Dhruvil Shah created KAFKA-9956:
-----------------------------------
Summary: Authorizer APIs may be invoked more than once for a given
request
Key: KAFKA-9956
URL: https://issues.apache.org/jira/browse/KAFKA-9956
Project: Kafka
Issue Type: Bug
Reporter: Dhruvil Shah
Authorizer#authorize may be invoked more than once in some cases for a given
request. I noticed this in for `DescribeConfigsRequest` but other requests
could be affected as well.
The reason for this is the misuse of the scala `partition` API in code like
this:
{code:java}
val (authorizedResources, unauthorizedResources) =
describeConfigsRequest.resources.asScala.partition { resource =>
resource.`type` match {
case ConfigResource.Type.BROKER | ConfigResource.Type.BROKER_LOGGER =>
authorize(request.context, DESCRIBE_CONFIGS, CLUSTER, CLUSTER_NAME)
case ConfigResource.Type.TOPIC =>
authorize(request.context, DESCRIBE_CONFIGS, TOPIC, resource.name)
case rt => throw new InvalidRequestException(s"Unexpected resource type $rt
for resource ${resource.name}")
}
}
{code}
As per Scala docs, the `partition` API could traverse the collection twice,
depending on the implementation.
[https://www.scala-lang.org/api/current/scala/collection/Iterable.html#partition(p:A=%3EBoolean):(C,C)]
It is also not a good practice to include side effects as part of the lambda
passed into `partition`. We should clean up such usages.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
