lucasbru commented on code in PR #19978:
URL: https://github.com/apache/kafka/pull/19978#discussion_r2152165317
##########
core/src/test/scala/integration/kafka/api/AuthorizerIntegrationTest.scala:
##########
@@ -3612,6 +3659,200 @@ class AuthorizerIntegrationTest extends
AbstractAuthorizerIntegrationTest {
assertEquals(Errors.TOPIC_AUTHORIZATION_FAILED.code,
response.data.responses.stream().findFirst().get().partitions.get(0).errorCode,
s"Unexpected response $response")
}
+ @ParameterizedTest
+ @CsvSource(Array(
+ "true, false, false, false",
+ "false, true, false, false",
Review Comment:
The point is just to try to use `topic` in each of the four fields. Using
them in two fields at the same time wouldn't improve coverage.
##########
core/src/main/scala/kafka/server/KafkaApis.scala:
##########
@@ -2792,11 +2792,19 @@ class KafkaApis(val requestChannel: RequestChannel,
if (responseData.status() == null) {
responseData.setStatus(new util.ArrayList());
}
- responseData.status().add(
- new StreamsGroupHeartbeatResponseData.Status()
-
.setStatusCode(StreamsGroupHeartbeatResponse.Status.MISSING_INTERNAL_TOPICS.code())
- .setStatusDetail("Unauthorized to CREATE on topics " +
createTopicUnauthorized.mkString(",") + ".")
- )
+ val missingInternalTopicStatus =
+ responseData.status().stream().filter(x => x.statusCode() ==
StreamsGroupHeartbeatResponse.Status.MISSING_INTERNAL_TOPICS.code()).findFirst()
+ if (missingInternalTopicStatus.isPresent) {
+ missingInternalTopicStatus.get().setStatusDetail(
+ missingInternalTopicStatus.get().statusDetail() + ";
Unauthorized to CREATE on topics " + createTopicUnauthorized.mkString(",") + "."
+ )
+ } else {
+ responseData.status().add(
Review Comment:
You are ;). If updates the existing list item, else adds a new list item.
It's just nicer to not produce two "status" with the same Status enum.
Semantically, we want a map StatusEnum -> Message, but maps are not supported
by the kafka protocol generated messages.
##########
core/src/test/scala/integration/kafka/api/AuthorizerIntegrationTest.scala:
##########
@@ -3612,6 +3659,200 @@ class AuthorizerIntegrationTest extends
AbstractAuthorizerIntegrationTest {
assertEquals(Errors.TOPIC_AUTHORIZATION_FAILED.code,
response.data.responses.stream().findFirst().get().partitions.get(0).errorCode,
s"Unexpected response $response")
}
+ @ParameterizedTest
+ @CsvSource(Array(
+ "true, false, false, false",
+ "false, true, false, false",
+ "false, false, true, false",
+ "false, false, false, true"
+ ))
+ def testStreamsGroupHeartbeatWithGroupReadAndTopicDescribeAcl(
+
topicAsSourceTopic: Boolean,
+
topicAsRepartitionSinkTopic: Boolean,
+
topicAsRepartitionSourceTopic: Boolean,
+
topicAsStateChangelogTopics: Boolean
+ ): Unit = {
+ addAndVerifyAcls(streamsGroupReadAcl(streamsGroupResource),
streamsGroupResource)
+ addAndVerifyAcls(sourceTopicDescribeAcl(sourceTopicResource),
sourceTopicResource) // Always added, since we need a source topic
+ addAndVerifyAcls(topicDescribeAcl(topicResource), topicResource)
+
+ val request = streamsGroupHeartbeatRequest(
+ topicAsSourceTopic,
+ topicAsRepartitionSinkTopic,
+ topicAsRepartitionSourceTopic,
+ topicAsStateChangelogTopics
+ )
+ val resource = Set[ResourceType](GROUP, TOPIC)
+ sendRequestAndVerifyResponseError(request, resource, isAuthorized = true)
+ }
+
+ @ParameterizedTest
+ @CsvSource(Array(
+ "true, false, false, false",
+ "false, true, false, false",
Review Comment:
The point is just to try to use `topic` in each of the four fields. Using
them in two fields at the same time wouldn't improve coverage.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
