From commits-return-10835-archive-asf-public=cust-asf.ponee.io@kafka.apache.org  Tue Dec  4 10:51:22 2018
Return-Path: <commits-return-10835-archive-asf-public=cust-asf.ponee.io@kafka.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id AD61A180652
	for <archive-asf-public@cust-asf.ponee.io>; Tue,  4 Dec 2018 10:51:21 +0100 (CET)
Received: (qmail 65532 invoked by uid 500); 4 Dec 2018 09:51:20 -0000
Mailing-List: contact commits-help@kafka.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@kafka.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@kafka.apache.org>
List-Post: <mailto:commits@kafka.apache.org>
List-Id: <commits.kafka.apache.org>
Reply-To: dev@kafka.apache.org
Delivered-To: mailing list commits@kafka.apache.org
Received: (qmail 65523 invoked by uid 99); 4 Dec 2018 09:51:20 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Dec 2018 09:51:20 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id 146DD89B32; Tue,  4 Dec 2018 09:51:20 +0000 (UTC)
Date: Tue, 04 Dec 2018 09:51:19 +0000
To: "commits@kafka.apache.org" <commits@kafka.apache.org>
Subject: [kafka] branch 2.1 updated: KAFKA-7702: Fix matching of prefixed
 ACLs to match single char prefix (#5994)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <154391707839.27979.6212021326777242799@gitbox.apache.org>
From: rsivaram@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: kafka
X-Git-Refname: refs/heads/2.1
X-Git-Reftype: branch
X-Git-Oldrev: 975aeda906218b95aaa8ab8a1ea130f6980df21b
X-Git-Newrev: e25186a1c94416795b122214823bdc3802df3928
X-Git-Rev: e25186a1c94416795b122214823bdc3802df3928
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated

This is an automated email from the ASF dual-hosted git repository.

rsivaram pushed a commit to branch 2.1
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/2.1 by this push:
     new e25186a  KAFKA-7702: Fix matching of prefixed ACLs to match single char prefix (#5994)
e25186a is described below

commit e25186a1c94416795b122214823bdc3802df3928
Author: Rajini Sivaram <rajinisivaram@googlemail.com>
AuthorDate: Tue Dec 4 09:44:11 2018 +0000

    KAFKA-7702: Fix matching of prefixed ACLs to match single char prefix (#5994)
    
    Reviewers: Jun Rao <junrao@gmail.com>
---
 .../main/scala/kafka/security/auth/SimpleAclAuthorizer.scala |  7 +++----
 .../unit/kafka/security/auth/SimpleAclAuthorizerTest.scala   | 12 ++++++++++++
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
index 892377c..8a0b4a0 100644
--- a/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
+++ b/core/src/main/scala/kafka/security/auth/SimpleAclAuthorizer.scala
@@ -239,10 +239,9 @@ class SimpleAclAuthorizer extends Authorizer with Logging {
         .map(_.acls)
         .getOrElse(Set.empty[Acl])
 
-      val prefixed = aclCache.range(
-        Resource(resourceType, resourceName, PatternType.PREFIXED),
-        Resource(resourceType, resourceName.take(1), PatternType.PREFIXED)
-      )
+      val prefixed = aclCache
+        .from(Resource(resourceType, resourceName, PatternType.PREFIXED))
+        .to(Resource(resourceType, resourceName.take(1), PatternType.PREFIXED))
         .filterKeys(resource => resourceName.startsWith(resource.name))
         .flatMap { case (resource, versionedAcls) => versionedAcls.acls }
         .toSet
diff --git a/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala b/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
index 5461413..1468003 100644
--- a/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
+++ b/core/src/test/scala/unit/kafka/security/auth/SimpleAclAuthorizerTest.scala
@@ -630,6 +630,18 @@ class SimpleAclAuthorizerTest extends ZooKeeperTestHarness {
   }
 
   @Test
+  def testSingleCharacterResourceAcls(): Unit = {
+    simpleAclAuthorizer.addAcls(Set[Acl](allowReadAcl), Resource(Topic, "f", LITERAL))
+    assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "f", LITERAL)))
+    assertFalse(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "foo", LITERAL)))
+
+    simpleAclAuthorizer.addAcls(Set[Acl](allowReadAcl), Resource(Topic, "_", PREFIXED))
+    assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "_foo", LITERAL)))
+    assertTrue(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "_", LITERAL)))
+    assertFalse(simpleAclAuthorizer.authorize(session, Read, Resource(Topic, "foo_", LITERAL)))
+  }
+
+  @Test
   def testGetAclsPrincipal(): Unit = {
     val aclOnSpecificPrincipal = new Acl(principal, Allow, WildCardHost, Write)
     simpleAclAuthorizer.addAcls(Set[Acl](aclOnSpecificPrincipal), resource)