[GitHub] [kafka] d8tltanc commented on a change in pull request #9485: KAKFA-10619: Idempotent producer will get authorized once it has a WRITE access to at least one topic

GitBox Thu, 10 Dec 2020 21:47:11 -0800


d8tltanc commented on a change in pull request #9485:
URL: https://github.com/apache/kafka/pull/9485#discussion_r540706117




##########
File path: 
core/src/test/scala/unit/kafka/security/authorizer/AclAuthorizerTest.scala
##########
@@ -1040,19 +1117,24 @@ class AclAuthorizerTest extends ZooKeeperTestHarness {
       securityProtocol, ClientInformation.EMPTY, false)
   }
 
-  private def authorize(authorizer: AclAuthorizer, requestContext: 
RequestContext, operation: AclOperation, resource: ResourcePattern): Boolean = {
+  private def authorize(authorizer: Authorizer, requestContext: 
RequestContext, operation: AclOperation, resource: ResourcePattern): Boolean = {
     val action = new Action(operation, resource, 1, true, true)
     authorizer.authorize(requestContext, List(action).asJava).asScala.head == 
AuthorizationResult.ALLOWED
   }
 
-  private def addAcls(authorizer: AclAuthorizer, aces: 
Set[AccessControlEntry], resourcePattern: ResourcePattern): Unit = {
+  private def authorizeByResourceType(authorizer: Authorizer, requestContext: 
RequestContext, operation: AclOperation, resourceType: ResourceType) : Boolean 
= {
+    authorizer.authorizeByResourceType(requestContext, operation, 
resourceType) == AuthorizationResult.ALLOWED
+  }
+
+  private def addAcls(authorizer: Authorizer, aces: Set[AccessControlEntry], 
resourcePattern: ResourcePattern): Unit = {
     val bindings = aces.map { ace => new AclBinding(resourcePattern, ace) }
     authorizer.createAcls(requestContext, bindings.toList.asJava).asScala
       .map(_.toCompletableFuture.get)
       .foreach { result => result.exception.ifPresent { e => throw e } }
+    aclAdded += Tuple3(authorizer, aces, resourcePattern)
   }
 
-  private def removeAcls(authorizer: AclAuthorizer, aces: 
Set[AccessControlEntry], resourcePattern: ResourcePattern): Boolean = {
+  private def removeAcls(authorizer: Authorizer, aces: 
Set[AccessControlEntry], resourcePattern: ResourcePattern): Boolean = {

Review comment:
       Since `AuthorizerInterfaceDefaultTest`, `AclAuthorizerTest`, and 
`AuthorizerWrapperTest` are sharing some test utils, we need to make this 
method signature abstract a bit, in order to make it usable by 
AuthorizerTestFactory.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [kafka] d8tltanc commented on a change in pull request #9485: KAKFA-10619: Idempotent producer will get authorized once it has a WRITE access to at least one topic

Reply via email to