[GitHub] [pulsar] sijie commented on a change in pull request #7523: [Issue 5720][authz] - add topics authz granularity

Wed, 10 Mar 2021 08:56:31 -0800 


sijie commented on a change in pull request #7523:
URL: https://github.com/apache/pulsar/pull/7523#discussion_r591696226



##########
File path: 
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
##########
@@ -545,29 +546,88 @@ private void validatePoliciesReadOnlyAccess() {
         CompletableFuture<Boolean> isAuthorizedFuture;
 
         switch (operation) {
-            case LOOKUP: isAuthorizedFuture = canLookupAsync(topicName, role, 
authData);
+            case LOOKUP:
+            case GET_STATS:
+            case GET_SUBSCRIPTIONS:
+                isAuthorizedFuture = canLookupAsync(topicName, role, authData)
+                        
.thenCombine(validateTenantAdminAccess(topicName.getTenant(), role, authData),

Review comment:
       for `LOOKUP`, the original behavior is checking `canLookupAsync`. Why do 
we need to check `validateTenantAdminAccess`?

##########
File path: 
pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
##########
@@ -545,29 +546,88 @@ private void validatePoliciesReadOnlyAccess() {
         CompletableFuture<Boolean> isAuthorizedFuture;
 
         switch (operation) {
-            case LOOKUP: isAuthorizedFuture = canLookupAsync(topicName, role, 
authData);
+            case LOOKUP:
+            case GET_STATS:
+            case GET_SUBSCRIPTIONS:
+                isAuthorizedFuture = canLookupAsync(topicName, role, authData)
+                        
.thenCombine(validateTenantAdminAccess(topicName.getTenant(), role, authData),
+                            (isTenantAdmin, isAuthorized) -> {
+                                if (log.isDebugEnabled()) {
+                                    log.debug("Verify if role {} is allowed to 
{} to topic {}:"
+                                                    + " isSuperUser={}, 
isTenantAdmin={}",
+                                            role, operation, topicName, 
isTenantAdmin, isAuthorized);
+                                }
+                                return isTenantAdmin || isAuthorized;
+                            });
+                break;
+            case PRODUCE:
+                isAuthorizedFuture = canProduceAsync(topicName, role, 
authData);
+                break;
+            case TERMINATE:
+                isAuthorizedFuture = canProduceAsync(topicName, role, authData)

Review comment:
       why do we need to check `canProduceAsync` for `TERMINATE`?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to