[improve][test] Add topic operation checker for topic API

[coderzc]

Motivation

Currently, the permission test of topic API only verifies the AuthAction but does not verify whether the topic operation meets expectations. This is a guarantee for other authorizationProvider implementations.

Modifications

Add checker topic operation for topic API

Verifying this change

• Make sure that the change passes the CI checks.

(Please pick either of the following options)

This change is a trivial rework / code cleanup without any test coverage.

(or)

This change is already covered by existing tests, such as (please describe tests).

(or)

This change added tests and can be verified as follows:

(example:)

• Added integration tests for end-to-end deployment with large payloads (10MB)
• Extended integration test for recovery after broker failure

Does this pull request potentially affect one of the following parts:

If the box was checked, please highlight the changes

• Dependencies (add or upgrade a dependency)
• The public API
• The schema
• The default values of configurations
• The threading model
• The binary protocol
• The REST endpoints
• The admin CLI options
• The metrics
• Anything that affects deployment

Documentation

• doc
• doc-required
• doc-not-needed
• doc-complete

Matching PR in forked repository

PR in forked repository:

[lhotari]

Add checker topic operation for topic API

Please provide more context. What is "checker topic operation" ?

[coderzc]

Add checker topic operation for topic API

Please provide more context. What is "checker topic operation" ?

@lhotari I added some context in the PR description

[lhotari]

Currently, the permission test of topic API only verifies the AuthAction but does not verify whether the topic operation meets expectations. This is a guarantee for other authorizationProvider implementations.

@coderzc Thanks. Unfortunately, this leaves many open questions.

• About "whether the topic operation meets expectations".
  • Q: What "expectations"? Please define.
• "This is a guarantee for other authorizationProvider implementations."
  • What is "this is a guarantee" ? What "guarantee". What "other authorization provider implementations"?

A representative example could clarify what this all means.

[coderzc]

@lhotari Let me use an example to explain why this PR is needed.

Such as for SkipMessage API we should check whether the user has the permission for the SKIP operation, but in the default implementation of PulsarAuthorizationProvider we convert it into the AuthAction.consume permission, see:

pulsar/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/authorization/PulsarAuthorizationProvider.java

Lines 560 to 595 in 6de711d

	public CompletableFuture<Boolean> allowTopicOperationAsync(TopicName topicName,
	String role,
	TopicOperation operation,
	AuthenticationDataSource authData) {
	if (log.isDebugEnabled()) {
	log.debug("Check allowTopicOperationAsync [{}] on [{}].", operation.name(), topicName);
	}
	return validateTenantAdminAccess(topicName.getTenant(), role, authData)
	.thenCompose(isSuperUserOrAdmin -> {
	if (log.isDebugEnabled()) {
	log.debug("Verify if role {} is allowed to {} to topic {}: isSuperUserOrAdmin={}",
	role, operation, topicName, isSuperUserOrAdmin);
	}
	if (isSuperUserOrAdmin) {
	return CompletableFuture.completedFuture(true);
	} else {
	switch (operation) {
	case LOOKUP:
	case GET_STATS:
	case GET_METADATA:
	return canLookupAsync(topicName, role, authData);
	case PRODUCE:
	return canProduceAsync(topicName, role, authData);
	case GET_SUBSCRIPTIONS:
	case CONSUME:
	case SUBSCRIBE:
	case UNSUBSCRIBE:
	case SKIP:
	case EXPIRE_MESSAGES:
	case PEEK_MESSAGES:
	case RESET_CURSOR:
	case GET_BACKLOG_SIZE:
	case SET_REPLICATED_SUBSCRIPTION_STATUS:
	case GET_REPLICATED_SUBSCRIPTION_STATUS:
	return canConsumeAsync(topicName, role, authData, authData.getSubscription());

However, in the customized AuthorizationProvider implementation, the user may It has its own authentication logic, the customized AuthorizationProvider wants operation parameters passed to the allowTopicOperationAsync method is SKIP instead of other operation (such as CONSUME). In order to avoid code regression, I added an operation check to ensure API verified topic operation is expected.