This is an automated email from the ASF dual-hosted git repository. rxl pushed a commit to branch branch-2.6 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 56a0d690976a96725f1aee8e02cb788ad4e480b3 Author: Sanjeev Kulkarni <[email protected]> AuthorDate: Sun Jul 26 21:35:31 2020 -0700 Use Consume/Produce/Lookup interfaces for specific operations in allowTopicOperation (#7587) ### Motivation Several parts of the code use allowTopicOperation while others use canConsume/canProduce/canLookup for those specific operations. This mr makes the former use the latter calls for specific operataions (cherry picked from commit 516bad1079830b3f5f5046b4237e12861f9ec3a9) --- .../authorization/AuthorizationProvider.java | 30 ++++++++++++---------- .../apache/pulsar/broker/admin/v2/Namespaces.java | 2 -- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java index 0424c00..d1e7596 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java @@ -208,10 +208,7 @@ public interface AuthorizationProvider extends Closeable { default CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, String originalRole, String role, TenantOperation operation, AuthenticationDataSource authData) { - return FutureUtil.failedFuture(new IllegalStateException( - String.format("allowTenantOperation(%s) on tenant %s is not supported by the Authorization" + - " provider you are using.", - operation.toString(), tenantName))); + return isTenantAdmin(tenantName, role, null, authData); } default Boolean allowTenantOperation(String tenantName, String originalRole, String role, TenantOperation operation, @@ -267,11 +264,7 @@ public interface AuthorizationProvider extends Closeable { default CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(NamespaceName namespaceName, PolicyName policy, PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) { - return FutureUtil.failedFuture( - new IllegalStateException( - String.format("NamespacePolicyOperation(%s) on namespace(%s) by role(%s) is not supported" + - " by the Authorization provider you are using.", operation.toString(), - namespaceName.toString(), role == null ? "null" : role))); + return isTenantAdmin(namespaceName.getTenant(), role, null, authData); } default Boolean allowNamespacePolicyOperation(NamespaceName namespaceName, PolicyName policy, PolicyOperation operation, @@ -298,11 +291,20 @@ public interface AuthorizationProvider extends Closeable { default CompletableFuture<Boolean> allowTopicOperationAsync(TopicName topic, String originalRole, String role, TopicOperation operation, AuthenticationDataSource authData) { - return FutureUtil.failedFuture( - new IllegalStateException( - String.format("TopicOperation(%s) on topic(%s) by role(%s) is not supported" + - " by the Authorization provider you are using.", - operation.toString(), topic.toString(), role == null ? "null" : null))); + switch (operation) { + case PRODUCE: + return canProduceAsync(topic, role, authData); + case CONSUME: + return canConsumeAsync(topic, role, authData, null); + case LOOKUP: + return canLookupAsync(topic, role, authData); + default: + return FutureUtil.failedFuture( + new IllegalStateException( + String.format("TopicOperation(%s) on topic(%s) by role(%s) is not supported" + + " by the Authorization provider you are using.", + operation.toString(), topic.toString(), role == null ? "null" : null))); + } } default Boolean allowTopicOperation(TopicName topicName, String originalRole, String role, TopicOperation operation, diff --git a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java index 3ccfde9..4c082d8 100644 --- a/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java +++ b/pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/v2/Namespaces.java @@ -133,7 +133,6 @@ public class Namespaces extends NamespacesBase { public void createNamespace(@PathParam("tenant") String tenant, @PathParam("namespace") String namespace, @ApiParam(value = "Policies for the namespace") Policies policies) { validateNamespaceName(tenant, namespace); - validateTenantOperation(tenant, TenantOperation.CREATE_NAMESPACE); policies = getDefaultPolicesIfNull(policies); internalCreateNamespace(policies); } @@ -250,7 +249,6 @@ public class Namespaces extends NamespacesBase { public Set<String> getNamespaceReplicationClusters(@PathParam("tenant") String tenant, @PathParam("namespace") String namespace) { validateNamespaceName(tenant, namespace); - validateNamespacePolicyOperation(NamespaceName.get(tenant, namespace), PolicyName.REPLICATION, PolicyOperation.READ); return internalGetNamespaceReplicationClusters(); }
