dongnuo123 commented on code in PR #18989:
URL: https://github.com/apache/kafka/pull/18989#discussion_r1966119154
##########
core/src/main/scala/kafka/server/KafkaApis.scala:
##########
@@ -2592,6 +2607,32 @@ class KafkaApis(val requestChannel: RequestChannel,
response.groups.addAll(results)
}
+ // Clients are not allowed to see topics that are not authorized for
Describe.
+ var topicsToCheck = Set[String]()
+ response.groups.forEach(_.members.forEach { member =>
+ List(member.assignment, member.targetAssignment).foreach {
assignment =>
+ assignment.topicPartitions.asScala.foreach { tp =>
+ topicsToCheck += tp.topicName
+ }
+ }
+ })
+ val authorizedTopics =
authHelper.filterByAuthorized(request.context, DESCRIBE, TOPIC,
Review Comment:
I don't quite follow this. `topicsToCheck` should have all the topics of all
described groups, and we loop through all the groups and set a group with error
if it has topic that isn't in `authorizedTopics`, so it's still possible for
the caller to see group A but not group B(?)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
