MatrixHB opened a new issue #4109:
URL: https://github.com/apache/rocketmq/issues/4109
We encountered such a case about broker write permission.
When we execute the conmmand `sh mqadmin updateBrokerConfig -b
{brokerIP}:10911 -k brokerPermission -v 4`, the Intps of this broker is
expected to reduce to 0, but it didn't.
The possible reasons for this problem are:
1、re-registerBroker to NameServer failed or timeout when executing the
`UpdateBrokerConfigSubCommand`
2、exception occurs when `updateTopicRouteInfoFromNameServer` on client side
(Maybe lower version of client code hides bug)
3、the client uses the send-message API selecting specific queue, not
affected by the new routeInfo.
Then we found that there is no validation about topic write permission on
broker side. The validation and interception is for order topic.
code:
`org.apache.rocketmq.broker.processor.AbstractSendMessageProcessor#msgCheck`
```
if
(!PermName.isWriteable(this.brokerController.getBrokerConfig().getBrokerPermission())
&&
this.brokerController.getTopicConfigManager().isOrderTopic(requestHeader.getTopic()))
{
response.setCode(ResponseCode.NO_PERMISSION);
response.setRemark("the broker[" +
this.brokerController.getBrokerConfig().getBrokerIP1()
+ "] sending message is forbidden");
return response;
}
```
Is it necessary to add validation for ordinary topic ? The validation on
broker side will cause send message error with "NO_PERMISSION" message, which
means client needs to be aware of this exception.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
