[pinot] branch master updated: Add the missing Authorize annotation to broker instance resource (#11302)

jackie Wed, 09 Aug 2023 13:48:13 -0700

This is an automated email from the ASF dual-hosted git repository.

jackie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git



The following commit(s) were added to refs/heads/master by this push:
     new 02dc4704b1 Add the missing Authorize annotation to broker instance 
resource (#11302)
02dc4704b1 is described below

commit 02dc4704b1e94f29f8e6f23e473fa19d9f37e5c3
Author: Xiaotian (Jackie) Jiang <17555551+jackie-ji...@users.noreply.github.com>
AuthorDate: Wed Aug 9 13:47:30 2023 -0700

    Add the missing Authorize annotation to broker instance resource (#11302)
---
 .../pinot/broker/api/resources/InstanceResource.java       | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git 
a/pinot-broker/src/main/java/org/apache/pinot/broker/api/resources/InstanceResource.java
 
b/pinot-broker/src/main/java/org/apache/pinot/broker/api/resources/InstanceResource.java
index 3b6a80f6d6..750e523d50 100644
--- 
a/pinot-broker/src/main/java/org/apache/pinot/broker/api/resources/InstanceResource.java
+++ 
b/pinot-broker/src/main/java/org/apache/pinot/broker/api/resources/InstanceResource.java
@@ -39,26 +39,32 @@ import org.apache.helix.HelixManager;
 import org.apache.helix.model.InstanceConfig;
 import org.apache.pinot.broker.broker.BrokerAdminApiApplication;
 import org.apache.pinot.common.utils.helix.HelixHelper;
+import org.apache.pinot.core.auth.Actions;
+import org.apache.pinot.core.auth.Authorize;
+import org.apache.pinot.core.auth.TargetType;
 
 import static 
org.apache.pinot.spi.utils.CommonConstants.SWAGGER_AUTHORIZATION_KEY;
 
+
 /**
  * This resource API can be used to retrieve instance level information like 
instance tags.
  */
-@Api(description = "Metadata for this instance (like tenant tags)", tags = 
"instance",
-    authorizations = {@Authorization(value = SWAGGER_AUTHORIZATION_KEY)})
+@Api(tags = "Instance", authorizations = {@Authorization(value = 
SWAGGER_AUTHORIZATION_KEY)})
 @SwaggerDefinition(securityDefinition = 
@SecurityDefinition(apiKeyAuthDefinitions = @ApiKeyAuthDefinition(name =
     HttpHeaders.AUTHORIZATION, in = 
ApiKeyAuthDefinition.ApiKeyLocation.HEADER, key = SWAGGER_AUTHORIZATION_KEY)))
-@Path("instance")
+@Path("/")
 public class InstanceResource {
+
   @Inject
   @Named(BrokerAdminApiApplication.BROKER_INSTANCE_ID)
   private String _instanceId;
+
   @Inject
   private HelixManager _helixManager;
 
   @GET
-  @Path("tags")
+  @Path("/instance/tags")
+  @Authorize(targetType = TargetType.CLUSTER, action = 
Actions.Cluster.GET_INSTANCE)
   @ApiOperation(value = "Tenant tags for current instance")
   @ApiResponses(value = {
       @ApiResponse(code = 200, message = "Success"),


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org

[pinot] branch master updated: Add the missing Authorize annotation to broker instance resource (#11302)

Reply via email to