kafka-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jun...@apache.org
Subject kafka git commit: KAFKA-5333; Remove Broker ACL resource type
Date Fri, 26 May 2017 22:25:16 GMT
Repository: kafka
Updated Branches:
  refs/heads/0.11.0 012332042 -> 3066b2d88


KAFKA-5333; Remove Broker ACL resource type

Author: Ismael Juma <ismael@juma.me.uk>

Reviewers: Jun Rao <junrao@gmail.com>

Closes #3154 from ijuma/kafka-5333-remove-broker-acl-resource-type

(cherry picked from commit 68eed84f24a4771ccd805d8f39340eb7599df2ed)
Signed-off-by: Jun Rao <junrao@gmail.com>


Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/3066b2d8
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/3066b2d8
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/3066b2d8

Branch: refs/heads/0.11.0
Commit: 3066b2d8864e9aa88bca1633b49289664a31fc80
Parents: 0123320
Author: Ismael Juma <ismael@juma.me.uk>
Authored: Fri May 26 15:25:02 2017 -0700
Committer: Jun Rao <junrao@gmail.com>
Committed: Fri May 26 15:25:13 2017 -0700

----------------------------------------------------------------------
 .../errors/BrokerAuthorizationException.java    | 23 --------------------
 .../apache/kafka/common/protocol/Errors.java    |  7 ------
 .../src/main/scala/kafka/admin/AclCommand.scala | 10 ---------
 .../kafka/security/auth/ResourceType.scala      |  7 +-----
 .../src/main/scala/kafka/server/KafkaApis.scala |  9 +++-----
 .../scala/unit/kafka/admin/AclCommandTest.scala |  3 ---
 6 files changed, 4 insertions(+), 55 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/kafka/blob/3066b2d8/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java
b/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java
deleted file mode 100644
index 9f7211e..0000000
--- a/clients/src/main/java/org/apache/kafka/common/errors/BrokerAuthorizationException.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.kafka.common.errors;
-
-public class BrokerAuthorizationException extends ApiException {
-    public BrokerAuthorizationException(final String message) {
-        super(message);
-    }
-}

http://git-wip-us.apache.org/repos/asf/kafka/blob/3066b2d8/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
----------------------------------------------------------------------
diff --git a/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java b/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
index 9444eb5..dd02ff0 100644
--- a/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
+++ b/clients/src/main/java/org/apache/kafka/common/protocol/Errors.java
@@ -17,7 +17,6 @@
 package org.apache.kafka.common.protocol;
 
 import org.apache.kafka.common.errors.ApiException;
-import org.apache.kafka.common.errors.BrokerAuthorizationException;
 import org.apache.kafka.common.errors.BrokerNotAvailableException;
 import org.apache.kafka.common.errors.ClusterAuthorizationException;
 import org.apache.kafka.common.errors.ConcurrentTransactionsException;
@@ -487,12 +486,6 @@ public enum Errors {
         public ApiException build(String message) {
             return new SecurityDisabledException(message);
         }
-    }),
-    BROKER_AUTHORIZATION_FAILED(55, "Broker authorization failed", new ApiExceptionBuilder()
{
-        @Override
-        public ApiException build(String message) {
-            return new BrokerAuthorizationException(message);
-        }
     });
              
     private interface ApiExceptionBuilder {

http://git-wip-us.apache.org/repos/asf/kafka/blob/3066b2d8/core/src/main/scala/kafka/admin/AclCommand.scala
----------------------------------------------------------------------
diff --git a/core/src/main/scala/kafka/admin/AclCommand.scala b/core/src/main/scala/kafka/admin/AclCommand.scala
index e02b5dc..47659a9 100644
--- a/core/src/main/scala/kafka/admin/AclCommand.scala
+++ b/core/src/main/scala/kafka/admin/AclCommand.scala
@@ -31,7 +31,6 @@ object AclCommand {
 
