chia7712 commented on a change in pull request #10184: URL: https://github.com/apache/kafka/pull/10184#discussion_r584628216
########## File path: core/src/main/scala/kafka/server/ControllerApis.scala ########## @@ -280,25 +281,34 @@ class ControllerApis(val requestChannel: RequestChannel, while (iterator.hasNext) { val entry = iterator.next() val topicName = entry.getValue + val topicId = entry.getKey if (!authorizedDeleteTopics.contains(topicName)) { - // Case 1 or case 4: the topic exists, but we don't have permission to delete it. - val topicId = entry.getKey - if (topicIdsToResolve.contains(topicId)) { - appendResponse(null, topicId, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + if (authorizedDescribeTopics.contains(topicName)) { + if (topicNamesToResolve.contains(topicName)) { + // 6. name provided, topic exists, describable => TOPIC_AUTHORIZATION_FAILED + appendResponse(topicName, ZERO_UUID, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + } else { + // 2. ID provided, topic present, describeable => TOPIC_AUTHORIZATION_FAILED + appendResponse(null, topicId, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + } } else { - appendResponse(topicName, ZERO_UUID, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + if (topicNamesToResolve.contains(topicName)) { + // 7. name provided, topic exists, undescribable => UNKNOWN_TOPIC_OR_PARTITION + appendResponse(topicName, ZERO_UUID, new ApiError(UNKNOWN_TOPIC_OR_PARTITION)) + } else { + // 3. ID provided, topic present, undescribeable => UNKNOWN_TOPIC_ID + appendResponse(null, topicId, new ApiError(UNKNOWN_TOPIC_ID)) + } } iterator.remove() } } unknownTopicNameErrors.forEach { (topicName, error) => Review comment: `unknownTopicNameErrors` need to be handled even if `hasClusterAuth` is true. ########## File path: core/src/main/scala/kafka/server/ControllerApis.scala ########## @@ -256,17 +256,18 @@ class ControllerApis(val requestChannel: RequestChannel, } /** - * There are 5 error cases to handle here: + * There are 6 error cases to handle here if we don't have permission to delete: Review comment: there are "7" cases now. ########## File path: core/src/main/scala/kafka/server/ControllerApis.scala ########## @@ -280,25 +281,34 @@ class ControllerApis(val requestChannel: RequestChannel, while (iterator.hasNext) { val entry = iterator.next() val topicName = entry.getValue + val topicId = entry.getKey if (!authorizedDeleteTopics.contains(topicName)) { - // Case 1 or case 4: the topic exists, but we don't have permission to delete it. - val topicId = entry.getKey - if (topicIdsToResolve.contains(topicId)) { - appendResponse(null, topicId, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + if (authorizedDescribeTopics.contains(topicName)) { + if (topicNamesToResolve.contains(topicName)) { + // 6. name provided, topic exists, describable => TOPIC_AUTHORIZATION_FAILED + appendResponse(topicName, ZERO_UUID, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + } else { + // 2. ID provided, topic present, describeable => TOPIC_AUTHORIZATION_FAILED + appendResponse(null, topicId, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + } } else { - appendResponse(topicName, ZERO_UUID, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + if (topicNamesToResolve.contains(topicName)) { + // 7. name provided, topic exists, undescribable => UNKNOWN_TOPIC_OR_PARTITION + appendResponse(topicName, ZERO_UUID, new ApiError(UNKNOWN_TOPIC_OR_PARTITION)) + } else { + // 3. ID provided, topic present, undescribeable => UNKNOWN_TOPIC_ID + appendResponse(null, topicId, new ApiError(UNKNOWN_TOPIC_ID)) + } } iterator.remove() } } unknownTopicNameErrors.forEach { (topicName, error) => if (authorizedDescribeTopics.contains(topicName)) { - // Case 2: the topic we tried to delete by name doesn't exist, and we have - // permission to know that. + // 4. name provided, topic missing, undescribable => UNKNOWN_TOPIC_OR_PARTITION Review comment: this should be case 5 (describable) rather than case 4(undescribable ) since it is in `authorizedDescribeTopics.contains(topicName)` rather than `!authorizedDescribeTopics.contains(topicName)` ########## File path: core/src/main/scala/kafka/server/ControllerApis.scala ########## @@ -280,25 +281,34 @@ class ControllerApis(val requestChannel: RequestChannel, while (iterator.hasNext) { val entry = iterator.next() val topicName = entry.getValue + val topicId = entry.getKey if (!authorizedDeleteTopics.contains(topicName)) { - // Case 1 or case 4: the topic exists, but we don't have permission to delete it. - val topicId = entry.getKey - if (topicIdsToResolve.contains(topicId)) { - appendResponse(null, topicId, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + if (authorizedDescribeTopics.contains(topicName)) { + if (topicNamesToResolve.contains(topicName)) { + // 6. name provided, topic exists, describable => TOPIC_AUTHORIZATION_FAILED + appendResponse(topicName, ZERO_UUID, new ApiError(TOPIC_AUTHORIZATION_FAILED)) + } else { + // 2. ID provided, topic present, describeable => TOPIC_AUTHORIZATION_FAILED + appendResponse(null, topicId, new ApiError(TOPIC_AUTHORIZATION_FAILED)) Review comment: As it is describeable, is it necessary to set null name? ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org