[GitHub] [pulsar] sijie commented on a change in pull request #6798: Sanitize Perm Checks

Wed, 22 Apr 2020 23:12:26 -0700 


sijie commented on a change in pull request #6798:
URL: https://github.com/apache/pulsar/pull/6798#discussion_r413535462



##########
File path: 
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/ServerCnx.java
##########
@@ -935,6 +937,38 @@ private SchemaData getSchema(PulsarApi.Schema 
protocolSchema) {
             )).build();
     }
 
+    private CompletableFuture<Boolean> canProduce(TopicName topicName, String 
role) {
+        return computeAuthorizedFuture(topicName, role, null, true);
+    }
+
+    private CompletableFuture<Boolean> canConsume(TopicName topicName, String 
role, String subscription) {
+        return computeAuthorizedFuture(topicName, role, subscription, false);
+    }
+
+    private CompletableFuture<Boolean> computeAuthorizedFuture(TopicName 
topicName, String role, String subscription, boolean produce) {
+        String path = 
PulsarWebResource.path(ConfigurationCacheService.POLICIES, 
topicName.getTenant());
+        try {
+            TenantInfo tenantInfo = 
service.getPulsar().getConfigurationCache().propertiesCache().get(path)
+                    .orElseThrow(() -> new 
PulsarServerException.NotFoundException("Tenant does not exist"));
+            CompletableFuture<Boolean> isTenantAdminFuture = 
service.getAuthorizationService().isTenantAdmin(topicName.getTenant(), role, 
tenantInfo, authenticationData);
+            return isTenantAdminFuture.thenCompose(isTenantAdmin -> {
+                if (isTenantAdmin) { return 
CompletableFuture.completedFuture(true); }

Review comment:
       what is the motivation of this change? This seems to change the behavior 
of the current authorization system. It allows tenant admin to produce and 
consume messages. In general, this is a breaking change. There is also an 
attempt to change the authorization system in PIP-49. It was pushed back. We 
shouldn't change the existing authorization system. If you want to allow 
TenantAdmin to produce and consume messages, you should implement a new 
AuthorizationProvider.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to