kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rsiva...@apache.org
Subject [kafka] branch 2.1 updated: KAFKA-7702: Fix matching of prefixed ACLs to match single char prefix (#5994)
Date Tue, 04 Dec 2018 09:51:19 GMT
This is an automated email from the ASF dual-hosted git repository.

rsivaram pushed a commit to branch 2.1
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/2.1 by this push:
     new e25186a  KAFKA-7702: Fix matching of prefixed ACLs to match single char prefix (#5994)
e25186a is described below

commit e25186a1c94416795b122214823bdc3802df3928
Author: Rajini Sivaram <rajinisivaram@googlemail.com>
AuthorDate: Tue Dec 4 09:44:11 2018 +0000

    KAFKA-7702: Fix matching of prefixed ACLs to match single char prefix (#5994)
    
    Reviewers: Jun Rao <junrao@gmail.com>
---
 .../main/scala/kafka/security/auth/SimpleAclAuthorizer.scala |  7 +++----
 .../unit/kafka/security/auth/SimpleAclAuthorizerTest.scala   | 12 ++++++++++++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
index 892377c..8a0b4a0 100644
--- a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
+++ b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
@@ -239,10 +239,9 @@ class SimpleAclAuthorizer extends Authorizer with Logging {
         .map(_.acls)
         .getOrElse(Set.empty[Acl])
 
-      val prefixed = aclCache.range(
-        Resource(resourceType, resourceName, PatternType.PREFIXED),
-        Resource(resourceType, resourceName.take(1), PatternType.PREFIXED)
-      )
+      val prefixed = aclCache
+        .from(Resource(resourceType, resourceName, PatternType.PREFIXED))
+        .to(Resource(resourceType, resourceName.take(1), PatternType.PREFIXED))
         .filterKeys(resource => resourceName.startsWith(resource.name))
         .flatMap { case (resource, versionedAcls) => versionedAcls.acls }
         .toSet
diff --git a/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala b/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
index 5461413..1468003 100644
--- a/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
+++ b/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
@@ -630,6 +630,18 @@ class SimpleAclAuthorizerTest extends ZooKeeperTestHarness {
   }
 
   @Test
+  def testSingleCharacterResourceAcls(): Unit = {
+    simpleAclAuthorizer.addAcls(Set[Acl](allowReadAcl), Resource(Topic, "f", LITERAL))
+    assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "f", LITERAL)))
+    assertFalse(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "foo", LITERAL)))
+
+    simpleAclAuthorizer.addAcls(Set[Acl](allowReadAcl), Resource(Topic, "_", PREFIXED))
+    assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "_foo", LITERAL)))
+    assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "_", LITERAL)))
+    assertFalse(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "foo_", LITERAL)))
+  }
+
+  @Test
   def testGetAclsPrincipal(): Unit = {
     val aclOnSpecificPrincipal = new Acl(principal, Allow, WildCardHost, Write)
     simpleAclAuthorizer.addAcls(Set[Acl](aclOnSpecificPrincipal), resource)


Mime
View raw message