(rocketmq) branch develop updated: Add validation in broker container configure updating command. (#7587)

Tue, 28 Nov 2023 00:11:24 -0800 

This is an automated email from the ASF dual-hosted git repository.

dinglei pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/rocketmq.git


The following commit(s) were added to refs/heads/develop by this push:
     new 430ee0a755 Add validation in broker container configure updating 
command. (#7587)
430ee0a755 is described below

commit 430ee0a755daf867de31e37b12df417f64811b3a
Author: rongtong <[email protected]>
AuthorDate: Tue Nov 28 16:11:14 2023 +0800

    Add validation in broker container configure updating command. (#7587)
---
 .../rocketmq/container/BrokerContainerConfig.java  | 16 +++++++++
 .../container/BrokerContainerProcessor.java        | 40 +++++++++++++++++++---
 2 files changed, 52 insertions(+), 4 deletions(-)

diff --git 
a/container/src/main/java/org/apache/rocketmq/container/BrokerContainerConfig.java
 
b/container/src/main/java/org/apache/rocketmq/container/BrokerContainerConfig.java
index e03b10c34d..03b4b263f9 100644
--- 
a/container/src/main/java/org/apache/rocketmq/container/BrokerContainerConfig.java
+++ 
b/container/src/main/java/org/apache/rocketmq/container/BrokerContainerConfig.java
@@ -49,6 +49,14 @@ public class BrokerContainerConfig {
      */
     private long updateNamesrvAddrInterval = 60 * 2 * 1000;
 
+
+    /**
+     * Config in this black list will be not allowed to update by command.
+     * Try to update this config black list by restart process.
+     * Try to update configures in black list by restart process.
+     */
+    private String configBlackList = "configBlackList;brokerConfigPaths";
+
     public String getRocketmqHome() {
         return rocketmqHome;
     }
@@ -108,4 +116,12 @@ public class BrokerContainerConfig {
     public void setUpdateNamesrvAddrInterval(long updateNamesrvAddrInterval) {
         this.updateNamesrvAddrInterval = updateNamesrvAddrInterval;
     }
+
+    public String getConfigBlackList() {
+        return configBlackList;
+    }
+
+    public void setConfigBlackList(String configBlackList) {
+        this.configBlackList = configBlackList;
+    }
 }
diff --git 
a/container/src/main/java/org/apache/rocketmq/container/BrokerContainerProcessor.java
 
b/container/src/main/java/org/apache/rocketmq/container/BrokerContainerProcessor.java
index 5b825fe811..5ced082576 100644
--- 
a/container/src/main/java/org/apache/rocketmq/container/BrokerContainerProcessor.java
+++ 
b/container/src/main/java/org/apache/rocketmq/container/BrokerContainerProcessor.java
@@ -19,6 +19,9 @@ package org.apache.rocketmq.container;
 
 import io.netty.channel.ChannelHandlerContext;
 import java.io.UnsupportedEncodingException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.List;
 import java.util.Properties;
 import org.apache.rocketmq.broker.BrokerController;
@@ -45,8 +48,19 @@ public class BrokerContainerProcessor implements 
NettyRequestProcessor {
     private final BrokerContainer brokerContainer;
     private List<BrokerBootHook> brokerBootHookList;
 
+    private final Set<String> configBlackList = new HashSet<>();
+
     public BrokerContainerProcessor(BrokerContainer brokerContainer) {
         this.brokerContainer = brokerContainer;
+        initConfigBlackList();
+    }
+
+    private void initConfigBlackList() {
+        configBlackList.add("brokerConfigPaths");
+        configBlackList.add("rocketmqHome");
+        configBlackList.add("configBlackList");
+        String[] configArray = 
brokerContainer.getBrokerContainerConfig().getConfigBlackList().split(";");
+        configBlackList.addAll(Arrays.asList(configArray));
     }
 
     @Override
@@ -232,15 +246,24 @@ public class BrokerContainerProcessor implements 
NettyRequestProcessor {
             try {
                 String bodyStr = new String(body, MixAll.DEFAULT_CHARSET);
                 Properties properties = MixAll.string2Properties(bodyStr);
-                if (properties != null) {
-                    LOGGER.info("updateSharedBrokerConfig, new config: [{}] 
client: {} ", properties, ctx.channel().remoteAddress());
-                    this.brokerContainer.getConfiguration().update(properties);
-                } else {
+
+                if (properties == null) {
                     LOGGER.error("string2Properties error");
                     response.setCode(ResponseCode.SYSTEM_ERROR);
                     response.setRemark("string2Properties error");
                     return response;
                 }
+
+                if (validateBlackListConfigExist(properties)) {
+                    response.setCode(ResponseCode.NO_PERMISSION);
+                    response.setRemark("Can not update config in black list.");
+                    return response;
+                }
+
+
+                LOGGER.info("updateBrokerContainerConfig, new config: [{}] 
client: {} ", properties, ctx.channel().remoteAddress());
+                this.brokerContainer.getConfiguration().update(properties);
+
             } catch (UnsupportedEncodingException e) {
                 LOGGER.error("", e);
                 response.setCode(ResponseCode.SYSTEM_ERROR);
@@ -254,6 +277,15 @@ public class BrokerContainerProcessor implements 
NettyRequestProcessor {
         return response;
     }
 
+    private boolean validateBlackListConfigExist(Properties properties) {
+        for (String blackConfig : configBlackList) {
+            if (properties.containsKey(blackConfig)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     private RemotingCommand getBrokerConfig(ChannelHandlerContext ctx, 
RemotingCommand request) {
 
         final RemotingCommand response = 
RemotingCommand.createResponseCommand(GetBrokerConfigResponseHeader.class);

Reply via email to