[GitHub] [rocketmq] lyx2000 opened a new issue, #6968: [Bug] Proxy ACL grpc parse PlainAccessResource wrong.

Thu, 29 Jun 2023 08:50:10 -0700 


lyx2000 opened a new issue, #6968:
URL: https://github.com/apache/rocketmq/issues/6968

   ### Before Creating the Bug Report
   
   - [X] I found a bug, not just asking a question, which should be created in 
[GitHub Discussions](https://github.com/apache/rocketmq/discussions).
   
   - [X] I have searched the [GitHub 
Issues](https://github.com/apache/rocketmq/issues) and [GitHub 
Discussions](https://github.com/apache/rocketmq/discussions)  of this 
repository and believe that this is not a duplicate.
   
   - [X] I have confirmed that this bug belongs to the current repository, not 
other repositories of RocketMQ.
   
   
   ### Runtime platform environment
   
   mac ubuntu etc.
   
   ### RocketMQ version
   
   5.x
   
   ### JDK Version
   
   _No response_
   
   ### Describe the Bug
   
   ### 1. PlainAccessResource parse wrong impl for grpc protocol
   When parse to PlainAccessResource in remoting protocol 
   
`org.apache.rocketmq.acl.plain.PlainAccessResource#parse(org.apache.rocketmq.remoting.protocol.RemotingCommand,
 java.lang.String)`
   it turns group into RetryTopic and add it as resource name.
   However, when it comes to grpc protocol, the related `parse` method does not 
handle group as mention as mentioned above.
   Also seen in the acl module, parse to PlainAccessResource in remoting 
protocol has abundant unit test, but parse method for grpc has 0 unit test, 
which is worth adding.
   
   ### 2. lack of spi AccessValidator in proxy remoting protocol impl
   Need to add a common method for both remoting & grpc in proxy to get 
AccessValidator.
   
   ### Steps to Reproduce
   
   ```yml
   accounts:
   - accessKey: 3nRqUIKd1g
     secretKey: 10q6nUi31odLGzxuvc7Ckk
     admin: false
     defaultTopicPerm: PUB|SUB
     defaultGroupPerm: PUB|SUB
     topicPerms:
     - TopicA=SUB
     groupPerms:
     - GroupA=SUB
   ````
   use this accout and 5.0 grpc consumer client, you will be denied for NO 
PERMISSION.
   
   ### What Did You Expect to See?
   
   merge my fix branch into dev
   
   ### What Did You See Instead?
   
   or more discussion?
   
   ### Additional Context
   
   no
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to