-
Notifications
You must be signed in to change notification settings - Fork 520
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ISSUE #70] The rocketmq-dashboard supports ACL configuration #71
Conversation
Sorry, I forget unit tests. I need spend a little time to add some unit tests. |
@xxd763795151 |
Security key should be hidden by asterisks :-) |
NIce job ~~~ I'd like to add another reviewer @zhangjidi2016 for this feature :-) |
|
||
@PostMapping("/add.do") | ||
public Object addAclConfig(@RequestBody PlainAccessConfig config) { | ||
Preconditions.checkArgument(config.getAccessKey() != null && !config.getAccessKey().isEmpty(), "accessKey is null"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use StringUtils.isNotEmpty(config.getAccessKey()) instead
src/main/java/org/apache/rocketmq/dashboard/service/client/MQAdminExtImpl.java
Outdated
Show resolved
Hide resolved
|
||
@RestController | ||
@RequestMapping("/acl") | ||
public class AclController { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add permission control for ACL-related operation interfaces for different login role
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, oh, okay. I will make some adjustments according to your suggestions later.
@zhangjidi2016
confirmed-click="deleteAclConfig(item.accessKey)">{{'DELETE' | translate}} | ||
</button> | ||
<button class="btn btn-raised btn-sm btn-danger" type="button" | ||
ng-click="synchronizeData(item)">{{'SYNCHRONIZE' | translate}} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hide action buttons based on login roles
About this, I hope you could think it about more. If it is necessary, I will adjust later. Such as , it will show '********' , that hidden by asterisks, and there is a button on the side, click visible. Or hide this column , and add a 'Secret key ' button. |
Codecov Report
@@ Coverage Diff @@
## master #71 +/- ##
=========================================
Coverage ? 76.94%
Complexity ? 821
=========================================
Files ? 91
Lines ? 2837
Branches ? 278
=========================================
Hits ? 2183
Misses ? 500
Partials ? 154 Continue to review full report at Codecov.
|
Now, when enable login controle, different roles are treated differently, as following: @zhangjidi2016 @vongosling |
As I said, Open Source projects also consider the common safety problem. Do you really see the downside of displaying security keys in clear text by default? |
@vongosling Yeah, u are right. I just made some adjustments for it. Such as following: |
src/main/java/org/apache/rocketmq/dashboard/model/request/AclRequest.java
Show resolved
Hide resolved
Preconditions.checkArgument(StringUtils.isNotEmpty(config.getAccessKey()), "accessKey is null"); | ||
Preconditions.checkArgument(StringUtils.isNotEmpty(config.getSecretKey()), "secretKey is null"); | ||
aclService.addAclConfig(config); | ||
return new JsonResult(0, ""); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can just return true.
return true;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will adjust it later. When I optimize code first time, I try return true, but it occur json error. So I use this style as return value. But using this style, it doesn't seem to be a problem right now, I will optimize these code again.
public Object deleteAclConfig(@RequestBody PlainAccessConfig config) { | ||
Preconditions.checkArgument(StringUtils.isNotEmpty(config.getAccessKey()), "accessKey is null"); | ||
aclService.deleteAclConfig(config); | ||
return new JsonResult(0, ""); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
for (String addr : | ||
masterSet) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can be on the same line.
What is the purpose of the change
#70
The rocketmq-dashboard supports ACL configuration, such as following:
Or
Feature descirbe:
**Note: the Acl menu only appears when the accessKey and secretKey is not empty in the application.yml. **
By the way, the last topic or group permission can not be deleted if there is only one topic or group permission for an access key because of the rocketmq`s implemention.
Brief changelog
XXXX
Verifying this change
XXXX
Follow this checklist to help us incorporate your contribution quickly and easily. Notice,
it would be helpful if you could finish the following 5 checklist(the last one is not necessary)before request the community to review your PR
.[ISSUE #123] Fix UnknownException when host config not exist
. Each commit in the pull request should have a meaningful subject line and body.mvn -B clean apache-rat:check findbugs:findbugs checkstyle:checkstyle
to make sure basic checks pass. Runmvn clean install -DskipITs
to make sure unit-test pass. Runmvn clean test-compile failsafe:integration-test
to make sure integration-test pass.