This is an automated email from the ASF dual-hosted git repository.
duhengforever pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git
The following commit(s) were added to refs/heads/develop by this push:
new e8fd55bb0 [ISSUE #4257] Verify that the value of the permission is
valid when updating the topic/broker config (#4498)
e8fd55bb0 is described below
commit e8fd55bb0158df738d63854887fdc6b9e693a694
Author: wangfan <[email protected]>
AuthorDate: Sun Jul 31 16:40:29 2022 +0800
[ISSUE #4257] Verify that the value of the permission is valid when
updating the topic/broker config (#4498)
* [ISSUE #4257] Verify that the value of the permission is valid when
updating the topic/broker config
* delete useless import
Co-authored-by: wangfan <[email protected]>
---
.../org/apache/rocketmq/client/Validators.java | 18 +++++++
.../rocketmq/client/impl/MQClientAPIImpl.java | 8 ++-
.../org/apache/rocketmq/client/ValidatorsTest.java | 63 ++++++++++++++++++++++
.../java/org/apache/rocketmq/common/MixAll.java | 5 ++
.../apache/rocketmq/common/constant/PermName.java | 8 +++
.../rocketmq/tools/admin/DefaultMQAdminExt.java | 2 +-
.../tools/admin/DefaultMQAdminExtImpl.java | 2 +-
.../apache/rocketmq/tools/admin/MQAdminExt.java | 4 +-
8 files changed, 104 insertions(+), 6 deletions(-)
diff --git a/client/src/main/java/org/apache/rocketmq/client/Validators.java
b/client/src/main/java/org/apache/rocketmq/client/Validators.java
index 19208c315..0710d036f 100644
--- a/client/src/main/java/org/apache/rocketmq/client/Validators.java
+++ b/client/src/main/java/org/apache/rocketmq/client/Validators.java
@@ -19,9 +19,12 @@ package org.apache.rocketmq.client;
import static
org.apache.rocketmq.common.topic.TopicValidator.isTopicOrGroupIllegal;
+import java.util.Properties;
import org.apache.rocketmq.client.exception.MQClientException;
import org.apache.rocketmq.client.producer.DefaultMQProducer;
+import org.apache.rocketmq.common.TopicConfig;
import org.apache.rocketmq.common.UtilAll;
+import org.apache.rocketmq.common.constant.PermName;
import org.apache.rocketmq.common.message.Message;
import org.apache.rocketmq.common.protocol.ResponseCode;
import org.apache.rocketmq.common.topic.TopicValidator;
@@ -107,4 +110,19 @@ public class Validators {
}
}
+ public static void checkTopicConfig(final TopicConfig topicConfig) throws
MQClientException {
+ if (!PermName.isValid(topicConfig.getPerm())) {
+ throw new MQClientException(ResponseCode.NO_PERMISSION,
+ String.format("topicPermission value: %s is invalid.",
topicConfig.getPerm()));
+ }
+ }
+
+ public static void checkBrokerConfig(final Properties brokerConfig) throws
MQClientException {
+ // TODO: use MixAll.isPropertyValid() when jdk upgrade to 1.8
+ if (brokerConfig.containsKey("brokerPermission")
+ &&
!PermName.isValid(brokerConfig.getProperty("brokerPermission"))) {
+ throw new MQClientException(ResponseCode.NO_PERMISSION,
+ String.format("brokerPermission value: %s is invalid.",
brokerConfig.getProperty("brokerPermission")));
+ }
+ }
}
diff --git
a/client/src/main/java/org/apache/rocketmq/client/impl/MQClientAPIImpl.java
b/client/src/main/java/org/apache/rocketmq/client/impl/MQClientAPIImpl.java
index ad17dfe26..a503d81cd 100644
--- a/client/src/main/java/org/apache/rocketmq/client/impl/MQClientAPIImpl.java
+++ b/client/src/main/java/org/apache/rocketmq/client/impl/MQClientAPIImpl.java
@@ -31,6 +31,7 @@ import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.client.ClientConfig;
+import org.apache.rocketmq.client.Validators;
import org.apache.rocketmq.client.common.ClientErrorCode;
import org.apache.rocketmq.client.consumer.AckCallback;
import org.apache.rocketmq.client.consumer.AckResult;
@@ -364,7 +365,9 @@ public class MQClientAPIImpl implements
NameServerUpdateCallback {
public void createTopic(final String addr, final String defaultTopic,
final TopicConfig topicConfig,
final long timeoutMillis)
- throws RemotingException, InterruptedException, MQClientException {
+ throws RemotingException, MQBrokerException, InterruptedException,
MQClientException {
+ Validators.checkTopicConfig(topicConfig);
+
CreateTopicRequestHeader requestHeader = new
CreateTopicRequestHeader();
requestHeader.setTopic(topicConfig.getTopicName());
requestHeader.setDefaultTopic(defaultTopic);
@@ -1696,7 +1699,8 @@ public class MQClientAPIImpl implements
NameServerUpdateCallback {
public void updateBrokerConfig(final String addr, final Properties
properties, final long timeoutMillis)
