[Issue #3922] Fix bugs in ACL modification #3927

caigy · 2022-03-03T14:04:02Z

What is the purpose of the change

Verifying this change

I checked the following:

Case1: Only `conf/plain_acl.yml` exists:

➜ distribution git:(issue-3922) ✗ tree conf

conf
├── 2m-2s-async
│   ├── broker-a-s.properties
│   ├── broker-a.properties
│   ├── broker-b-s.properties
│   └── broker-b.properties
├── 2m-2s-sync
│   ├── broker-a-s.properties
│   ├── broker-a.properties
│   ├── broker-b-s.properties
│   └── broker-b.properties
├── 2m-noslave
│   ├── broker-a.properties
│   ├── broker-b.properties
│   └── broker-trace.properties
├── acl
├── broker.conf
├── dledger
│   ├── broker-n0.conf
│   ├── broker-n1.conf
│   └── broker-n2.conf
├── logback_broker.xml
├── logback_namesrv.xml
├── logback_tools.xml
├── plain_acl.yml
└── tools.yml

Show config:

>sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster

RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.103.*, 192.168.0.*]

accounts:
  accessKey         : RocketMQ
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : SUB
  topicPerms        : [topicA=DENY, topicB=PUB|SUB, topicC=SUB]
  groupPerms        : [groupA=DENY, groupB=PUB|SUB, groupC=SUB]

  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        :

add accounts:

> sh bin/mqadmin updateAclConfig -n 127.0.0.1:9876 -c DefaultCluster  \
--accessKey PG-E-APP-YYY \
--secretKey 12345678 \
--admin false \
--defaultTopicPerm DENY \
--defaultGroupPerm DENY \
--topicPerms RMQ_SYS_TRACE_TOPIC=PUB,TP-E-APP-YYY=PUB

RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
create or update plain access config to localhost:10911 success.
org.apache.rocketmq.common.PlainAccessConfig@36fc695d% 

> sh bin/mqadmin updateAclConfig -n 127.0.0.1:9876 -c DefaultCluster \
--accessKey CG-E-APP-YYY-APP-SVC \
--secretKey 12345678 \
--admin false \
--defaultTopicPerm DENY \
--defaultGroupPerm DENY \
--topicPerms RMQ_SYS_TRACE_TOPIC=PUB,TP-E-APP-YYY=SUB \
--groupPerms CG-E-APP-YYY-APP-SVC=SUB
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
create or update plain access config to localhost:10911 success.
org.apache.rocketmq.common.PlainAccessConfig@411f53a0%

update global white address:

> sh bin/mqadmin updateGlobalWhiteAddr -n 127.0.0.1:9876 -c DefaultCluster -g 10.10.154.1,10.10.154.2
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
update global white remote addresses to localhost:10911 success.

get config again:

> sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : RocketMQ
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : SUB
  topicPerms        : [topicA=DENY, topicB=PUB|SUB, topicC=SUB]
  groupPerms        : [groupA=DENY, groupB=PUB|SUB, groupC=SUB]

  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

delete account:

> sh bin/mqadmin deleteAccessConfig -n 127.0.0.1:9876 -c DefaultCluster -a RocketMQ
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
delete plain access config account from localhost:10911 success.
account's accesskey is:RocketMQ%

check account deleted:

> sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

produce and consume messages: OK
change secret key in file and check secretKey is changed

sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678b
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678a
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

produce and consume messages: failed for sk changed

Only /conf/acl/plain_acl.yml exists: In my pr, an empty conf/plain_acl.yml would be created, so it is the same as the next circumstance;

conf
├── 2m-2s-async
│   ├── broker-a-s.properties
│   ├── broker-a.properties
│   ├── broker-b-s.properties
│   └── broker-b.properties
├── 2m-2s-sync
│   ├── broker-a-s.properties
│   ├── broker-a.properties
│   ├── broker-b-s.properties
│   └── broker-b.properties
├── 2m-noslave
│   ├── broker-a.properties
│   ├── broker-b.properties
│   └── broker-trace.properties
├── acl
│   └── plain_acl.yml
├── broker.conf
├── dledger
│   ├── broker-n0.conf
│   ├── broker-n1.conf
│   └── broker-n2.conf
├── logback_broker.xml
├── logback_namesrv.xml
├── logback_tools.xml
└── tools.yml

get config:

>sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.103.*, 192.168.0.*]

accounts:
  accessKey         : RocketMQ
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : SUB
  topicPerms        : [topicA=DENY, topicB=PUB|SUB, topicC=SUB]
  groupPerms        : [groupA=DENY, groupB=PUB|SUB, groupC=SUB]

  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        :

add accounts:

> sh bin/mqadmin updateAclConfig -n 127.0.0.1:9876 -c DefaultCluster  \
--accessKey PG-E-APP-YYY \
--secretKey 12345678 \
--admin false \
--defaultTopicPerm DENY \
--defaultGroupPerm DENY \
--topicPerms RMQ_SYS_TRACE_TOPIC=PUB,TP-E-APP-YYY=PUB

RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
create or update plain access config to localhost:10911 success.
org.apache.rocketmq.common.PlainAccessConfig@411f53a0%

> sh bin/mqadmin updateAclConfig -n 127.0.0.1:9876 -c DefaultCluster \
--accessKey CG-E-APP-YYY-APP-SVC \
--secretKey 12345678 \
--admin false \
--defaultTopicPerm DENY \
--defaultGroupPerm DENY \
--topicPerms RMQ_SYS_TRACE_TOPIC=PUB,TP-E-APP-YYY=SUB \
--groupPerms CG-E-APP-YYY-APP-SVC=SUB
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
create or update plain access config to localhost:10911 success.
org.apache.rocketmq.common.PlainAccessConfig@4c402120%

update global white address:

> sh bin/mqadmin updateGlobalWhiteAddr -n 127.0.0.1:9876 -c DefaultCluster -g 10.10.154.1,10.10.154.2
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
update global white remote addresses to localhost:10911 success.

check config:

> sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.103.*, 192.168.0.*, 10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : RocketMQ
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : SUB
  topicPerms        : [topicA=DENY, topicB=PUB|SUB, topicC=SUB]
  groupPerms        : [groupA=DENY, groupB=PUB|SUB, groupC=SUB]

  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

delete account:

> sh bin/mqadmin deleteAccessConfig -n 127.0.0.1:9876 -c DefaultCluster -a RocketMQ
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
delete plain access config account from localhost:10911 success.
account's accesskey is:RocketMQ%

check account if deleted:

> sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.103.*, 192.168.0.*, 10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

produce and consume messages: OK
change secret key :

sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.103.*, 192.168.0.*, 10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678a
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678b
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

produce and consume message failed for secretKey changed.

Both conf/plain_acl.yml and /conf/acl/plain_acl.yml exists

conf
├── 2m-2s-async
│   ├── broker-a-s.properties
│   ├── broker-a.properties
│   ├── broker-b-s.properties
│   └── broker-b.properties
├── 2m-2s-sync
│   ├── broker-a-s.properties
│   ├── broker-a.properties
│   ├── broker-b-s.properties
│   └── broker-b.properties
├── 2m-noslave
│   ├── broker-a.properties
│   ├── broker-b.properties
│   └── broker-trace.properties
├── acl
│   └── plain_acl.yml
├── broker.conf
├── dledger
│   ├── broker-n0.conf
│   ├── broker-n1.conf
│   └── broker-n2.conf
├── logback_broker.xml
├── logback_namesrv.xml
├── logback_tools.xml
├── plain_acl.yml
└── tools.yml

get config

>sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster

RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.103.*, 192.168.0.*]

accounts:
  accessKey         : RocketMQ
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : SUB
  topicPerms        : [topicA=DENY, topicB=PUB|SUB, topicC=SUB]
  groupPerms        : [groupA=DENY, groupB=PUB|SUB, groupC=SUB]

  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        :

add accounts:

> sh bin/mqadmin updateAclConfig -n 127.0.0.1:9876 -c DefaultCluster  \
--accessKey PG-E-APP-YYY \
--secretKey 12345678 \
--admin false \
--defaultTopicPerm DENY \
--defaultGroupPerm DENY \
--topicPerms RMQ_SYS_TRACE_TOPIC=PUB,TP-E-APP-YYY=PUB

RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
create or update plain access config to localhost:10911 success.
org.apache.rocketmq.common.PlainAccessConfig@2d3379b4% 

