chia7712 commented on code in PR #19635:
URL: https://github.com/apache/kafka/pull/19635#discussion_r2078953931
##########
core/src/main/scala/kafka/server/KafkaApis.scala:
##########
@@ -411,10 +411,8 @@ class KafkaApis(val requestChannel: RequestChannel,
}
val topicPartition = new TopicPartition(topicName, partition.index())
- if (topicName.isEmpty)
+ if (topicName.isEmpty && !topic.topicId().equals(Uuid.ZERO_UUID))
Review Comment:
Could you please comments for this check?
##########
core/src/test/scala/integration/kafka/api/AuthorizerIntegrationTest.scala:
##########
@@ -974,19 +1013,29 @@ class AuthorizerIntegrationTest extends
AbstractAuthorizerIntegrationTest {
}
}
- /*
- * even if the topic doesn't exist, request APIs should not leak the topic
name
+ /**
+ * Test that the fetch request fails with TOPIC_AUTHORIZATION_FAILED if the
client doesn't have permission
+ * and topic name is used in the request. Even if the topic doesn't exist,
we return TOPIC_AUTHORIZATION_FAILED to
+ * prevent leaking the topic name.
+ * This case covers fetch request version from oldest to 12.
+ * The newer version is covered by testAuthorizationWithTopicNotExisting.
*/
@ParameterizedTest
- @ValueSource(strings = Array("kraft"))
- def testAuthorizationFetchV12WithTopicNotExisting(quorum: String): Unit = {
+ @CsvSource(value = Array("false", "true"))
Review Comment:
could you please use `@ValueSource(booleans = Array(true, false))` instead?
##########
core/src/main/scala/kafka/server/KafkaApis.scala:
##########
@@ -411,10 +411,8 @@ class KafkaApis(val requestChannel: RequestChannel,
}
val topicPartition = new TopicPartition(topicName, partition.index())
- if (topicName.isEmpty)
+ if (topicName.isEmpty && !topic.topicId().equals(Uuid.ZERO_UUID))
Review Comment:
BTW, do we have test for this case?
##########
core/src/test/scala/integration/kafka/api/AuthorizerIntegrationTest.scala:
##########
@@ -924,6 +924,45 @@ class AuthorizerIntegrationTest extends
AbstractAuthorizerIntegrationTest {
sendRequests(requestKeyToRequest, false, topicNames)
}
+ /**
+ * Test that the produce request fails with TOPIC_AUTHORIZATION_FAILED if
the client doesn't have permission
+ * and topic name is used in the request. Even if the topic doesn't exist,
we return TOPIC_AUTHORIZATION_FAILED to
+ * prevent leaking the topic name.
+ * This case covers produce request version from oldest to 12.
+ * The newer version is covered by testAuthorizationWithTopicNotExisting.
+ */
+ @ParameterizedTest
+ @CsvSource(value = Array("false", "true"))
Review Comment:
could you please use `@ValueSource(booleans = Array(true, false))` instead?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