   val Newline = scala.util.Properties.lineSeparator
   val ResourceTypeToValidOperations = Map[ResourceType, Set[Operation]] (
-    Broker -> Set(DescribeConfigs),
     Topic -> Set(Read, Write, Describe, Delete, DescribeConfigs, AlterConfigs, All),
     Group -> Set(Read, Describe, All),
     Cluster -> Set(Create, ClusterAction, DescribeConfigs, AlterConfigs, IdempotentWrite,
All),
@@ -243,9 +242,6 @@ object AclCommand {
     if (opts.options.has(opts.groupOpt))
       opts.options.valuesOf(opts.groupOpt).asScala.foreach(group => resources += new Resource(Group,
group.trim))
 
-    if (opts.options.has(opts.brokerOpt))
-      opts.options.valuesOf(opts.brokerOpt).asScala.foreach(broker => resources += new
Resource(Broker, broker.toString))
-
     if (opts.options.has(opts.transactionalIdOpt))
       opts.options.valuesOf(opts.transactionalIdOpt).asScala.foreach(transactionalId =>
         resources += new Resource(TransactionalId, transactionalId))
@@ -298,12 +294,6 @@ object AclCommand {
       .describedAs("group")
       .ofType(classOf[String])
 
-    val brokerOpt = parser.accepts("broker", "broker to which the ACLs should be added or
removed. " +
-      "A value of * indicates the ACLs should apply to all brokers.")
-      .withRequiredArg
-      .describedAs("broker")
-      .ofType(classOf[Int])
-
     val transactionalIdOpt = parser.accepts("transactional-id", "The transactionalId to which
ACLs should " +
       "be added or removed. A value of * indicates the ACLs should apply to all transactionalIds.")
       .withRequiredArg

http://git-wip-us.apache.org/repos/asf/kafka/blob/3066b2d8/core/src/main/scala/kafka/security/auth/ResourceType.scala
----------------------------------------------------------------------
diff --git a/core/src/main/scala/kafka/security/auth/ResourceType.scala b/core/src/main/scala/kafka/security/auth/ResourceType.scala
index 9cfe1cd..4deb23b 100644
--- a/core/src/main/scala/kafka/security/auth/ResourceType.scala
+++ b/core/src/main/scala/kafka/security/auth/ResourceType.scala
@@ -26,11 +26,6 @@ case object Cluster extends ResourceType {
   val error = Errors.CLUSTER_AUTHORIZATION_FAILED
 }
 
-case object Broker extends ResourceType {
-  val name = "Broker"
-  val error = Errors.BROKER_AUTHORIZATION_FAILED
-}
-
 case object Topic extends ResourceType {
   val name = "Topic"
   val error = Errors.TOPIC_AUTHORIZATION_FAILED
@@ -53,5 +48,5 @@ object ResourceType {
     rType.getOrElse(throw new KafkaException(resourceType + " not a valid resourceType name.
The valid names are " + values.mkString(",")))
   }
 
-  def values: Seq[ResourceType] = List(Cluster, Topic, Group, TransactionalId, Broker)
+  def values: Seq[ResourceType] = List(Cluster, Topic, Group, TransactionalId)
 }

http://git-wip-us.apache.org/repos/asf/kafka/blob/3066b2d8/core/src/main/scala/kafka/server/KafkaApis.scala
----------------------------------------------------------------------
diff --git a/core/src/main/scala/kafka/server/KafkaApis.scala b/core/src/main/scala/kafka/server/KafkaApis.scala
index 473d108..fb69c50 100644
--- a/core/src/main/scala/kafka/server/KafkaApis.scala
+++ b/core/src/main/scala/kafka/server/KafkaApis.scala
@@ -1957,8 +1957,7 @@ class KafkaApis(val requestChannel: RequestChannel,
     val (authorizedResources, unauthorizedResources) = alterConfigsRequest.configs.asScala.partition
{ case (resource, _) =>
       resource.`type` match {
         case RResourceType.BROKER =>
-          authorize(request.session, AlterConfigs, new Resource(Broker, resource.name)) ||
-            authorize(request.session, AlterConfigs, Resource.ClusterResource)
+          authorize(request.session, AlterConfigs, Resource.ClusterResource)
         case RResourceType.TOPIC =>
           authorize(request.session, AlterConfigs, new Resource(Topic, resource.name)) ||
             authorize(request.session, AlterConfigs, Resource.ClusterResource)
@@ -1975,7 +1974,7 @@ class KafkaApis(val requestChannel: RequestChannel,
 
