[GitHub] [pulsar] jiazhai commented on issue #4560: when authentication enabled pulsar-admin topics list will fail for nonpersistent topics

Thu, 20 Jun 2019 06:02:28 -0700 

jiazhai commented on issue #4560: when authentication enabled pulsar-admin 
topics list will fail for nonpersistent topics
URL: https://github.com/apache/pulsar/issues/4560#issuecomment-504016817
 
 
   looking and debugging into the code,  
   *this issue happens under this condition*
   1. broker enable authentication. 
   2. broker not set ”brokerClientAuthenticationPlugin" and 
"brokerClientAuthenticationParameters“
   
   *this issue happens like this*
   1. user use pulsar-admin topics list to get all the topics, and internally 
this command will send request for both persistent and non-persistent rest 
endpoint. 
   2. for persistent rest endpoint, it runs well, since all the topics 
information could be get from /managed-ledgers in zk.
   3. while for non-persistent, it will first get all the bundles of this 
namespace, and these bundles may spread across different brokers,  so for each 
bundle, it will call 
   
`pulsar().getAdminClient().topics().getListInBundleAsync(namespaceName.toString(),
 bundle)`
   to get the topic list in each bundle.
   4. in method `getAdminClient()`, it will create an internal pulsar admin 
client, and its authentication method is determined by parameter 
”brokerClientAuthenticationPlugin" and "brokerClientAuthenticationParameters“. 
   
   ```
   public synchronized PulsarAdmin getAdminClient() throws 
PulsarServerException {
           if (this.adminClient == null) {
                   ServiceConfiguration conf = this.getConfiguration();
                   String adminApiUrl = conf.isBrokerClientTlsEnabled() ? 
webAddressTls(config) : webAddress(config);
                   PulsarAdminBuilder builder = 
PulsarAdmin.builder().serviceHttpUrl(adminApiUrl) //
                           .authentication( //
                                   conf.getBrokerClientAuthenticationPlugin(), 
//   < === 
                                   
conf.getBrokerClientAuthenticationParameters());  < ===
   ...
                   
builder.readTimeout(conf.getZooKeeperOperationTimeoutSeconds(), 
TimeUnit.SECONDS);
                   this.adminClient = builder.build();
               } 
       
           return this.adminClient;
       }
   ```
   since auth parameter not provided, so it will return 401, as in the picture.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to