New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KAFKA-8760; New Java Authorizer API (KIP-504) #7268
KAFKA-8760; New Java Authorizer API (KIP-504) #7268
Conversation
322e6fb
to
a3901b6
Compare
def authorizeTopicDescribe(partition: TopicPartition) = | ||
authorize(request.session, Describe, Resource(Topic, partition.topic, LITERAL)) | ||
def partitionAuthorized[T](elements: List[T], topic: T => String): (Seq[T], Seq[T]) = { | ||
val authorizedTopics = filterAuthorized(request, DESCRIBE, TOPIC, elements.toList.map(topic)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: elements.toList.map(topic) => elements.map(topic)
|
||
@Test | ||
def testNoAclFound(): Unit = { | ||
assertFalse("when acls = [], authorizer should deny op.",authorize(aclAuthorizer, requestContext, READ, resource)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: missing space between arguments
val ZkUrlProp = AclAuthorizer.ZkUrlProp | ||
val ZkConnectionTimeOutProp = AclAuthorizer.ZkConnectionTimeOutProp | ||
val ZkSessionTimeOutProp = AclAuthorizer.ZkSessionTimeOutProp | ||
val ZkMaxInFlightRequests = AclAuthorizer.ZkSessionTimeOutProp |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AclAuthorizer.ZkSessionTimeOutProp => AclAuthorizer.ZkMaxInFlightRequests
} | ||
|
||
@Test(expected = classOf[IllegalArgumentException]) | ||
def testAuthorizeThrowsOnNoneLiteralResource(): Unit = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: testAuthorizeThrowsOnNoneLiteralResource => testAuthorizeThrowsOnNonLiteralResource
@omkreddy Thanks for the review, updated the PR. |
@rajinisivaram Thanks for the PR. LGTM. |
@omkreddy Thanks for the review, merging to trunk. |
* Returns any exception during create. If exception is null, the request has succeeded. | ||
*/ | ||
public ApiException exception() { | ||
return exception; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did we consider using Optional here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point, opened another PR for this: #7294
|
||
private final ApiException exception; | ||
|
||
public AclCreateResult() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be private given SUCCESS?
New Java Authorizer API and a new out-of-the-box authorizer that implements the new interface.
Committer Checklist (excluded from commit message)