chia7712 commented on a change in pull request #10184:
URL: https://github.com/apache/kafka/pull/10184#discussion_r584628216
##########
File path: core/src/main/scala/kafka/server/ControllerApis.scala
##########
@@ -280,25 +281,34 @@ class ControllerApis(val requestChannel: RequestChannel,
while (iterator.hasNext) {
val entry = iterator.next()
val topicName = entry.getValue
+ val topicId = entry.getKey
if (!authorizedDeleteTopics.contains(topicName)) {
- // Case 1 or case 4: the topic exists, but we don't have permission
to delete it.
- val topicId = entry.getKey
- if (topicIdsToResolve.contains(topicId)) {
- appendResponse(null, topicId, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ if (authorizedDescribeTopics.contains(topicName)) {
+ if (topicNamesToResolve.contains(topicName)) {
+ // 6. name provided, topic exists, describable =>
TOPIC_AUTHORIZATION_FAILED
+ appendResponse(topicName, ZERO_UUID, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ } else {
+ // 2. ID provided, topic present, describeable =>
TOPIC_AUTHORIZATION_FAILED
+ appendResponse(null, topicId, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ }
} else {
- appendResponse(topicName, ZERO_UUID, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ if (topicNamesToResolve.contains(topicName)) {
+ // 7. name provided, topic exists, undescribable =>
UNKNOWN_TOPIC_OR_PARTITION
+ appendResponse(topicName, ZERO_UUID, new
ApiError(UNKNOWN_TOPIC_OR_PARTITION))
+ } else {
+ // 3. ID provided, topic present, undescribeable =>
UNKNOWN_TOPIC_ID
+ appendResponse(null, topicId, new ApiError(UNKNOWN_TOPIC_ID))
+ }
}
iterator.remove()
}
}
unknownTopicNameErrors.forEach { (topicName, error) =>
Review comment:
`unknownTopicNameErrors` need to be handled even if `hasClusterAuth` is
true.
##########
File path: core/src/main/scala/kafka/server/ControllerApis.scala
##########
@@ -256,17 +256,18 @@ class ControllerApis(val requestChannel: RequestChannel,
}
/**
- * There are 5 error cases to handle here:
+ * There are 6 error cases to handle here if we don't have permission to
delete:
Review comment:
there are "7" cases now.
##########
File path: core/src/main/scala/kafka/server/ControllerApis.scala
##########
@@ -280,25 +281,34 @@ class ControllerApis(val requestChannel: RequestChannel,
while (iterator.hasNext) {
val entry = iterator.next()
val topicName = entry.getValue
+ val topicId = entry.getKey
if (!authorizedDeleteTopics.contains(topicName)) {
- // Case 1 or case 4: the topic exists, but we don't have permission
to delete it.
- val topicId = entry.getKey
- if (topicIdsToResolve.contains(topicId)) {
- appendResponse(null, topicId, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ if (authorizedDescribeTopics.contains(topicName)) {
+ if (topicNamesToResolve.contains(topicName)) {
+ // 6. name provided, topic exists, describable =>
TOPIC_AUTHORIZATION_FAILED
+ appendResponse(topicName, ZERO_UUID, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ } else {
+ // 2. ID provided, topic present, describeable =>
TOPIC_AUTHORIZATION_FAILED
+ appendResponse(null, topicId, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ }
} else {
- appendResponse(topicName, ZERO_UUID, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ if (topicNamesToResolve.contains(topicName)) {
+ // 7. name provided, topic exists, undescribable =>
UNKNOWN_TOPIC_OR_PARTITION
+ appendResponse(topicName, ZERO_UUID, new
ApiError(UNKNOWN_TOPIC_OR_PARTITION))
+ } else {
+ // 3. ID provided, topic present, undescribeable =>
UNKNOWN_TOPIC_ID
+ appendResponse(null, topicId, new ApiError(UNKNOWN_TOPIC_ID))
+ }
}
iterator.remove()
}
}
unknownTopicNameErrors.forEach { (topicName, error) =>
if (authorizedDescribeTopics.contains(topicName)) {
- // Case 2: the topic we tried to delete by name doesn't exist, and
we have
- // permission to know that.
+ // 4. name provided, topic missing, undescribable =>
UNKNOWN_TOPIC_OR_PARTITION
Review comment:
this should be case 5 (describable) rather than case 4(undescribable )
since it is in `authorizedDescribeTopics.contains(topicName)` rather than
`!authorizedDescribeTopics.contains(topicName)`
##########
File path: core/src/main/scala/kafka/server/ControllerApis.scala
##########
@@ -280,25 +281,34 @@ class ControllerApis(val requestChannel: RequestChannel,
while (iterator.hasNext) {
val entry = iterator.next()
val topicName = entry.getValue
+ val topicId = entry.getKey
if (!authorizedDeleteTopics.contains(topicName)) {
- // Case 1 or case 4: the topic exists, but we don't have permission
to delete it.
- val topicId = entry.getKey
- if (topicIdsToResolve.contains(topicId)) {
- appendResponse(null, topicId, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ if (authorizedDescribeTopics.contains(topicName)) {
+ if (topicNamesToResolve.contains(topicName)) {
+ // 6. name provided, topic exists, describable =>
TOPIC_AUTHORIZATION_FAILED
+ appendResponse(topicName, ZERO_UUID, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
+ } else {
+ // 2. ID provided, topic present, describeable =>
TOPIC_AUTHORIZATION_FAILED
+ appendResponse(null, topicId, new
ApiError(TOPIC_AUTHORIZATION_FAILED))
Review comment:
As it is describeable, is it necessary to set null name?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
