pprovenzano commented on code in PR #13114: URL: https://github.com/apache/kafka/pull/13114#discussion_r1107193412
########## metadata/src/main/java/org/apache/kafka/image/ScramImage.java: ########## @@ -50,6 +58,63 @@ public void write(ImageWriter writer, ImageWriterOptions options) { } } + public DescribeUserScramCredentialsResponseData describe(DescribeUserScramCredentialsRequestData request) { + + List<UserName> users = request.users(); + Map<String, Boolean> uniqueUsers = new HashMap<String, Boolean>(); + + if ((users == null) || (users.size() == 0)) { + System.out.println("Describe : get all the users"); + // If there are no users listed then get all the users + for (Map<String, ScramCredentialData> scramCredentialDataSet : mechanisms.values()) { + for (String user : scramCredentialDataSet.keySet()) { + uniqueUsers.put(user, false); + } + } + } else { + // Filter out duplicates + for (UserName user : users) { + if (uniqueUsers.containsKey(user.name())) { + uniqueUsers.put(user.name(), true); + } else { + uniqueUsers.put(user.name(), false); + } + } + } + + DescribeUserScramCredentialsResponseData retval = new DescribeUserScramCredentialsResponseData(); + + for (Map.Entry<String, Boolean> user : uniqueUsers.entrySet()) { + DescribeUserScramCredentialsResult result = + new DescribeUserScramCredentialsResult().setUser(user.getKey()); + + if (user.getValue() == false) { + List<CredentialInfo> credentialInfos = new ArrayList<CredentialInfo>(); + + boolean datafound = false; + for (Map.Entry<ScramMechanism, Map<String, ScramCredentialData>> mechanismsEntry : mechanisms.entrySet()) { + Map<String, ScramCredentialData> credentialDataSet = mechanismsEntry.getValue(); + if (credentialDataSet.containsKey(user.getKey())) { + credentialInfos.add(new CredentialInfo().setMechanism(mechanismsEntry.getKey().type()) + .setIterations(credentialDataSet.get(user.getKey()).iterations())); + datafound = true; + } + } + if (datafound) { + result.setCredentialInfos(credentialInfos); + } else { + result.setErrorCode(Errors.RESOURCE_NOT_FOUND.code()) Review Comment: The request contains a list of users. If the list is empty then the request is to describe all the users. I personally think this is a security issue but I'm just implementing what was there for Zk. If there are no users with SCRAM credentials and the request is to describe all the users, then an empty response is returned. It is not an error. This is tested in the unit test. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org