Re: [PR] KAFKA-19234: broker should return UNAUTHORIZATION error for non-existing topic in produce request [kafka]

Tue, 06 May 2025 10:09:37 -0700 


junrao commented on code in PR #19635:
URL: https://github.com/apache/kafka/pull/19635#discussion_r2075919800


##########
core/src/test/scala/integration/kafka/api/AuthorizerIntegrationTest.scala:
##########
@@ -924,6 +924,55 @@ class AuthorizerIntegrationTest extends 
AbstractAuthorizerIntegrationTest {
     sendRequests(requestKeyToRequest, false, topicNames)
   }
 
+  /**
+   * Test that the produce request fails with TOPIC_AUTHORIZATION_FAILED if 
the topic does not exist from version 3 to 12.
+   * The version 13 is covered by testAuthorizationWithTopicNotExisting.
+   */
+  @Test
+  def 
testAuthorizationWithTopicNotExistingForProduceRequestVersionLessThan13(): Unit 
= {
+    authorizationForProduceRequestVersionLessThan13(false)
+  }
+
+  /**
+   * Test that the produce request fails with TOPIC_AUTHORIZATION_FAILED if 
the topic exists
+   * but the client doesn't have permission from version 3 to 12.
+   * The version 13 is covered by testAuthorizationWithTopicExisting.
+   */
+  @Test
+  def testAuthorizationWithTopicExistingForProduceRequestVersionLessThan13(): 
Unit = {
+    authorizationForProduceRequestVersionLessThan13(true)
+  }
+
+  def authorizationForProduceRequestVersionLessThan13(createTopic: Boolean): 
Unit = {
+    if (createTopic) {
+      sendRequests(mutable.Map(ApiKeys.CREATE_TOPICS -> createTopicsRequest))

Review Comment:
   Should we use `createTopicWithBrokerPrincipal()`? This will wait until the 
topic metadata is propagated to all brokers. Ditto for `authorizationFetchV12`.



##########
core/src/test/scala/integration/kafka/api/AuthorizerIntegrationTest.scala:
##########
@@ -924,6 +924,55 @@ class AuthorizerIntegrationTest extends 
AbstractAuthorizerIntegrationTest {
     sendRequests(requestKeyToRequest, false, topicNames)
   }
 
+  /**
+   * Test that the produce request fails with TOPIC_AUTHORIZATION_FAILED if 
the topic does not exist from version 3 to 12.
+   * The version 13 is covered by testAuthorizationWithTopicNotExisting.
+   */
+  @Test
+  def 
testAuthorizationWithTopicNotExistingForProduceRequestVersionLessThan13(): Unit 
= {
+    authorizationForProduceRequestVersionLessThan13(false)
+  }
+
+  /**
+   * Test that the produce request fails with TOPIC_AUTHORIZATION_FAILED if 
the topic exists
+   * but the client doesn't have permission from version 3 to 12.
+   * The version 13 is covered by testAuthorizationWithTopicExisting.
+   */
+  @Test
+  def testAuthorizationWithTopicExistingForProduceRequestVersionLessThan13(): 
Unit = {
+    authorizationForProduceRequestVersionLessThan13(true)
+  }
+
+  def authorizationForProduceRequestVersionLessThan13(createTopic: Boolean): 
Unit = {

Review Comment:
   Could this be private?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to