   private def configsAuthorizationApiError(session: RequestChannel.Session, resource: RResource):
ApiError = {
     val error = resource.`type` match {
-      case RResourceType.BROKER => Errors.BROKER_AUTHORIZATION_FAILED
+      case RResourceType.BROKER => Errors.CLUSTER_AUTHORIZATION_FAILED
       case RResourceType.TOPIC =>
         // Don't leak topic name unless the user has describe topic permission
         if (authorize(session, Describe, new Resource(Topic, resource.name)))
@@ -1991,9 +1990,7 @@ class KafkaApis(val requestChannel: RequestChannel,
     val describeConfigsRequest = request.body[DescribeConfigsRequest]
     val (authorizedResources, unauthorizedResources) = describeConfigsRequest.resources.asScala.partition
{ resource =>
       resource.`type` match {
-        case RResourceType.BROKER =>
-          authorize(request.session, DescribeConfigs, new Resource(Broker, resource.name))
||
-            authorize(request.session, DescribeConfigs, Resource.ClusterResource)
+        case RResourceType.BROKER => authorize(request.session, DescribeConfigs, Resource.ClusterResource)
         case RResourceType.TOPIC =>
           authorize(request.session, DescribeConfigs, new Resource(Topic, resource.name))
||
             authorize(request.session, DescribeConfigs, Resource.ClusterResource)

http://git-wip-us.apache.org/repos/asf/kafka/blob/3066b2d8/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
----------------------------------------------------------------------
diff --git a/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala b/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
index f379585..ecf3427 100644
--- a/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
+++ b/core/src/test/scala/unit/kafka/admin/AclCommandTest.scala
@@ -35,14 +35,12 @@ class AclCommandTest extends ZooKeeperTestHarness with Logging {
 
   private val TopicResources = Set(new Resource(Topic, "test-1"), new Resource(Topic, "test-2"))
   private val GroupResources = Set(new Resource(Group, "testGroup-1"), new Resource(Group,
"testGroup-2"))
-  private val BrokerResources = Set(new Resource(Broker, "0"), new Resource(Broker, "1"))
   private val TransactionalIdResources = Set(new Resource(TransactionalId, "t0"), new Resource(TransactionalId,
"t1"))
 
   private val ResourceToCommand = Map[Set[Resource], Array[String]](
     TopicResources -> Array("--topic", "test-1", "--topic", "test-2"),
     Set(Resource.ClusterResource) -> Array("--cluster"),
     GroupResources -> Array("--group", "testGroup-1", "--group", "testGroup-2"),
-    BrokerResources -> Array("--broker", "0", "--broker", "1"),
     TransactionalIdResources -> Array("--transactional-id", "t0", "--transactional-id",
"t1")
   )
 
@@ -54,7 +52,6 @@ class AclCommandTest extends ZooKeeperTestHarness with Logging {
       Array("--operation", "Create", "--operation", "ClusterAction", "--operation", "DescribeConfigs",
         "--operation", "AlterConfigs", "--operation", "IdempotentWrite")),
     GroupResources -> (Set(Read, Describe), Array("--operation", "Read", "--operation",
"Describe")),
-    BrokerResources -> (Set(DescribeConfigs), Array("--operation", "DescribeConfigs")),
     TransactionalIdResources -> (Set(Describe, Write), Array("--operation", "Describe",
"--operation", "Write"))
   )
 


Mime
View raw message