Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[improve][broker] Support get/remove permissions for AuthorizationProvider #20496

Merged
merged 13 commits into from
Jul 10, 2023
Merged

[improve][broker] Support get/remove permissions for AuthorizationProvider #20496

merged 13 commits into from
Jul 10, 2023

Conversation

Technoboy-
Copy link
Contributor

@Technoboy- Technoboy- commented Jun 5, 2023
edited
Loading

Motivation

This is a follow-up improvement for AuthorizationProvider. As discussed in the #20478-comment, we need more methods to avoid admin handling permissions directly.

Modification

  1. Add removePermissionsAsync: when deleting partitioned topics, we need to delete the authentication data.
  2. Add getPermissionsAsync: we have topic level API to get all the permissions. so we need this.
  3. Add getSubscriptionPermissionsAsync: we have topic level API to get all subscription permissions.
  4. Add getPermissionsAsync: we have namespace level API to get all the permissions.

Documentation

  • doc
  • doc-required
  • doc-not-needed
  • doc-complete

@Technoboy- Technoboy- self-assigned this Jun 5, 2023
@Technoboy- Technoboy- added this to the 3.1.0 milestone Jun 5, 2023
@github-actions github-actions bot added the doc-not-needed Your PR changes do not impact docs label Jun 5, 2023
michaeljmarshall
michaeljmarshall reviewed Jun 5, 2023
View reviewed changes
Copy link
Member

@michaeljmarshall michaeljmarshall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice direction @Technoboy-. I'll review again when it is ready for review.

@Technoboy- Technoboy- force-pushed the support-remove-permissions branch from bc599cc to 6fd6843 Compare June 6, 2023 02:35
@Technoboy- Technoboy- marked this pull request as ready for review June 6, 2023 02:45
@Technoboy-
Copy link
Contributor Author

Technoboy- commented Jun 6, 2023
edited
Loading

https://github.com/apache/pulsar/actions/runs/5184201141/jobs/9344064663

Error:  Medium: org.apache.pulsar.websocket.WebSocketService.getAuthorizationService() may expose internal representation by returning WebSocketService.authorizationService [org.apache.pulsar.websocket.WebSocketService] At WebSocketService.java:[line 177] EI_EXPOSE_REP
[INFO] 


To see bug detail using the Spotbugs GUI, use the following command "mvn spotbugs:gui"

For the above spotbugs issue, I have added this fix
023781c

@Technoboy-
Copy link
Contributor Author

Nice direction @Technoboy-. I'll review again when it is ready for review.

Thanks

@codecov-commenter
Copy link

codecov-commenter commented Jun 7, 2023
edited
Loading

Codecov Report

Merging #20496 (0b283dc) into master (3b862ae) will increase coverage by 36.12%.
The diff coverage is 59.53%.

Impacted file tree graph

@@              Coverage Diff              @@
##             master   #20496       +/-   ##
=============================================
+ Coverage     36.78%   72.90%   +36.12%     
- Complexity    12059    31942    +19883     
=============================================
  Files          1690     1867      +177     
  Lines        129001   138614     +9613     
  Branches      14041    15222     +1181     
=============================================
+ Hits          47453   101061    +53608     
+ Misses        75294    29535    -45759     
- Partials       6254     8018     +1764
Flag Coverage Δ
inttests 24.21% <10.98%> (+0.07%) ⬆️
systests 24.97% <4.62%> (+0.01%) ⬆️
unittests 72.19% <59.53%> (+40.25%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...ar/broker/authorization/AuthorizationProvider.java 7.27% <0.00%> (+5.14%) ⬆️
.../apache/pulsar/broker/admin/impl/PackagesBase.java 76.63% <ø> (+24.34%) ⬆️
.../apache/pulsar/functions/instance/ContextImpl.java 61.00% <0.00%> (+18.41%) ⬆️
.../org/apache/pulsar/broker/admin/v1/Namespaces.java 52.28% <50.00%> (+43.97%) ⬆️
...s/runtime/kubernetes/KubernetesRuntimeFactory.java 80.21% <50.00%> (+80.21%) ⬆️
...pache/pulsar/broker/admin/impl/NamespacesBase.java 72.05% <56.86%> (+41.36%) ⬆️
...ker/authorization/PulsarAuthorizationProvider.java 68.11% <60.24%> (+36.42%) ⬆️
...sar/broker/authorization/AuthorizationService.java 58.20% <100.00%> (+45.90%) ⬆️
.../org/apache/pulsar/broker/admin/AdminResource.java 78.85% <100.00%> (+35.05%) ⬆️
...pulsar/broker/admin/impl/PersistentTopicsBase.java 63.73% <100.00%> (+53.55%) ⬆️
... and 2 more

