(pulsar) branch master updated: [fix][admin] Fix namespace admin api exception response (#22587)

Thu, 25 Apr 2024 18:18:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

technoboy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new f25776d7fe6 [fix][admin] Fix namespace admin api exception response 
(#22587)
f25776d7fe6 is described below

commit f25776d7fe6812f11b17226995d989c5a2364920
Author: Cong Zhao <[email protected]>
AuthorDate: Fri Apr 26 09:18:27 2024 +0800

    [fix][admin] Fix namespace admin api exception response (#22587)
---
 .../pulsar/broker/admin/impl/NamespacesBase.java   |  5 +-
 .../pulsar/broker/admin/NamespaceAuthZTest.java    | 60 ++++++++++++++++------
 2 files changed, 48 insertions(+), 17 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java
 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java
index bbadc7bb331..5f2dccc3e9c 100644
--- 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java
+++ 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/NamespacesBase.java
@@ -2019,7 +2019,7 @@ public abstract class NamespacesBase extends 
AdminResource {
     }
 
     protected void internalSetMaxSubscriptionsPerTopic(Integer 
maxSubscriptionsPerTopic){
-        validateNamespacePolicyOperationAsync(namespaceName, 
PolicyName.MAX_SUBSCRIPTIONS, PolicyOperation.WRITE);
+        validateNamespacePolicyOperation(namespaceName, 
PolicyName.MAX_SUBSCRIPTIONS, PolicyOperation.WRITE);
         validatePoliciesReadOnlyAccess();
         if (maxSubscriptionsPerTopic != null && maxSubscriptionsPerTopic < 0) {
             throw new RestException(Status.PRECONDITION_FAILED,
@@ -2125,9 +2125,10 @@ public abstract class NamespacesBase extends 
AdminResource {
                     f.complete(null);
                 })
                 .exceptionally(t -> {
+                    Throwable cause = FutureUtil.unwrapCompletionException(t);
                     log.error("[{}] Failed to update offloadThresholdInSeconds 
configuration for namespace {}",
                             clientAppId(), namespaceName, t);
-                    f.completeExceptionally(new RestException(t));
+                    f.completeExceptionally(new RestException(cause));
                     return null;
                 });
 
diff --git 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java
 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java
index d5a0468f340..5358295b785 100644
--- 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java
+++ 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/NamespaceAuthZTest.java
@@ -19,6 +19,7 @@
 
 package org.apache.pulsar.broker.admin;
 
+import static 
org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest.deleteNamespaceWithRetry;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertNull;
 import static org.testng.Assert.assertTrue;
@@ -58,7 +59,6 @@ import org.testng.Assert;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.AfterMethod;
 import org.testng.annotations.BeforeClass;
-import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
 @Test(groups = "broker-admin")
@@ -72,8 +72,6 @@ public class NamespaceAuthZTest extends 
MockedPulsarStandalone {
 
     private AuthorizationService authorizationService;
 
-    private AuthorizationService orignalAuthorizationService;
-
     private static final String TENANT_ADMIN_SUBJECT =  
UUID.randomUUID().toString();
     private static final String TENANT_ADMIN_TOKEN = Jwts.builder()
             .claim("sub", TENANT_ADMIN_SUBJECT).signWith(SECRET_KEY).compact();
@@ -100,6 +98,9 @@ public class NamespaceAuthZTest extends 
MockedPulsarStandalone {
                 .authentication(new AuthenticationToken(TENANT_ADMIN_TOKEN))
                 .build();
         this.pulsarClient = super.getPulsarService().getClient();
+        this.authorizationService = 
Mockito.spy(getPulsarService().getBrokerService().getAuthorizationService());
+        FieldUtils.writeField(getPulsarService().getBrokerService(), 
"authorizationService",
+                authorizationService, true);
     }
 
 
@@ -115,19 +116,9 @@ public class NamespaceAuthZTest extends 
MockedPulsarStandalone {
         close();
     }
 
-    @BeforeMethod
-    public void before() throws IllegalAccessException {
-        orignalAuthorizationService = 
getPulsarService().getBrokerService().getAuthorizationService();
-        authorizationService = Mockito.spy(orignalAuthorizationService);
-        FieldUtils.writeField(getPulsarService().getBrokerService(), 
"authorizationService",
-                authorizationService, true);
-    }
-
     @AfterMethod
-    public void after() throws IllegalAccessException, PulsarAdminException {
-        FieldUtils.writeField(getPulsarService().getBrokerService(), 
"authorizationService",
-                orignalAuthorizationService, true);
-        superUserAdmin.namespaces().deleteNamespace("public/default", true);
+    public void after() throws Exception {
+        deleteNamespaceWithRetry("public/default", true, superUserAdmin);
         superUserAdmin.namespaces().createNamespace("public/default");
     }
 
@@ -1028,4 +1019,43 @@ public class NamespaceAuthZTest extends 
MockedPulsarStandalone {
             
superUserAdmin.namespaces().revokePermissionsOnNamespace(namespace, subject);
         }
     }
+
+    @Test
+    @SneakyThrows
+    public void testOffloadThresholdInSeconds() {
+        final String namespace = "public/default";
+        final String subject = UUID.randomUUID().toString();
+        final String token = Jwts.builder()
+                .claim("sub", subject).signWith(SECRET_KEY).compact();
+        @Cleanup final PulsarAdmin subAdmin = PulsarAdmin.builder()
+                .serviceHttpUrl(getPulsarService().getWebServiceAddress())
+                .authentication(new AuthenticationToken(token))
+                .build();
+        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class,
+                () -> 
subAdmin.namespaces().getOffloadThresholdInSeconds(namespace));
+
+        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class,
+                () -> 
subAdmin.namespaces().setOffloadThresholdInSeconds(namespace, 10000));
+    }
+
+    @Test
+    @SneakyThrows
+    public void testMaxSubscriptionsPerTopic() {
+        final String namespace = "public/default";
+        final String subject = UUID.randomUUID().toString();
+        final String token = Jwts.builder()
+                .claim("sub", subject).signWith(SECRET_KEY).compact();
+        @Cleanup final PulsarAdmin subAdmin = PulsarAdmin.builder()
+                .serviceHttpUrl(getPulsarService().getWebServiceAddress())
+                .authentication(new AuthenticationToken(token))
+                .build();
+        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class,
+                () -> 
subAdmin.namespaces().getMaxSubscriptionsPerTopic(namespace));
+
+        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class,
+                () -> 
subAdmin.namespaces().setMaxSubscriptionsPerTopic(namespace, 100));
+
+        Assert.assertThrows(PulsarAdminException.NotAuthorizedException.class,
+                () -> 
subAdmin.namespaces().removeMaxSubscriptionsPerTopic(namespace));
+    }
 }

Reply via email to