TaiJuWu commented on code in PR #18578:
URL: https://github.com/apache/kafka/pull/18578#discussion_r1918916873
##########
core/src/test/scala/unit/kafka/server/KafkaApisTest.scala:
##########
@@ -3561,6 +3561,115 @@ class KafkaApisTest extends Logging {
assertEquals(Set(0), response.brokers.asScala.map(_.id).toSet)
}
+ @Test
+ def testUnauthorizedTopicMetadataRequest(): Unit = {
+ // 1. Set up broker information
+ val plaintextListener =
ListenerName.forSecurityProtocol(SecurityProtocol.PLAINTEXT)
+ val broker = new UpdateMetadataBroker()
+ .setId(0)
+ .setRack("rack")
+ .setEndpoints(Seq(
+ new UpdateMetadataEndpoint()
+ .setHost("broker0")
+ .setPort(9092)
+ .setSecurityProtocol(SecurityProtocol.PLAINTEXT.id)
+ .setListener(plaintextListener.value)
+ ).asJava)
+
+ // 2. Set up authorizer
+ val authorizer: Authorizer = mock(classOf[Authorizer])
+ val unauthorizedTopic = "unauthorized-topic"
+ val authorizedTopic = "authorized-topic"
+
+ val expectedActions = Seq(
+ new Action(AclOperation.DESCRIBE, new
ResourcePattern(ResourceType.TOPIC, unauthorizedTopic, PatternType.LITERAL), 1,
true, true),
+ new Action(AclOperation.DESCRIBE, new
ResourcePattern(ResourceType.TOPIC, authorizedTopic, PatternType.LITERAL), 1,
true, true)
+ )
+
+ when(authorizer.authorize(any[RequestContext], argThat((t:
java.util.List[Action]) => t.containsAll(expectedActions.asJava))))
+ .thenAnswer { invocation =>
+ val actions =
invocation.getArgument(1).asInstanceOf[util.List[Action]].asScala
+ actions.map { action =>
+ if (action.resourcePattern().name().equals(authorizedTopic))
+ AuthorizationResult.ALLOWED
+ else
+ AuthorizationResult.DENIED
+ }.asJava
+ }
+
+ // 3. Set up MetadataCache
+ val authorizedTopicId = Uuid.randomUuid()
+ val unauthorizedTopicId = Uuid.randomUuid()
+
+ val topicIds = new util.HashMap[String, Uuid]()
+ topicIds.put(authorizedTopic, authorizedTopicId)
+ topicIds.put(unauthorizedTopic, unauthorizedTopicId)
+
+ def createDummyPartitionStates(topic: String) = {
+ new UpdateMetadataPartitionState()
+ .setTopicName(topic)
+ .setPartitionIndex(0)
+ .setControllerEpoch(0)
+ .setLeader(0)
+ .setLeaderEpoch(0)
+ .setReplicas(Collections.singletonList(0))
+ .setZkVersion(0)
+ .setIsr(Collections.singletonList(0))
+ }
+
+ // Send UpdateMetadataReq to update MetadataCache
+ val partitionStates = Seq(unauthorizedTopic,
authorizedTopic).map(createDummyPartitionStates)
+
+ val updateMetadataRequest = new
UpdateMetadataRequest.Builder(ApiKeys.UPDATE_METADATA.latestVersion, 0,
+ 0, 0, partitionStates.asJava, Seq(broker).asJava, topicIds).build()
+ MetadataCacheTest.updateCache(metadataCache, updateMetadataRequest)
Review Comment:
Yes, this is already trace by
https://issues.apache.org/jira/browse/KAFKA-18540.
I will handle it ASAP.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
