chia7712 commented on code in PR #18578:
URL: https://github.com/apache/kafka/pull/18578#discussion_r1918907903
##########
core/src/test/scala/unit/kafka/server/KafkaApisTest.scala:
##########
@@ -3561,6 +3561,115 @@ class KafkaApisTest extends Logging {
assertEquals(Set(0), response.brokers.asScala.map(_.id).toSet)
}
+ @Test
+ def testUnauthorizedTopicMetadataRequest(): Unit = {
+ // 1. Set up broker information
+ val plaintextListener =
ListenerName.forSecurityProtocol(SecurityProtocol.PLAINTEXT)
+ val broker = new UpdateMetadataBroker()
+ .setId(0)
+ .setRack("rack")
+ .setEndpoints(Seq(
+ new UpdateMetadataEndpoint()
+ .setHost("broker0")
+ .setPort(9092)
+ .setSecurityProtocol(SecurityProtocol.PLAINTEXT.id)
+ .setListener(plaintextListener.value)
+ ).asJava)
+
+ // 2. Set up authorizer
+ val authorizer: Authorizer = mock(classOf[Authorizer])
+ val unauthorizedTopic = "unauthorized-topic"
+ val authorizedTopic = "authorized-topic"
+
+ val expectedActions = Seq(
+ new Action(AclOperation.DESCRIBE, new
ResourcePattern(ResourceType.TOPIC, unauthorizedTopic, PatternType.LITERAL), 1,
true, true),
+ new Action(AclOperation.DESCRIBE, new
ResourcePattern(ResourceType.TOPIC, authorizedTopic, PatternType.LITERAL), 1,
true, true)
+ )
+
+ when(authorizer.authorize(any[RequestContext], argThat((t:
java.util.List[Action]) => t.containsAll(expectedActions.asJava))))
+ .thenAnswer { invocation =>
+ val actions =
invocation.getArgument(1).asInstanceOf[util.List[Action]].asScala
+ actions.map { action =>
+ if (action.resourcePattern().name().equals(authorizedTopic))
+ AuthorizationResult.ALLOWED
+ else
+ AuthorizationResult.DENIED
+ }.asJava
+ }
+
+ // 3. Set up MetadataCache
+ val authorizedTopicId = Uuid.randomUuid()
+ val unauthorizedTopicId = Uuid.randomUuid()
+
+ val topicIds = new util.HashMap[String, Uuid]()
+ topicIds.put(authorizedTopic, authorizedTopicId)
+ topicIds.put(unauthorizedTopic, unauthorizedTopicId)
+
+ def createDummyPartitionStates(topic: String) = {
+ new UpdateMetadataPartitionState()
+ .setTopicName(topic)
+ .setPartitionIndex(0)
+ .setControllerEpoch(0)
+ .setLeader(0)
+ .setLeaderEpoch(0)
+ .setReplicas(Collections.singletonList(0))
+ .setZkVersion(0)
+ .setIsr(Collections.singletonList(0))
+ }
+
+ // Send UpdateMetadataReq to update MetadataCache
+ val partitionStates = Seq(unauthorizedTopic,
authorizedTopic).map(createDummyPartitionStates)
+
+ val updateMetadataRequest = new
UpdateMetadataRequest.Builder(ApiKeys.UPDATE_METADATA.latestVersion, 0,
+ 0, 0, partitionStates.asJava, Seq(broker).asJava, topicIds).build()
+ MetadataCacheTest.updateCache(metadataCache, updateMetadataRequest)
Review Comment:
we should have a jira to cleanup the usage of
`MetadataCacheTest.updateCache`, as it is using updateMetadataRequest which is
not used by kraft production code anymore.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
