This is an automated email from the ASF dual-hosted git repository. mmerli pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.7 by this push: new aaa6ef5acc6 [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777) aaa6ef5acc6 is described below commit aaa6ef5acc6901865c2b31f9a5ab615e57e8d738 Author: Michael Marshall <michael.marsh...@datastax.com> AuthorDate: Thu Sep 2 00:45:41 2021 -0500 [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777) --- .../broker/authorization/AuthorizationService.java | 44 ++++++---------------- .../authorization/PulsarAuthorizationProvider.java | 7 +--- 2 files changed, 13 insertions(+), 38 deletions(-) diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java index 75c759f3193..ce287fa0735 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java @@ -289,41 +289,21 @@ public class AuthorizationService { * @throws Exception */ public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String role, - AuthenticationDataSource authenticationData) { - CompletableFuture<Boolean> finalResult = new CompletableFuture<Boolean>(); - canProduceAsync(topicName, role, authenticationData).whenComplete((produceAuthorized, ex) -> { - if (ex == null) { - if (produceAuthorized) { - finalResult.complete(produceAuthorized); - return; - } - } else { - if (log.isDebugEnabled()) { - log.debug( - "Topic [{}] Role [{}] exception occurred while trying to check Produce permissions. {}", - topicName.toString(), role, ex.getMessage()); - } - } - canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> { - if (e == null) { - if (consumeAuthorized) { - finalResult.complete(consumeAuthorized); - return; - } + AuthenticationDataSource authenticationData) { + if (!this.conf.isAuthorizationEnabled()) { + return CompletableFuture.completedFuture(true); + } + if (provider != null) { + return provider.isSuperUser(role, authenticationData, conf).thenComposeAsync(isSuperUser -> { + if (isSuperUser) { + return CompletableFuture.completedFuture(true); } else { - if (log.isDebugEnabled()) { - log.debug( - "Topic [{}] Role [{}] exception occurred while trying to check Consume permissions. {}", - topicName.toString(), role, e.getMessage()); - - } - finalResult.completeExceptionally(e); - return; + return provider.canLookupAsync(topicName, role, authenticationData); } - finalResult.complete(false); }); - }); - return finalResult; + } + + return FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured")); } public CompletableFuture<Boolean> allowFunctionOpsAsync(NamespaceName namespaceName, String role, diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java index 26a4f6c0db0..7cdb89eecd8 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java @@ -197,10 +197,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider { } canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> { if (e == null) { - if (consumeAuthorized) { - finalResult.complete(consumeAuthorized); - return; - } + finalResult.complete(consumeAuthorized); } else { if (log.isDebugEnabled()) { log.debug( @@ -209,9 +206,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider { } finalResult.completeExceptionally(e); - return; } - finalResult.complete(false); }); }); return finalResult;