[GitHub] [pulsar] michaeljmarshall opened a new pull request #11872: [Broker] Add Authz Check Before Completing Policy Operation

Tue, 31 Aug 2021 22:34:43 -0700 


michaeljmarshall opened a new pull request #11872:
URL: https://github.com/apache/pulsar/pull/11872


   ### Motivation
   
   There are several calls in the v2/PeristentTopics endpoint class that are 
supposed to require authorization but never verify that authorization. These 
endpoints are authenticated, just not checked against the broker's 
authorization service.
   
   ### Modifications
   
   * Update the `preValidation` method in the `PersistentTopicsBase` class to 
run the `validatePoliciesReadOnlyAccess()` for all write operations and to run 
an appropriate `validateTopicPolicyOperation(topicName, policyName, 
policyOperation)` check for all methods.
       * When reading through these changes, please make sure that the 
`PolicyName` and the `PolicyOperation` make sense for the method.
   * Remove the few pre-existing authz checks to prevent duplicate checks for 
authz.
   * Add new `PolicyName` for `MAX_MESSAGE_SIZE`.
   
   ### Verifying this change
   
   I verified this bug against a pulsar 2.8.0 broker. The broker authenticates 
the user, but does not check authorization.
   
   I am not sure of the "right" way to test this change. It appears that we are 
missing _many_ tests for this part of the code, and even for the underlying 
`AuthorizationService` and `PulsarAuthorizationProvider` classes. Given the 
`validateTopicPolicyOperation` method has been in use for a while by a few 
other methods, this seems like a safe and straightforward change to make. I'd 
prefer to add more generic tests later, if that's okay.
   
   ### Does this pull request potentially affect one of the following parts:
   
   This change will introduce authorization checks where there were none 
before. It is a correction in the behavior, as these checks were supposed to 
take place already.
   
   ### Documentation
   
   I don't believe any documentation is required, as this only corrects 
behavior. It would be good to include this fix in the release notes.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to