d8tltanc commented on a change in pull request #9485:
URL: https://github.com/apache/kafka/pull/9485#discussion_r545471749
##########
File path: core/src/main/scala/kafka/security/authorizer/AclAuthorizer.scala
##########
@@ -304,6 +309,137 @@ class AclAuthorizer extends Authorizer with Logging {
if (zkClient != null) zkClient.close()
}
+ override def authorizeByResourceType(requestContext:
AuthorizableRequestContext,
+ op: AclOperation,
+ resourceType: ResourceType):
AuthorizationResult = {
+ SecurityUtils.authorizeByResourceTypeCheckArgs(op, resourceType)
+
+ val principal = new KafkaPrincipal(
+ requestContext.principal().getPrincipalType,
+ requestContext.principal().getName)
+
+ if (isSuperUser(principal))
+ return AuthorizationResult.ALLOWED
+
+ val principalStr = principal.toString
+
+ val host = requestContext.clientAddress().getHostAddress
+ val action = new Action(op, new ResourcePattern(resourceType, "NONE",
PatternType.UNKNOWN), 0, true, true)
Review comment:
```
public ResourcePattern(ResourceType resourceType, String name,
PatternType patternType) {
this.resourceType = Objects.requireNonNull(resourceType,
"resourceType");
this.name = Objects.requireNonNull(name, "name");
this.patternType = Objects.requireNonNull(patternType,
"patternType");
if (resourceType == ResourceType.ANY) {
throw new IllegalArgumentException("resourceType must not be
ANY");
}
if (patternType == PatternType.MATCH || patternType ==
PatternType.ANY) {
throw new IllegalArgumentException("patternType must not be " +
patternType);
}
}
```
I think the ResourcePattern constructor is preventing us passing
PatternType.ANY. It's only usable with Filter.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