... and 1423 files with indirect coverage changes

michaeljmarshall
michaeljmarshall reviewed Jun 9, 2023
View reviewed changes
Copy link
Member

@michaeljmarshall michaeljmarshall left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The migration code looks great. I left several comments.

...roker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java Outdated Show resolved Hide resolved
...roker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java Outdated Show resolved Hide resolved
...roker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java
* @param topicName
* @return CompletableFuture<Map<String, Set<AuthAction>>>
*/
default CompletableFuture<Map<String, Set<AuthAction>>> getPermissionsAsync(TopicName topicName) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One interesting way we could consider expanding this method is to add the role of the user requesting this operation. As it is currently implemented, the broker will first verify that the role is a tenant admin or a superuser and then will call this method. It seems simpler to defer that kind of checking to the authentication provider. However, we don't do that kind of thing for any of the other methods, so that might not be consistent with the current design. What do you think @Technoboy-?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently, my design and implementation are simple. It's only for Admin API usage.
For this getPermissionsAsync, it's only used for getPermissionsOnTopic in Admin
If we change getPermissionsAsync(TopicName topicName, String role), I think it's really match other methods in the AuthorizationProvider, but we don't need it right now.

Copy link
Member

@nodece nodece Jul 21, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Your design and implementation are correct for the built-in policy, but we also need to consider the external policy.

These methods are used to get all permissions on a topic or namespace, so don't need to pass the role and auth data.

...roker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java Outdated Show resolved Hide resolved
...roker-common/src/main/java/org/apache/pulsar/broker/authorization/AuthorizationProvider.java Outdated Show resolved Hide resolved
pulsar-broker/src/main/java/org/apache/pulsar/broker/admin/impl/PersistentTopicsBase.java Show resolved Hide resolved
...er/src/test/java/org/apache/pulsar/broker/transaction/buffer/TransactionBufferCloseTest.java Outdated Show resolved Hide resolved
@Technoboy- Technoboy- merged commit e96b339 into apache:master Jul 10, 2023
BewareMyPower added a commit to BewareMyPower/pulsar that referenced this pull request Jul 21, 2023
@BewareMyPower
Fix the built-in admin failed to delete a topic with a custom authz p…
93131cf 
…rovider

### Motivation

apache#20496 introduced a breaking change
that if the custom authz provider does not implement the
`removePermissionsAsync` method, the built-in admin will fail to delete
a topic. It's because `BrokerService#deleteTopicAuthenticationWithRetry`
calls `authorizationService.removePermissionsAsync`.

### Modifications

To make it backward compatible, return a normal completed future in
`removePermissionsAsync`. Verify the change by deleting a topic in
`AuthorizationWithAuthDataTest#testAdmin`.
@BewareMyPower BewareMyPower mentioned this pull request Jul 21, 2023
Merged
4 tasks
@nodece nodece mentioned this pull request Jul 24, 2023
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattisonchao mattisonchao mattisonchao approved these changes

@nodece nodece Awaiting requested review from nodece

@michaeljmarshall michaeljmarshall Awaiting requested review from michaeljmarshall

Assignees

@Technoboy- Technoboy-

Labels
area/authn area/broker doc-not-needed Your PR changes do not impact docs ready-to-test
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.
5 participants
@Technoboy- @codecov-commenter @nodece @michaeljmarshall @mattisonchao