This is an automated email from the ASF dual-hosted git repository. mmerli pushed a commit to branch branch-2.8 in repository https://gitbox.apache.org/repos/asf/pulsar.git
The following commit(s) were added to refs/heads/branch-2.8 by this push: new 32f7340a5b4 [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777) 32f7340a5b4 is described below commit 32f7340a5b425d957c3f7965919dec155a815cfd Author: Michael Marshall <michael.marsh...@datastax.com> AuthorDate: Thu Sep 2 00:45:41 2021 -0500 [Authorization] AuthorizationService should use provider's canLookupAsync method (#11777) --- .../broker/authorization/AuthorizationService.java | 41 ++++++---------------- .../authorization/PulsarAuthorizationProvider.java | 7 +--- 2 files changed, 11 insertions(+), 37 deletions(-) diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java index 4c4963a68ba..26d04776e5d 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationService.java @@ -292,40 +292,19 @@ public class AuthorizationService { */ public CompletableFuture<Boolean> canLookupAsync(TopicName topicName, String role, AuthenticationDataSource authenticationData) { - CompletableFuture<Boolean> finalResult = new CompletableFuture<Boolean>(); - canProduceAsync(topicName, role, authenticationData).whenComplete((produceAuthorized, ex) -> { - if (ex == null) { - if (produceAuthorized) { - finalResult.complete(produceAuthorized); - return; - } - } else { - if (log.isDebugEnabled()) { - log.debug( - "Topic [{}] Role [{}] exception occurred while trying to check Produce permissions. {}", - topicName.toString(), role, ex.getMessage()); - } - } - canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> { - if (e == null) { - if (consumeAuthorized) { - finalResult.complete(consumeAuthorized); - return; - } + if (!this.conf.isAuthorizationEnabled()) { + return CompletableFuture.completedFuture(true); + } + if (provider != null) { + return provider.isSuperUser(role, authenticationData, conf).thenComposeAsync(isSuperUser -> { + if (isSuperUser) { + return CompletableFuture.completedFuture(true); } else { - if (log.isDebugEnabled()) { - log.debug( - "Topic [{}] Role [{}] exception occurred while trying to check Consume permissions. {}", - topicName.toString(), role, e.getMessage()); - - } - finalResult.completeExceptionally(e); - return; + return provider.canLookupAsync(topicName, role, authenticationData); } - finalResult.complete(false); }); - }); - return finalResult; + } + return FutureUtil.failedFuture(new IllegalStateException("No authorization provider configured")); } public CompletableFuture<Boolean> allowFunctionOpsAsync(NamespaceName namespaceName, String role, diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java index d0af3aa448b..b5ebf962ba1 100644 --- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java +++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java @@ -200,10 +200,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider { } canConsumeAsync(topicName, role, authenticationData, null).whenComplete((consumeAuthorized, e) -> { if (e == null) { - if (consumeAuthorized) { - finalResult.complete(consumeAuthorized); - return; - } + finalResult.complete(consumeAuthorized); } else { if (log.isDebugEnabled()) { log.debug( @@ -212,9 +209,7 @@ public class PulsarAuthorizationProvider implements AuthorizationProvider { } finalResult.completeExceptionally(e); - return; } - finalResult.complete(false); }); }); return finalResult;