This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 7eb1002  allow superuser to consume without subscription_auth_mode 
check (#1273)
7eb1002 is described below

commit 7eb1002f35fc5ba3cb75d90b307215cf2290f98a
Author: hrsakai <hsa...@yahoo-corp.jp>
AuthorDate: Sat Feb 24 07:54:46 2018 +0900

    allow superuser to consume without subscription_auth_mode check (#1273)
---
 .../apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java | 2 +-
 .../src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java  | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index dc0ba83..7bd9246 100644
--- 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -109,7 +109,7 @@ public class PulsarAuthorizationProvider implements 
AuthorizationProvider {
                         log.debug("Policies node couldn't be found for 
destination : {}", destination);
                     }
                 } else {
-                    if (isNotBlank(subscription)) {
+                    if (isNotBlank(subscription) && !isSuperUser(role)) {
                         switch (policies.get().subscription_auth_mode) {
                         case Prefix:
                             if (!subscription.startsWith(role)) {
diff --git 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
index 69bfb35..c95fbd7 100644
--- 
a/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
+++ 
b/pulsar-broker/src/test/java/org/apache/pulsar/broker/auth/AuthorizationTest.java
@@ -49,6 +49,7 @@ public class AuthorizationTest extends 
MockedPulsarServiceBaseTest {
         conf.setClusterName("c1");
         conf.setAuthorizationEnabled(true);
         conf.setAuthorizationAllowWildcardsMatching(true);
+        conf.setSuperUserRoles(Sets.newHashSet("pulsar.super_user"));
         internalSetup();
     }
 
@@ -206,6 +207,7 @@ public class AuthorizationTest extends 
MockedPulsarServiceBaseTest {
 
         
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), 
"role1", null, "role1-sub1"), true);
         
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), 
"role2", null, "role2-sub2"), true);
+        
assertEquals(auth.canConsume(DestinationName.get("persistent://p1/c1/ns1/ds1"), 
"pulsar.super_user", null, "role3-sub1"), true);
 
         admin.namespaces().deleteNamespace("p1/c1/ns1");
         admin.properties().deleteProperty("p1");

-- 
To stop receiving notification emails like this one, please contact
mme...@apache.org.

Reply via email to