This is an automated email from the ASF dual-hosted git repository.
sanjeevrk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new eda3526 Ensure that admin operations are gated by super user check
(#7226)
eda3526 is described below
commit eda3526b335d58e7aa7ba4bb81d44ea03a2922a7
Author: Sanjeev Kulkarni <[email protected]>
AuthorDate: Thu Jun 11 16:43:35 2020 -0700
Ensure that admin operations are gated by super user check (#7226)
* Ensure that admin operations are gated by super user check
* keep /clusters open
Co-authored-by: Sanjeev Kulkarni <[email protected]>
---
.../java/org/apache/pulsar/broker/admin/impl/BrokersBase.java | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
index 072e91c..57c88ab 100644
---
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
+++
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/BrokersBase.java
@@ -153,9 +153,12 @@ public class BrokersBase extends AdminResource {
@Path("/configuration/values")
@ApiOperation(value = "Get value of all dynamic configurations' value
overridden on local config")
@ApiResponses(value = {
+ @ApiResponse(code = 403, message = "You don't have admin permission to
view configuration"),
@ApiResponse(code = 404, message = "Configuration not found"),
@ApiResponse(code = 500, message = "Internal server error")})
public Map<String, String> getAllDynamicConfigurations() throws Exception {
+ validateSuperUserAccess();
+
ZooKeeperDataCache<Map<String, String>> dynamicConfigurationCache =
pulsar().getBrokerService()
.getDynamicConfigurationCache();
Map<String, String> configurationMap = null;
@@ -175,7 +178,10 @@ public class BrokersBase extends AdminResource {
@GET
@Path("/configuration")
@ApiOperation(value = "Get all updatable dynamic configurations's name")
+ @ApiResponses(value = {
+ @ApiResponse(code = 403, message = "You don't have admin
permission to get configuration")})
public List<String> getDynamicConfigurationName() {
+ validateSuperUserAccess();
return BrokerService.getDynamicConfiguration();
}
@@ -240,7 +246,9 @@ public class BrokersBase extends AdminResource {
@GET
@Path("/internal-configuration")
@ApiOperation(value = "Get the internal configuration data", response =
InternalConfigurationData.class)
+ @ApiResponses(value = { @ApiResponse(code = 403, message = "Don't have
admin permission") })
public InternalConfigurationData getInternalConfigurationData() {
+ validateSuperUserAccess();
return pulsar().getInternalConfigurationData();
}
