpUrl(brokerUrl != null ? brokerUrl.toString() :
brokerUrlTls.toString())
+ .authentication(AuthenticationToken.class.getName(),
PRODUCE_TOKEN)
+ .build();
admin.topics().grantPermission(topicName, "consumer",
EnumSet.of(AuthAction.consume));
admin.topics().grantPermission(topicName, "producer",
EnumSet.of(AuthAction.produce));
SchemaInfo si = Schema.BOOL.getSchemaInfo();
+ assertThrows(PulsarAdminException.class, () ->
adminWithConsumePermission.schemas().getSchemaInfo(topicName));
assertThrows(PulsarAdminException.class, () ->
adminWithoutPermission.schemas().createSchema(topicName, si));
+ adminWithProducePermission.schemas().createSchema(topicName, si);
adminWithAdminPermission.schemas().createSchema(topicName, si);
assertThrows(PulsarAdminException.class, () ->
adminWithoutPermission.schemas().getSchemaInfo(topicName));
