[rocketmq] branch develop updated: fix validate fail after update acl (#3888)

Sun, 27 Feb 2022 02:19:07 -0800 

This is an automated email from the ASF dual-hosted git repository.

duhengforever pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git


The following commit(s) were added to refs/heads/develop by this push:
     new 799d412  fix validate fail after update acl (#3888)
799d412 is described below

commit 799d4125bdcfcf223aa3c8e954866d657abf90c2
Author: yuz10 <[email protected]>
AuthorDate: Sun Feb 27 18:18:54 2022 +0800

    fix validate fail after update acl (#3888)
---
 .../rocketmq/acl/plain/PlainPermissionManager.java |  3 +-
 .../acl/plain/PlainAccessValidatorTest.java        | 47 +++++++++++++++++++++-
 2 files changed, 48 insertions(+), 2 deletions(-)

diff --git 
a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java 
b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
index 7f2936a..e1f4fef 100644
--- 
a/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
+++ 
b/acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
@@ -212,7 +212,8 @@ public class PlainPermissionManager {
             for (PlainAccessConfig plainAccessConfig : plainAccessConfigList) {
                 PlainAccessResource plainAccessResource = 
buildPlainAccessResource(plainAccessConfig);
                 //AccessKey can not be defined in multiple ACL files
-                if 
(this.accessKeyTable.get(plainAccessResource.getAccessKey()) == null) {
+                String oldPath = 
this.accessKeyTable.get(plainAccessResource.getAccessKey());
+                if (oldPath == null || aclFilePath.equals(oldPath)) {
                     
plainAccessResourceMap.put(plainAccessResource.getAccessKey(), 
plainAccessResource);
                     
this.accessKeyTable.put(plainAccessResource.getAccessKey(), aclFilePath);
                 }
diff --git 
a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java 
b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java
index 62d9857..881c670 100644
--- 
a/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java
+++ 
b/acl/src/test/java/org/apache/rocketmq/acl/plain/PlainAccessValidatorTest.java
@@ -19,6 +19,7 @@ package org.apache.rocketmq.acl.plain;
 import java.io.File;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.lang.reflect.Field;
 import java.nio.ByteBuffer;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -506,7 +507,7 @@ public class PlainAccessValidatorTest {
     }
 
     @Test
-    public void updateAccessAclYamlConfigTest() throws InterruptedException{
+    public void updateAccessAclYamlConfigTest() throws InterruptedException {
         String targetFileName = System.getProperty("rocketmq.home.dir") + 
File.separator + "conf/plain_acl.yml";
         Map<String, Object> backUpAclConfigMap = 
AclUtils.getYamlDataObject(targetFileName, Map.class);
 
@@ -902,4 +903,48 @@ public class PlainAccessValidatorTest {
         plainAccessValidator.deleteAccessConfig(accessKey);
         AclUtils.writeDataObject(targetFileName, backUpAclConfigMap);
     }
+
+
+    @Test
+    public void testValidateAfterUpdateAccessConfig() throws 
NoSuchFieldException, IllegalAccessException {
+        String targetFileName = System.getProperty("rocketmq.home.dir") + 
File.separator + "conf/update.yml";
+        System.setProperty("rocketmq.acl.plain.file", "conf/update.yml");
+        PlainAccessValidator plainAccessValidator = new PlainAccessValidator();
+        PlainAccessConfig plainAccessConfig = new PlainAccessConfig();
+        String accessKey = "updateAccessConfig";
+        String secretKey = "123456789111";
+        plainAccessConfig.setAccessKey(accessKey);
+        plainAccessConfig.setSecretKey(secretKey);
+        plainAccessConfig.setAdmin(true);
+        // update
+        plainAccessValidator.updateAccessConfig(plainAccessConfig);
+        // call load
+        Class clazz = PlainAccessValidator.class;
+        Field f = clazz.getDeclaredField("aclPlugEngine");
+        f.setAccessible(true);
+        PlainPermissionManager aclPlugEngine = (PlainPermissionManager) 
f.get(plainAccessValidator);
+        aclPlugEngine.load(targetFileName);
+
+        // call validate
+        PullMessageRequestHeader pullMessageRequestHeader = new 
PullMessageRequestHeader();
+        pullMessageRequestHeader.setTopic("topicC");
+        pullMessageRequestHeader.setConsumerGroup("consumerGroupA");
+        RemotingCommand remotingCommand = 
RemotingCommand.createRequestCommand(RequestCode.PULL_MESSAGE, 
pullMessageRequestHeader);
+
+        AclClientRPCHook aclClient = new AclClientRPCHook(new 
SessionCredentials(accessKey, secretKey));
+        aclClient.doBeforeRequest("", remotingCommand);
+        ByteBuffer buf = remotingCommand.encodeHeader();
+        buf.getInt();
+        buf = ByteBuffer.allocate(buf.limit() - buf.position()).put(buf);
+        buf.position(0);
+        try {
+            PlainAccessResource accessResource = (PlainAccessResource) 
plainAccessValidator.parse(RemotingCommand.decode(buf), "1.1.1.1:9876");
+            plainAccessValidator.validate(accessResource);
+        } catch (RemotingCommandException e) {
+            e.printStackTrace();
+            Assert.fail("Should not throw IOException");
+        } finally {
+            System.setProperty("rocketmq.acl.plain.file", 
"conf/plain_acl.yml");
+        }
+    }
 }

Reply via email to