eolivelli commented on a change in pull request #11172:
URL: https://github.com/apache/pulsar/pull/11172#discussion_r662804510
##########
File path:
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
##########
@@ -1722,30 +1723,97 @@ public void readEntryFailed(ManagedLedgerException
exception, Object ctx) {
});
}
+ private CompletableFuture<Boolean>
isNamespaceOperationAllowed(NamespaceName namespaceName,
+
NamespaceOperation operation) {
+ CompletableFuture<Boolean> isProxyAuthorizedFuture;
+ CompletableFuture<Boolean> isAuthorizedFuture;
+ if (service.isAuthorizationEnabled()) {
+ if (originalPrincipal != null) {
+ isProxyAuthorizedFuture =
service.getAuthorizationService().allowNamespaceOperationAsync(
+ namespaceName, operation, originalPrincipal,
getAuthenticationData());
+ } else {
+ isProxyAuthorizedFuture =
CompletableFuture.completedFuture(true);
+ }
+ isAuthorizedFuture =
service.getAuthorizationService().allowNamespaceOperationAsync(
+ namespaceName, operation, authRole, authenticationData);
+ } else {
+ isProxyAuthorizedFuture = CompletableFuture.completedFuture(true);
+ isAuthorizedFuture = CompletableFuture.completedFuture(true);
+ }
+ return isProxyAuthorizedFuture.thenCombine(isAuthorizedFuture,
(isProxyAuthorized, isAuthorized) -> {
+ if (!isProxyAuthorized) {
+ log.warn("OriginalRole {} is not authorized to perform
operation {} on namespace {}",
+ originalPrincipal, operation, namespaceName);
+ }
+ if (!isAuthorized) {
+ log.warn("Role {} is not authorized to perform operation {} on
namespace {}",
+ authRole, operation, namespaceName);
+ }
+ return isProxyAuthorized && isAuthorized;
+ });
+ }
+
@Override
protected void handleGetTopicsOfNamespace(CommandGetTopicsOfNamespace
commandGetTopicsOfNamespace) {
final long requestId = commandGetTopicsOfNamespace.getRequestId();
final String namespace = commandGetTopicsOfNamespace.getNamespace();
final CommandGetTopicsOfNamespace.Mode mode =
commandGetTopicsOfNamespace.getMode();
final NamespaceName namespaceName = NamespaceName.get(namespace);
-
getBrokerService().pulsar().getNamespaceService().getListOfTopics(namespaceName,
mode)
- .thenAccept(topics -> {
- if (log.isDebugEnabled()) {
- log.debug("[{}] Received CommandGetTopicsOfNamespace
for namespace [//{}] by {}, size:{}",
- remoteAddress, namespace, requestId,
topics.size());
- }
- commandSender.sendGetTopicsOfNamespaceResponse(topics,
requestId);
- })
- .exceptionally(ex -> {
- log.warn("[{}] Error GetTopicsOfNamespace for namespace
[//{}] by {}",
- remoteAddress, namespace, requestId);
- commandSender.sendErrorResponse(requestId,
- BrokerServiceException.getClientErrorCode(new
ServerMetadataException(ex)),
- ex.getMessage());
-
- return null;
- });
+ final Semaphore lookupSemaphore = service.getLookupRequestSemaphore();
Review comment:
this change is not listed in the description, can you please add it ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
