From 743583b20bf6c4362dbcbe1ad5ee43a145e476bd Mon Sep 17 00:00:00 2001
From: kingkh <kingkh1995@outlook.com>
Date: Fri, 30 Aug 2024 20:42:17 +0800
Subject: [PATCH] #8615 fix DeleteUserSubCommand command failed when acl2.0
 authentication enabled and authorization disabled

---
 .../factory/AuthorizationFactory.java         |  4 +
 ...AuthorizationDisabledMetadataProvider.java | 65 ++++++++++++++++
 .../AuthenticationMetadataManagerTest.java    | 10 +++
 ...orizationDisabledMetadataProviderTest.java | 76 +++++++++++++++++++
 4 files changed, 155 insertions(+)
 create mode 100644 auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProvider.java
 create mode 100644 auth/src/test/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProviderTest.java

diff --git a/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java b/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java
index 29748a9ed44..9485626bec2 100644
--- a/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java
+++ b/auth/src/main/java/org/apache/rocketmq/auth/authorization/factory/AuthorizationFactory.java
@@ -29,6 +29,7 @@
 import org.apache.rocketmq.auth.authorization.context.AuthorizationContext;
 import org.apache.rocketmq.auth.authorization.manager.AuthorizationMetadataManager;
 import org.apache.rocketmq.auth.authorization.manager.AuthorizationMetadataManagerImpl;
+import org.apache.rocketmq.auth.authorization.provider.AuthorizationDisabledMetadataProvider;
 import org.apache.rocketmq.auth.authorization.provider.AuthorizationMetadataProvider;
 import org.apache.rocketmq.auth.authorization.provider.AuthorizationProvider;
 import org.apache.rocketmq.auth.authorization.provider.DefaultAuthorizationProvider;
@@ -79,6 +80,9 @@ public static AuthorizationMetadataProvider getMetadataProvider(AuthConfig confi
         }
         return computeIfAbsent(METADATA_PROVIDER_PREFIX + config.getConfigName(), key -> {
             try {
+                if (!config.isAuthorizationEnabled()) {
+                    return AuthorizationDisabledMetadataProvider.INSTANCE;
+                }
                 if (StringUtils.isBlank(config.getAuthorizationMetadataProvider())) {
                     return null;
                 }
diff --git a/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProvider.java b/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProvider.java
new file mode 100644
index 00000000000..cf1e9b51029
--- /dev/null
+++ b/auth/src/main/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProvider.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rocketmq.auth.authorization.provider;
+
+import org.apache.rocketmq.auth.authentication.model.Subject;
+import org.apache.rocketmq.auth.authorization.model.Acl;
+import org.apache.rocketmq.auth.config.AuthConfig;
+
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.function.Supplier;
+
+public final class AuthorizationDisabledMetadataProvider implements AuthorizationMetadataProvider {
+    public final static AuthorizationDisabledMetadataProvider INSTANCE = new AuthorizationDisabledMetadataProvider();
+
+    private AuthorizationDisabledMetadataProvider() {
+    }
+
+    @Override
+    public void initialize(AuthConfig authConfig, Supplier<?> metadataService) {
+    }
+
+    @Override
+    public void shutdown() {
+    }
+
+    @Override
+    public CompletableFuture<Void> createAcl(Acl acl) {
+        return CompletableFuture.completedFuture(null);
+    }
+
+    @Override
+    public CompletableFuture<Void> deleteAcl(Subject subject) {
+        return CompletableFuture.completedFuture(null);
+    }
+
+    @Override
+    public CompletableFuture<Void> updateAcl(Acl acl) {
+        return CompletableFuture.completedFuture(null);
+    }
+
+    @Override
+    public CompletableFuture<Acl> getAcl(Subject subject) {
+        return CompletableFuture.completedFuture(null);
+    }
+
+    @Override
+    public CompletableFuture<List<Acl>> listAcl(String subjectFilter, String resourceFilter) {
+        return CompletableFuture.completedFuture(null);
+    }
+}
diff --git a/auth/src/test/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerTest.java b/auth/src/test/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerTest.java
index 844deb37568..20b548ae448 100644
--- a/auth/src/test/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerTest.java
+++ b/auth/src/test/java/org/apache/rocketmq/auth/authentication/manager/AuthenticationMetadataManagerTest.java
@@ -140,6 +140,16 @@ public void deleteUser() {
         this.authenticationMetadataManager.deleteUser("no_user").join();
     }
 
+    @Test
+    public void deleteUserIfAuthorizationDisabled() {
+        if (MixAll.isMac()) {
+            return;
+        }
+        this.authConfig.setAuthorizationEnabled(false);
+        this.authenticationMetadataManager = AuthenticationFactory.getMetadataManager(this.authConfig);
+        this.authenticationMetadataManager.deleteUser("no_user").join();
+    }
+
     @Test
     public void getUser() {
         if (MixAll.isMac()) {
diff --git a/auth/src/test/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProviderTest.java b/auth/src/test/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProviderTest.java
new file mode 100644
index 00000000000..9f600acbf92
--- /dev/null
+++ b/auth/src/test/java/org/apache/rocketmq/auth/authorization/provider/AuthorizationDisabledMetadataProviderTest.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.rocketmq.auth.authorization.provider;
+
+import org.apache.rocketmq.auth.authentication.model.User;
+import org.apache.rocketmq.auth.authorization.model.Acl;
+import org.apache.rocketmq.auth.config.AuthConfig;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+
+public class AuthorizationDisabledMetadataProviderTest {
+
+    private AuthorizationDisabledMetadataProvider authorizationDisabledMetadataProvider;
+
+    @Before
+    public void setUp() throws Exception {
+        this.authorizationDisabledMetadataProvider = AuthorizationDisabledMetadataProvider.INSTANCE;
+        this.authorizationDisabledMetadataProvider.initialize(new AuthConfig(), null);
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        this.authorizationDisabledMetadataProvider.shutdown();
+    }
+
+    @Test
+    public void createAcl() {
+        CompletableFuture<Void> future = this.authorizationDisabledMetadataProvider.createAcl(new Acl());
+        Assert.assertTrue(future.isDone());
+    }
+
+    @Test
+    public void deleteAcl() {
+        CompletableFuture<Void> future = this.authorizationDisabledMetadataProvider.deleteAcl(User.of("username"));
+        Assert.assertTrue(future.isDone());
+    }
+
+    @Test
+    public void updateAcl() {
+        CompletableFuture<Void> future = this.authorizationDisabledMetadataProvider.updateAcl(new Acl());
+        Assert.assertTrue(future.isDone());
+    }
+
+    @Test
+    public void getAcl() {
+        CompletableFuture<Acl> future = this.authorizationDisabledMetadataProvider.getAcl(User.of("username"));
+        Assert.assertTrue(future.isDone());
+        Assert.assertNull(future.join());
+    }
+
+    @Test
+    public void listAcl() {
+        CompletableFuture<List<Acl>> future = this.authorizationDisabledMetadataProvider.listAcl(null, null);
+        Assert.assertTrue(future.isDone());
+        Assert.assertNull(future.join());
+    }
+}
\ No newline at end of file