> sh bin/mqadmin updateAclConfig -n 127.0.0.1:9876 -c DefaultCluster \
--accessKey CG-E-APP-YYY-APP-SVC \
--secretKey 12345678 \
--admin false \
--defaultTopicPerm DENY \
--defaultGroupPerm DENY \
--topicPerms RMQ_SYS_TRACE_TOPIC=PUB,TP-E-APP-YYY=SUB \
--groupPerms CG-E-APP-YYY-APP-SVC=SUB
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
create or update plain access config to localhost:10911 success.
org.apache.rocketmq.common.PlainAccessConfig@36ebc363%

add global white address:

> sh bin/mqadmin updateGlobalWhiteAddr -n 127.0.0.1:9876 -c DefaultCluster -g 10.10.154.1,10.10.154.2
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
update global white remote addresses to localhost:10911 success.

check config:

> sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : RocketMQ
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : SUB
  topicPerms        : [topicA=DENY, topicB=PUB|SUB, topicC=SUB]
  groupPerms        : [groupA=DENY, groupB=PUB|SUB, groupC=SUB]

  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

delete account and check it if deleted:

> sh bin/mqadmin deleteAccessConfig -n 127.0.0.1:9876 -c DefaultCluster -a RocketMQ
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.
delete plain access config account from localhost:10911 success.
account's accesskey is:RocketMQ

> sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

produce and consume messages: OK
change secret key in file:

sh bin/mqadmin getAccessConfigSubCommand -n 127.0.0.1:9876 -c DefaultCluster
RocketMQLog:WARN No appenders could be found for logger (io.netty.util.internal.InternalThreadLocalMap).
RocketMQLog:WARN Please initialize the logger system properly.

globalWhiteRemoteAddresses: [10.10.154.1, 10.10.154.2]

accounts:
  accessKey         : rocketmq2
  secretKey         : 12345678
  whiteRemoteAddress: 192.168.1.*
  admin             : true
  defaultTopicPerm  : 
  defaultGroupPerm  : 
  topicPerms        : 
  groupPerms        : 

  accessKey         : PG-E-APP-YYY
  secretKey         : 12345678a
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=PUB]
  groupPerms        : 

  accessKey         : CG-E-APP-YYY-APP-SVC
  secretKey         : 12345678b
  whiteRemoteAddress: 
  admin             : false
  defaultTopicPerm  : DENY
  defaultGroupPerm  : DENY
  topicPerms        : [RMQ_SYS_TRACE_TOPIC=PUB, TP-E-APP-YYY=SUB]
  groupPerms        : [CG-E-APP-YYY-APP-SVC=SUB]

produce and consume messages failed after secretKey changed

…ig file

…ig file did not exist

…t acl config file and config of different accounts can be placed under conf/acl/

# Conflicts: # acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java

…e added back after deleting account part in ACL config files

acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java

coveralls · 2022-03-03T15:11:05Z

Coverage increased (+0.2%) to 51.717% when pulling c05d824 on caigy:issue-3922 into 5ae4a10 on apache:develop.

yuz10 · 2022-03-05T06:40:21Z

codecov-commenter · 2022-03-06T04:38:01Z

Codecov Report

Merging #3927 (c05d824) into develop (5ae4a10) will increase coverage by 0.20%.
The diff coverage is 63.82%.

@@              Coverage Diff              @@
##             develop    #3927      +/-   ##
=============================================
+ Coverage      47.51%   47.72%   +0.20%     
- Complexity      4935     4969      +34     
=============================================
  Files            633      633              
  Lines          42572    42576       +4     
  Branches        5590     5589       -1     
=============================================
+ Hits           20229    20318      +89     
+ Misses         19833    19763      -70     
+ Partials        2510     2495      -15

Impacted Files	Coverage Δ
...che/rocketmq/acl/plain/PlainPermissionManager.java	`76.16% <63.82%> (+4.43%)`	⬆️
.../apache/rocketmq/logging/inner/LoggingBuilder.java	`64.71% <0.00%> (+0.31%)`	⬆️
...mq/client/impl/producer/DefaultMQProducerImpl.java	`45.47% <0.00%> (+0.37%)`	⬆️
...he/rocketmq/client/impl/consumer/ProcessQueue.java	`62.38% <0.00%> (+0.45%)`	⬆️
...e/rocketmq/client/impl/consumer/RebalanceImpl.java	`44.53% <0.00%> (+0.78%)`	⬆️
...main/java/org/apache/rocketmq/store/CommitLog.java	`76.10% <0.00%> (+1.01%)`	⬆️
...ketmq/common/protocol/body/RegisterBrokerBody.java	`84.78% <0.00%> (+1.08%)`	⬆️
...mq/client/impl/consumer/RebalanceLitePullImpl.java	`73.52% <0.00%> (+1.47%)`	⬆️
...he/rocketmq/client/trace/AsyncTraceDispatcher.java	`81.18% <0.00%> (+1.48%)`	⬆️
...a/org/apache/rocketmq/store/StoreStatsService.java	`38.09% <0.00%> (+1.68%)`	⬆️
... and 11 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5ae4a10...c05d824. Read the comment docs.