throws RemotingConnectException, RemotingSendRequestException,
RemotingTimeoutException, InterruptedException,
- MQBrokerException, UnsupportedEncodingException {
+ MQBrokerException, MQClientException, UnsupportedEncodingException {
+ Validators.checkBrokerConfig(properties);
RemotingCommand request =
RemotingCommand.createRequestCommand(RequestCode.UPDATE_BROKER_CONFIG, null);
diff --git
a/client/src/test/java/org/apache/rocketmq/client/ValidatorsTest.java
b/client/src/test/java/org/apache/rocketmq/client/ValidatorsTest.java
index 90897d4af..4974ccc65 100644
--- a/client/src/test/java/org/apache/rocketmq/client/ValidatorsTest.java
+++ b/client/src/test/java/org/apache/rocketmq/client/ValidatorsTest.java
@@ -17,8 +17,12 @@
package org.apache.rocketmq.client;
+import java.util.Properties;
import org.apache.commons.lang3.StringUtils;
import org.apache.rocketmq.client.exception.MQClientException;
+import org.apache.rocketmq.common.TopicConfig;
+import org.apache.rocketmq.common.constant.PermName;
+import org.apache.rocketmq.common.protocol.ResponseCode;
import org.apache.rocketmq.common.topic.TopicValidator;
import org.junit.Test;
@@ -106,4 +110,63 @@ public class ValidatorsTest {
}
}
}
+
+ @Test
+ public void testTopicConfigValid() throws MQClientException {
+ TopicConfig topicConfig = new TopicConfig();
+ topicConfig.setPerm(PermName.PERM_INHERIT | PermName.PERM_WRITE |
PermName.PERM_READ);
+ Validators.checkTopicConfig(topicConfig);
+
+ topicConfig.setPerm(PermName.PERM_WRITE | PermName.PERM_READ);
+ Validators.checkTopicConfig(topicConfig);
+
+ topicConfig.setPerm(PermName.PERM_READ);
+ Validators.checkTopicConfig(topicConfig);
+
+ try {
+ topicConfig.setPerm(PermName.PERM_PRIORITY);
+ Validators.checkTopicConfig(topicConfig);
+ } catch (MQClientException e) {
+
assertThat(e.getResponseCode()).isEqualTo(ResponseCode.NO_PERMISSION);
+
assertThat(e.getErrorMessage()).isEqualTo(String.format("topicPermission value:
%s is invalid.", topicConfig.getPerm()));
+ }
+
+ try {
+ topicConfig.setPerm(PermName.PERM_PRIORITY | PermName.PERM_WRITE);
+ Validators.checkTopicConfig(topicConfig);
+ } catch (MQClientException e) {
+
assertThat(e.getResponseCode()).isEqualTo(ResponseCode.NO_PERMISSION);
+
assertThat(e.getErrorMessage()).isEqualTo(String.format("topicPermission value:
%s is invalid.", topicConfig.getPerm()));
+ }
+ }
+
+ @Test
+ public void testBrokerConfigValid() throws MQClientException {
+ Properties brokerConfig = new Properties();
+ brokerConfig.setProperty("brokerPermission",
+ String.valueOf(PermName.PERM_INHERIT | PermName.PERM_WRITE |
PermName.PERM_READ));
+ Validators.checkBrokerConfig(brokerConfig);
+
+ brokerConfig.setProperty("brokerPermission",
String.valueOf(PermName.PERM_WRITE | PermName.PERM_READ));
+ Validators.checkBrokerConfig(brokerConfig);
+
+ brokerConfig.setProperty("brokerPermission",
String.valueOf(PermName.PERM_READ));
+ Validators.checkBrokerConfig(brokerConfig);
+
+ try {
+ brokerConfig.setProperty("brokerPermission",
String.valueOf(PermName.PERM_PRIORITY));;
+ Validators.checkBrokerConfig(brokerConfig);
+ } catch (MQClientException e) {
+
assertThat(e.getResponseCode()).isEqualTo(ResponseCode.NO_PERMISSION);
+
assertThat(e.getErrorMessage()).isEqualTo(String.format("brokerPermission
value: %s is invalid.", brokerConfig.getProperty("brokerPermission")));
+ }
+
+ try {
+ brokerConfig.setProperty("brokerPermission",
String.valueOf(PermName.PERM_PRIORITY | PermName.PERM_INHERIT));;
+ Validators.checkBrokerConfig(brokerConfig);
+ } catch (MQClientException e) {
+
assertThat(e.getResponseCode()).isEqualTo(ResponseCode.NO_PERMISSION);
+
assertThat(e.getErrorMessage()).isEqualTo(String.format("brokerPermission
value: %s is invalid.", brokerConfig.getProperty("brokerPermission")));
+ }
+ }
}
diff --git a/common/src/main/java/org/apache/rocketmq/common/MixAll.java
b/common/src/main/java/org/apache/rocketmq/common/MixAll.java
index 546f7b7e8..322a78d30 100644
--- a/common/src/main/java/org/apache/rocketmq/common/MixAll.java
+++ b/common/src/main/java/org/apache/rocketmq/common/MixAll.java
@@ -47,6 +47,7 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.atomic.AtomicLong;
+import java.util.function.Predicate;
public class MixAll {
public static final String ROCKETMQ_HOME_ENV = "ROCKETMQ_HOME";
@@ -372,6 +373,10 @@ public class MixAll {
return p1.equals(p2);
}
+ public static boolean isPropertyValid(Properties props, String key,
Predicate<String> validator) {
