This is an automated email from the ASF dual-hosted git repository.
sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/master by this push:
new 516bad1 Use Consume/Produce/Lookup interfaces for specific operations
in allowTopicOperation (#7587)
516bad1 is described below
commit 516bad1079830b3f5f5046b4237e12861f9ec3a9
Author: Sanjeev Kulkarni <[email protected]>
AuthorDate: Sun Jul 26 21:35:31 2020 -0700
Use Consume/Produce/Lookup interfaces for specific operations in
allowTopicOperation (#7587)
### Motivation
Several parts of the code use allowTopicOperation while others use
canConsume/canProduce/canLookup for those specific operations. This mr makes
the former use the latter calls for specific operataions
---
.../authorization/AuthorizationProvider.java | 30 ++++++++++++----------
.../apache/pulsar/broker/admin/v2/Namespaces.java | 2 --
2 files changed, 16 insertions(+), 16 deletions(-)
diff --git
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
index 987ee77..57147e7 100644
---
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
+++
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
@@ -228,10 +228,7 @@ public interface AuthorizationProvider extends Closeable {
default CompletableFuture<Boolean> allowTenantOperationAsync(String
tenantName, String originalRole, String role,
TenantOperation
operation,
AuthenticationDataSource authData) {
- return FutureUtil.failedFuture(new IllegalStateException(
- String.format("allowTenantOperation(%s) on tenant %s is not
supported by the Authorization" +
- " provider you are using.",
- operation.toString(), tenantName)));
+ return isTenantAdmin(tenantName, role, null, authData);
}
default Boolean allowTenantOperation(String tenantName, String
originalRole, String role, TenantOperation operation,
@@ -287,11 +284,7 @@ public interface AuthorizationProvider extends Closeable {
default CompletableFuture<Boolean>
allowNamespacePolicyOperationAsync(NamespaceName namespaceName, PolicyName
policy,
PolicyOperation operation, String originalRole,
String role, AuthenticationDataSource authData) {
- return FutureUtil.failedFuture(
- new IllegalStateException(
- String.format("NamespacePolicyOperation(%s) on
namespace(%s) by role(%s) is not supported" +
- " by the Authorization provider you are
using.", operation.toString(),
- namespaceName.toString(), role == null ?
"null" : role)));
+ return isTenantAdmin(namespaceName.getTenant(), role, null, authData);
}
default Boolean allowNamespacePolicyOperation(NamespaceName namespaceName,
PolicyName policy, PolicyOperation operation,
@@ -318,11 +311,20 @@ public interface AuthorizationProvider extends Closeable {
default CompletableFuture<Boolean> allowTopicOperationAsync(TopicName
topic, String originalRole, String role,
TopicOperation
operation,
AuthenticationDataSource authData) {
- return FutureUtil.failedFuture(
- new IllegalStateException(
- String.format("TopicOperation(%s) on topic(%s) by role(%s)
is not supported" +
- " by the Authorization provider you are using.",
- operation.toString(), topic.toString(), role ==
null ? "null" : null)));
+ switch (operation) {
+ case PRODUCE:
+ return canProduceAsync(topic, role, authData);
+ case CONSUME:
+ return canConsumeAsync(topic, role, authData, null);
+ case LOOKUP:
+ return canLookupAsync(topic, role, authData);
+ default:
+ return FutureUtil.failedFuture(
+ new IllegalStateException(
+ String.format("TopicOperation(%s) on topic(%s)
by role(%s) is not supported" +
+ " by the Authorization
provider you are using.",
+ operation.toString(),
topic.toString(), role == null ? "null" : null)));
+ }
}
default Boolean allowTopicOperation(TopicName topicName, String
originalRole, String role, TopicOperation operation,
diff --git
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java
index 4dab8f2..0a9ec96 100644
---
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java
+++
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java
@@ -133,7 +133,6 @@ public class Namespaces extends NamespacesBase {
public void createNamespace(@PathParam("tenant") String tenant,
@PathParam("namespace") String namespace,
@ApiParam(value = "Policies for the namespace") Policies policies)
{
validateNamespaceName(tenant, namespace);
- validateTenantOperation(tenant, TenantOperation.CREATE_NAMESPACE);
policies = getDefaultPolicesIfNull(policies);
internalCreateNamespace(policies);
}
@@ -250,7 +249,6 @@ public class Namespaces extends NamespacesBase {
public Set<String> getNamespaceReplicationClusters(@PathParam("tenant")
String tenant,
@PathParam("namespace") String namespace) {
validateNamespaceName(tenant, namespace);
- validateNamespacePolicyOperation(NamespaceName.get(tenant, namespace),
PolicyName.REPLICATION, PolicyOperation.READ);
return internalGetNamespaceReplicationClusters();
}
