[pulsar] branch branch-2.7 updated: [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777)

Wed, 22 Jun 2022 09:22:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new aaa6ef5acc6 [Authorization] AuthorizationService should use provider's 
canLookupAsync method (#11777)
aaa6ef5acc6 is described below

commit aaa6ef5acc6901865c2b31f9a5ab615e57e8d738
Author: Michael Marshall <michael.marsh...@datastax.com>
AuthorDate: Thu Sep 2 00:45:41 2021 -0500

    [Authorization] AuthorizationService should use provider's canLookupAsync 
method (#11777)
---
 .../broker/authorization/AuthorizationService.java | 44 ++++++----------------
 .../authorization/PulsarAuthorizationProvider.java |  7 +---
 2 files changed, 13 insertions(+), 38 deletions(-)

diff --git 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
index 75c759f3193..ce287fa0735 100644
--- 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
+++ 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java
@@ -289,41 +289,21 @@ public class AuthorizationService {
      * @throws Exception
      */
     public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, 
String role,
-            AuthenticationDataSource authenticationData) {
-        CompletableFuture<Boolean> finalResult = new 
CompletableFuture<Boolean>();
-        canProduceAsync(topicName, role, 
authenticationData).whenComplete((produceAuthorized, ex) -> {
-            if (ex == null) {
-                if (produceAuthorized) {
-                    finalResult.complete(produceAuthorized);
-                    return;
-                }
-            } else {
-                if (log.isDebugEnabled()) {
-                    log.debug(
-                            "Topic [{}] Role [{}] exception occurred while 
trying to check Produce permissions. {}",
-                            topicName.toString(), role, ex.getMessage());
-                }
-            }
-            canConsumeAsync(topicName, role, authenticationData, 
null).whenComplete((consumeAuthorized, e) -> {
-                if (e == null) {
-                    if (consumeAuthorized) {
-                        finalResult.complete(consumeAuthorized);
-                        return;
-                    }
+                                                     AuthenticationDataSource 
authenticationData) {
+        if (!this.conf.isAuthorizationEnabled()) {
+            return CompletableFuture.completedFuture(true);
+        }
+        if (provider != null) {
+            return provider.isSuperUser(role, authenticationData, 
conf).thenComposeAsync(isSuperUser -> {
+                if (isSuperUser) {
+                    return CompletableFuture.completedFuture(true);
                 } else {
-                    if (log.isDebugEnabled()) {
-                        log.debug(
-                                "Topic [{}] Role [{}] exception occurred while 
trying to check Consume permissions. {}",
-                                topicName.toString(), role, e.getMessage());
-
-                    }
-                    finalResult.completeExceptionally(e);
-                    return;
+                    return provider.canLookupAsync(topicName, role, 
authenticationData);
                 }
-                finalResult.complete(false);
             });
-        });
-        return finalResult;
+        }
+
+        return FutureUtil.failedFuture(new IllegalStateException("No 
authorization provider configured"));
     }
 
     public CompletableFuture<Boolean> allowFunctionOpsAsync(NamespaceName 
namespaceName, String role,
diff --git 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
index 26a4f6c0db0..7cdb89eecd8 100644
--- 
a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
+++ 
b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java
@@ -197,10 +197,7 @@ public class PulsarAuthorizationProvider implements 
AuthorizationProvider {
             }
             canConsumeAsync(topicName, role, authenticationData, 
null).whenComplete((consumeAuthorized, e) -> {
                 if (e == null) {
-                    if (consumeAuthorized) {
-                        finalResult.complete(consumeAuthorized);
-                        return;
-                    }
+                    finalResult.complete(consumeAuthorized);
                 } else {
                     if (log.isDebugEnabled()) {
                         log.debug(
@@ -209,9 +206,7 @@ public class PulsarAuthorizationProvider implements 
AuthorizationProvider {
 
                     }
                     finalResult.completeExceptionally(e);
-                    return;
                 }
-                finalResult.complete(false);
             });
         });
         return finalResult;

Reply via email to