caigy · 2022-03-06T12:37:56Z

* fix NPE when updating account auth if no accounts defined in acl config file * fix: creating globalWhiteRemoteAddresses failed when default acl config file did not exist * move plain_acl.yml out of conf/acl/: conf/plain_acl.yml is the default acl config file and config of different accounts can be placed under conf/acl/ * fix merge problem * fix: 1. errors when processing empty config files; 2.accounts can't be added back after deleting account part in ACL config files * fix merge problem * fix test bug * add test * add missing test config files

caigy added 6 commits March 3, 2022 16:31

fix NPE when updating account auth if no accounts defined in acl conf…

45578f2

…ig file

fix: creating globalWhiteRemoteAddresses failed when default acl conf…

6171e8a

…ig file did not exist

move plain_acl.yml out of conf/acl/: conf/plain_acl.yml is the defaul…

f63ead7

…t acl config file and config of different accounts can be placed under conf/acl/

Merge branch 'develop' into issue-3922

b2bd36e

# Conflicts: # acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java

fix merge problem

cd62009

fix: 1. errors when processing empty config files; 2.accounts can't b…

7ecfe21

…e added back after deleting account part in ACL config files

sunxi92 reviewed Mar 3, 2022

View reviewed changes

acl/src/main/java/org/apache/rocketmq/acl/plain/PlainPermissionManager.java Outdated Show resolved Hide resolved

ShannonDing added the module/acl label Mar 4, 2022

sunxi92 approved these changes Mar 4, 2022

View reviewed changes

duhenglucky mentioned this pull request Mar 4, 2022

mqadmin updateGlobalWhiteAddr failed in 4.9.3 #3922

Closed

caigy added 3 commits March 4, 2022 21:42

fix merge problem

0ccd2c5

fix test bug

808fc7f

add test

0b98ff0

yuz10 approved these changes Mar 5, 2022

View reviewed changes

ni-ze approved these changes Mar 5, 2022

View reviewed changes

add missing test config files

c05d824

caigy closed this Mar 6, 2022

duhenglucky reopened this Mar 6, 2022

yuz10 mentioned this pull request Mar 7, 2022

[ISSUE#3909]fix fail to add back acl account after delete an account #3910

Closed

6 tasks

yuz10 merged commit 7a5d937 into apache:develop Mar 7, 2022

duhenglucky added this to the 4.9.4 milestone Apr 2, 2022

duhenglucky mentioned this pull request Apr 24, 2022

使用acl功能，关于版本的选择 #4199

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Issue #3922] Fix bugs in ACL modification #3927

[Issue #3922] Fix bugs in ACL modification #3927

Uh oh!

caigy commented Mar 3, 2022

Uh oh!

Uh oh!

coveralls commented Mar 3, 2022 •

edited

Loading

Uh oh!

yuz10 commented Mar 5, 2022

Uh oh!

codecov-commenter commented Mar 6, 2022 •

edited

Loading

Uh oh!

caigy commented Mar 6, 2022

Uh oh!

Uh oh!

[Issue #3922] Fix bugs in ACL modification #3927

[Issue #3922] Fix bugs in ACL modification #3927

Uh oh!

Conversation

caigy commented Mar 3, 2022

What is the purpose of the change

Verifying this change

Case1: Only conf/plain_acl.yml exists:

Only /conf/acl/plain_acl.yml exists: In my pr, an empty conf/plain_acl.yml would be created, so it is the same as the next circumstance;

Both conf/plain_acl.yml and /conf/acl/plain_acl.yml exists

Uh oh!

Uh oh!

coveralls commented Mar 3, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

yuz10 commented Mar 5, 2022

Uh oh!

codecov-commenter commented Mar 6, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

caigy commented Mar 6, 2022

Uh oh!

Uh oh!

Case1: Only `conf/plain_acl.yml` exists:

coveralls commented Mar 3, 2022 •

edited

Loading

codecov-commenter commented Mar 6, 2022 •

edited

Loading