lizhiboo commented on a change in pull request #3761:
URL: https://github.com/apache/rocketmq/pull/3761#discussion_r786686890
##########
File path:
acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
##########
@@ -30,51 +41,74 @@
import org.apache.rocketmq.common.constant.LoggerName;
import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory;
-import org.apache.rocketmq.srvutil.FileWatchService;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import org.apache.rocketmq.srvutil.AclFileWatchService;
public class PlainPermissionManager {
private static final InternalLogger log =
InternalLoggerFactory.getLogger(LoggerName.COMMON_LOGGER_NAME);
- private static final String DEFAULT_PLAIN_ACL_FILE = "/conf/plain_acl.yml";
-
Review comment:
remove old acl file directory incompatible with old version. Can old acl
file and new acl dir coexist?
##########
File path:
acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
##########
@@ -30,51 +43,145 @@
import org.apache.rocketmq.common.constant.LoggerName;
import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory;
-import org.apache.rocketmq.srvutil.FileWatchService;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import org.apache.rocketmq.srvutil.AclFileWatchService;
public class PlainPermissionManager {
private static final InternalLogger log =
InternalLoggerFactory.getLogger(LoggerName.COMMON_LOGGER_NAME);
- private static final String DEFAULT_PLAIN_ACL_FILE = "/conf/plain_acl.yml";
-
private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY,
System.getenv(MixAll.ROCKETMQ_HOME_ENV));
- private String fileName = System.getProperty("rocketmq.acl.plain.file",
DEFAULT_PLAIN_ACL_FILE);
+ private String defaultAclDir = fileHome + File.separator + "conf";
+
+ //private String defaultAclFile = fileHome + File.separator
+ // + System.getProperty("rocketmq.acl.dir", "/conf") + File.separator +
"plain_acl.yml";
+ private String defaultAclFile = fileHome + File.separator +
System.getProperty("rocketmq.acl.plain.file", "conf/plain_acl.yml");
+
+ private Map<String/** fileFullPath **/, Map<String/** AccessKey **/,
PlainAccessResource>> aclPlainAccessResourceMap = new HashMap<>();
- private Map<String/** AccessKey **/, PlainAccessResource>
plainAccessResourceMap = new HashMap<>();
+ private Map<String/** AccessKey **/, String/** fileFullPath **/>
accessKeyTable = new HashMap<>();
private List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new
ArrayList<>();
private RemoteAddressStrategyFactory remoteAddressStrategyFactory = new
RemoteAddressStrategyFactory();
+ private Map<String/** fileFullPath **/, List<RemoteAddressStrategy>>
globalWhiteRemoteAddressStrategyMap = new HashMap<>();
+
private boolean isWatchStart;
+ private Map<String/** fileFullPath **/, DataVersion> dataVersionMap = new
HashMap<>();
+
+ @Deprecated
private final DataVersion dataVersion = new DataVersion();
+ private List<String> fileList = new ArrayList<>();
+
public PlainPermissionManager() {
load();
watch();
}
+ public List<String> getAllAclFiles(String path) {
+ List<String> allAclFileFullPath = new ArrayList<>();
+ File file = new File(path);
+ File[] files = file.listFiles();
+ for (int i = 0; i < files.length; i++) {
+ String fileName = files[i].getAbsolutePath();
+ File f = new File(fileName);
+ if (fileName.equals(fileHome + MixAll.ACL_CONF_TOOLS_FILE)) {
+ continue;
+ } else if (fileName.endsWith(".yml") ||
fileName.endsWith(".yaml")) {
+ allAclFileFullPath.add(fileName);
+ } else if (f.isDirectory()) {
+ allAclFileFullPath.addAll(getAllAclFiles(fileName));
+ }
+ }
+ return allAclFileFullPath;
+ }
+
public void load() {
+ if (fileHome == null || fileHome.isEmpty()) {
+ return;
+ }
+
+ Map<String, Map<String, PlainAccessResource>>
aclPlainAccessResourceMap = new HashMap<>();
+ Map<String, String> accessKeyTable = new HashMap<>();
+ List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new
ArrayList<>();
+ Map<String, List<RemoteAddressStrategy>>
globalWhiteRemoteAddressStrategyMap = new HashMap<>();
+ Map<String, DataVersion> dataVersionMap = new HashMap<>();
+ fileList = getAllAclFiles(defaultAclDir);
+ if (new File(defaultAclFile).exists() &&
!fileList.contains(defaultAclFile)) {
+ fileList.add(defaultAclFile);
+ }
+
+ for (int i = 0; i < fileList.size(); i++) {
+ JSONObject plainAclConfData =
AclUtils.getYamlDataObject(fileList.get(i),
+ JSONObject.class);
+ if (plainAclConfData == null || plainAclConfData.isEmpty()) {
+ throw new AclException(String.format("%s file is not data",
fileList.get(i)));
+ }
+ log.info("Broker plain acl conf data is : ",
plainAclConfData.toString());
+
+ List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategyList =
new ArrayList<>();
+ JSONArray globalWhiteRemoteAddressesList =
plainAclConfData.getJSONArray("globalWhiteRemoteAddresses");
+ if (globalWhiteRemoteAddressesList != null &&
!globalWhiteRemoteAddressesList.isEmpty()) {
+ for (int j = 0; j < globalWhiteRemoteAddressesList.size();
j++) {
+
globalWhiteRemoteAddressStrategyList.add(remoteAddressStrategyFactory.