+ return validator.test(props.getProperty(key));
+ }
+
public static List<String> getLocalInetAddress() {
List<String> inetAddressList = new ArrayList<String>();
try {
diff --git
a/common/src/main/java/org/apache/rocketmq/common/constant/PermName.java
b/common/src/main/java/org/apache/rocketmq/common/constant/PermName.java
index 434870cba..d7c76b4c0 100644
--- a/common/src/main/java/org/apache/rocketmq/common/constant/PermName.java
+++ b/common/src/main/java/org/apache/rocketmq/common/constant/PermName.java
@@ -57,6 +57,14 @@ public class PermName {
return (perm & PERM_INHERIT) == PERM_INHERIT;
}
+ public static boolean isValid(final String perm) {
+ return isValid(Integer.parseInt(perm));
+ }
+
+ public static boolean isValid(final int perm) {
+ return perm >= PERM_INHERIT && perm < PERM_PRIORITY;
+ }
+
public static boolean isPriority(final int perm) {
return (perm & PERM_PRIORITY) == PERM_PRIORITY;
}
diff --git
a/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExt.java
b/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExt.java
index 47d2e9902..88bc5feb6 100644
--- a/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExt.java
+++ b/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExt.java
@@ -171,7 +171,7 @@ public class DefaultMQAdminExt extends ClientConfig
implements MQAdminExt {
@Override
public void updateBrokerConfig(String brokerAddr,
Properties properties) throws RemotingConnectException,
RemotingSendRequestException,
- RemotingTimeoutException, UnsupportedEncodingException,
InterruptedException, MQBrokerException {
+ RemotingTimeoutException, UnsupportedEncodingException,
InterruptedException, MQBrokerException, MQClientException {
defaultMQAdminExtImpl.updateBrokerConfig(brokerAddr, properties);
}
diff --git
a/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExtImpl.java
b/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExtImpl.java
index 1a08b6afa..99f39a4a5 100644
---
a/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExtImpl.java
+++
b/tools/src/main/java/org/apache/rocketmq/tools/admin/DefaultMQAdminExtImpl.java
@@ -237,7 +237,7 @@ public class DefaultMQAdminExtImpl implements MQAdminExt,
MQAdminExtInner {
}
@Override public void updateBrokerConfig(String brokerAddr,
- Properties properties) throws RemotingConnectException,
RemotingSendRequestException, RemotingTimeoutException,
UnsupportedEncodingException, InterruptedException, MQBrokerException {
+ Properties properties) throws RemotingConnectException,
RemotingSendRequestException, RemotingTimeoutException,
UnsupportedEncodingException, InterruptedException, MQBrokerException,
MQClientException {
this.mqClientInstance.getMQClientAPIImpl().updateBrokerConfig(brokerAddr,
properties, timeoutMillis);
}
diff --git
a/tools/src/main/java/org/apache/rocketmq/tools/admin/MQAdminExt.java
b/tools/src/main/java/org/apache/rocketmq/tools/admin/MQAdminExt.java
index cae32bed8..8cca43aaa 100644
--- a/tools/src/main/java/org/apache/rocketmq/tools/admin/MQAdminExt.java
+++ b/tools/src/main/java/org/apache/rocketmq/tools/admin/MQAdminExt.java
@@ -79,7 +79,7 @@ public interface MQAdminExt extends MQAdmin {
long brokerId) throws InterruptedException, MQBrokerException,
RemotingTimeoutException, RemotingSendRequestException,
RemotingConnectException;
void updateBrokerConfig(final String brokerAddr, final Properties
properties) throws RemotingConnectException,
- RemotingSendRequestException, RemotingTimeoutException,
UnsupportedEncodingException, InterruptedException, MQBrokerException;
+ RemotingSendRequestException, RemotingTimeoutException,
UnsupportedEncodingException, InterruptedException, MQBrokerException,
MQClientException;
Properties getBrokerConfig(final String brokerAddr) throws
RemotingConnectException,
RemotingSendRequestException, RemotingTimeoutException,
UnsupportedEncodingException, InterruptedException, MQBrokerException;
@@ -99,7 +99,7 @@ public interface MQAdminExt extends MQAdmin {
final String globalWhiteAddrs) throws RemotingException,
MQBrokerException,
InterruptedException, MQClientException;
- void updateGlobalWhiteAddrConfig(final String addr, final String
globalWhiteAddrs, String aclFileFullPath)throws RemotingException,
MQBrokerException,
+ void updateGlobalWhiteAddrConfig(final String addr, final String
globalWhiteAddrs, String aclFileFullPath) throws RemotingException,
MQBrokerException,
InterruptedException, MQClientException;
ClusterAclVersionInfo examineBrokerClusterAclVersionInfo(
