[pulsar] branch branch-3.0 updated: [cleanup][broker] Validate authz earlier in delete subscription logic (#20549)

Fri, 09 Jun 2023 15:02:34 -0700 

This is an automated email from the ASF dual-hosted git repository.

mmarshall pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-3.0 by this push:
     new d681851308c [cleanup][broker] Validate authz earlier in delete 
subscription logic (#20549)
d681851308c is described below

commit d681851308ca5d85990fb3856bf81bca379260da
Author: Michael Marshall <[email protected]>
AuthorDate: Fri Jun 9 16:39:23 2023 -0500

    [cleanup][broker] Validate authz earlier in delete subscription logic 
(#20549)
    
    ### Motivation
    
    Move the authorization check a few steps earlier in the delete subscription 
admin endpoint.
    
    ### Modifications
    
    * Move the authz check earlier
    
    ### Verifying this change
    
    We do not have any tests for these endpoints. We should add them. This 
change is trivial enough that I think it is fine to defer on testing the authz 
change.
    
    ### Documentation
    
    - [x] `doc-not-needed`
    
    (cherry picked from commit c73967c811f60d4cb508e8489e6faf39dd0174b4)
---
 .../org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java
 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java
index 5cd6ff8cbd9..81f5e3c1f32 100644
--- 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java
+++ 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java
@@ -1631,7 +1631,9 @@ public class PersistentTopicsBase extends AdminResource {
             future = CompletableFuture.completedFuture(null);
         }
 
-        return future.thenCompose(__ -> {
+        return future
+                .thenCompose((__) -> validateTopicOperationAsync(topicName, 
TopicOperation.UNSUBSCRIBE, subName))
+                .thenCompose(__ -> {
             if (topicName.isPartitioned()) {
                 return 
internalDeleteSubscriptionForNonPartitionedTopicAsync(subName, authoritative, 
force);
             } else {
@@ -1674,11 +1676,11 @@ public class PersistentTopicsBase extends AdminResource 
{
         });
     }
 
+    // Note: this method expects the caller to check authorization
     private CompletableFuture<Void> 
internalDeleteSubscriptionForNonPartitionedTopicAsync(String subName,
                                                                                
           boolean authoritative,
                                                                                
           boolean force) {
         return validateTopicOwnershipAsync(topicName, authoritative)
-                .thenCompose((__) -> validateTopicOperationAsync(topicName, 
TopicOperation.UNSUBSCRIBE, subName))
                 .thenCompose(__ -> getTopicReferenceAsync(topicName))
                 .thenCompose((topic) -> {
                     Subscription sub = topic.getSubscription(subName);

Reply via email to