+
getRemoteAddressStrategy(globalWhiteRemoteAddressesList.getString(j)));
+ }
+ }
+ if (globalWhiteRemoteAddressStrategyList.size() > 0) {
+ globalWhiteRemoteAddressStrategyMap.put(fileList.get(i),
globalWhiteRemoteAddressStrategyList);
+
globalWhiteRemoteAddressStrategy.addAll(globalWhiteRemoteAddressStrategyList);
+ }
+
+ JSONArray accounts =
plainAclConfData.getJSONArray(AclConstants.CONFIG_ACCOUNTS);
+ Map<String, PlainAccessResource> plainAccessResourceMap = new
HashMap<>();
+ if (accounts != null && !accounts.isEmpty()) {
+ List<PlainAccessConfig> plainAccessConfigList =
accounts.toJavaList(PlainAccessConfig.class);
+ for (PlainAccessConfig plainAccessConfig :
plainAccessConfigList) {
+ PlainAccessResource plainAccessResource =
buildPlainAccessResource(plainAccessConfig);
+ //AccessKey can not be defined in multiple ACL files
+ if (accessKeyTable.get(plainAccessResource.getAccessKey())
== null) {
Review comment:
IMO, if accessKeyTable contains aplainAccessResource.getAccessKey(),
print warn log will be better.
##########
File path:
acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java
##########
@@ -30,51 +43,145 @@
import org.apache.rocketmq.common.constant.LoggerName;
import org.apache.rocketmq.logging.InternalLogger;
import org.apache.rocketmq.logging.InternalLoggerFactory;
-import org.apache.rocketmq.srvutil.FileWatchService;
-
-import java.io.File;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import org.apache.rocketmq.srvutil.AclFileWatchService;
public class PlainPermissionManager {
private static final InternalLogger log =
InternalLoggerFactory.getLogger(LoggerName.COMMON_LOGGER_NAME);
- private static final String DEFAULT_PLAIN_ACL_FILE = "/conf/plain_acl.yml";
-
private String fileHome = System.getProperty(MixAll.ROCKETMQ_HOME_PROPERTY,
System.getenv(MixAll.ROCKETMQ_HOME_ENV));
- private String fileName = System.getProperty("rocketmq.acl.plain.file",
DEFAULT_PLAIN_ACL_FILE);
+ private String defaultAclDir = fileHome + File.separator + "conf";
+
+ //private String defaultAclFile = fileHome + File.separator
+ // + System.getProperty("rocketmq.acl.dir", "/conf") + File.separator +
"plain_acl.yml";
+ private String defaultAclFile = fileHome + File.separator +
System.getProperty("rocketmq.acl.plain.file", "conf/plain_acl.yml");
+
+ private Map<String/** fileFullPath **/, Map<String/** AccessKey **/,
PlainAccessResource>> aclPlainAccessResourceMap = new HashMap<>();
- private Map<String/** AccessKey **/, PlainAccessResource>
plainAccessResourceMap = new HashMap<>();
+ private Map<String/** AccessKey **/, String/** fileFullPath **/>
accessKeyTable = new HashMap<>();
private List<RemoteAddressStrategy> globalWhiteRemoteAddressStrategy = new
ArrayList<>();
private RemoteAddressStrategyFactory remoteAddressStrategyFactory = new
RemoteAddressStrategyFactory();
+ private Map<String/** fileFullPath **/, List<RemoteAddressStrategy>>
globalWhiteRemoteAddressStrategyMap = new HashMap<>();
+
private boolean isWatchStart;
+ private Map<String/** fileFullPath **/, DataVersion> dataVersionMap = new
HashMap<>();
+
+ @Deprecated
private final DataVersion dataVersion = new DataVersion();
+ private List<String> fileList = new ArrayList<>();
+
public PlainPermissionManager() {
load();
watch();
}
+ public List<String> getAllAclFiles(String path) {
+ List<String> allAclFileFullPath = new ArrayList<>();
+ File file = new File(path);
+ File[] files = file.listFiles();
Review comment:
IMO, check file is directory will be better
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
