[pulsar] branch master updated: [pulsar-broker] Fix: Tenant-admin should able to lookup topic (#8353)

[rdhabalia]

This is an automated email from the ASF dual-hosted git repository.

rdhabalia pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 4c7f83b  [pulsar-broker] Fix: Tenant-admin should able to lookup topic 
(#8353)
4c7f83b is described below

commit 4c7f83b93b454b4f74dbc418a519ceb6dc58296b
Author: Rajan Dhabalia <rdhaba...@apache.org>
AuthorDate: Thu Oct 29 00:30:56 2020 -0700

    [pulsar-broker] Fix: Tenant-admin should able to lookup topic (#8353)
    
    Co-authored-by: Sijie Guo <si...@apache.org>
---
 .../java/org/apache/pulsar/broker/lookup/TopicLookupBase.java  | 10 +++++++++-
 .../pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java      |  3 ++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/lookup/TopicLookupBase.java
 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/lookup/TopicLookupBase.java
index cd140d5..19ddce75 100644
--- 
a/pulsar-broker/src/main/java/org/apache/pulsar/broker/lookup/TopicLookupBase.java
+++ 
b/pulsar-broker/src/main/java/org/apache/pulsar/broker/lookup/TopicLookupBase.java
@@ -65,7 +65,7 @@ public class TopicLookupBase extends PulsarWebResource {
 
         try {
             validateClusterOwnership(topicName.getCluster());
-            checkConnect(topicName);
+            validateAdminAndClientPermission(topicName);
             validateGlobalNamespaceOwnership(topicName.getNamespaceObject());
         } catch (WebApplicationException we) {
             // Validation checks failed
@@ -127,6 +127,14 @@ public class TopicLookupBase extends PulsarWebResource {
         });
     }
 
+    private void validateAdminAndClientPermission(TopicName topic) throws 
RestException, Exception {
+        try {
+            validateAdminAccessForTenant(topic.getTenant());
+        } catch (Exception e) {
+            checkConnect(topic);
+        }
+    }
+
     protected String internalGetNamespaceBundle(TopicName topicName) {
         validateSuperUserAccess();
         try {
diff --git 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
index 26cb3c1..47a8921 100644
--- 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
+++ 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/admin/BrokerAdminClientTlsAuthTest.java
@@ -135,7 +135,6 @@ public class BrokerAdminClientTlsAuthTest extends 
MockedPulsarServiceBaseTest {
         try (PulsarAdmin admin = buildAdminClient("admin")) {
             Policies policies = new Policies();
             policies.bundles = new BundlesData(4);
-            policies.auth_policies.namespace_auth.put("admin", 
ImmutableSet.of(AuthAction.produce, AuthAction.consume));
             policies.replication_clusters = ImmutableSet.of("test");
             admin.namespaces().createNamespace("tenant/ns", policies);
             try {
@@ -144,6 +143,8 @@ public class BrokerAdminClientTlsAuthTest extends 
MockedPulsarServiceBaseTest {
                 ex.printStackTrace();
                 fail("Should not have thrown an exception");
             }
+            String topicName = String.format("persistent://%s/t1", 
"tenant/ns");
+            admin.lookups().lookupTopic(topicName);
         }
 
     }