Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIXED] LeafNode: wrong permission check prevented message flow #2455

Merged
merged 1 commit into from
Aug 19, 2021
Merged

[FIXED] LeafNode: wrong permission check prevented message flow #2455

merged 1 commit into from
Aug 19, 2021

Conversation

kozlovic
Copy link
Member

The PR #1480 was added in v2.2.0, so that matches user report that suggest that things changed compared to pre-2.2.0 releases.
The check for "pubAllowed" when client is a LEAF was added in that PR. Only the PUB permissions were checked regardless of the type of leaf connection (hub or spoke). In PR 1480, the check was done only for spoke but then was changed to perform pub check as long as client is LEAF: 3729552

I think that we need to distinguish if the connection is hub, check subscribe permissions, if spoke, pub permissions. I have added a test that reproduces the user report TestLeafNodeOperatorAndPermissions that seem to be fixed with the proposed change.

Resolves #2454

Signed-off-by: Ivan Kozlovic [email protected]

matthiashanel
matthiashanel approved these changes Aug 19, 2021
View reviewed changes
Copy link
Contributor

@matthiashanel matthiashanel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

derekcollison
derekcollison approved these changes Aug 19, 2021
View reviewed changes
Copy link
Member

@derekcollison derekcollison left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kozlovic kozlovic merged commit 7dcd75a into main Aug 19, 2021
@kozlovic kozlovic deleted the fix_2454 branch August 19, 2021 22:30
kozlovic added a commit that referenced this pull request Aug 24, 2021
@kozlovic
[FIXED] LeafNode: wrong permission check prevented message flow
4a50ba8 
This commit simply includes a change to the test that was added
for PR #2455 that fixed a similar issue (in deliverMsg). This
issue has to do with initial send of subscription interest.

Resolves #2469

Signed-off-by: Ivan Kozlovic <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthiashanel matthiashanel matthiashanel approved these changes

@derekcollison derekcollison derekcollison approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Leaf Node credentials require publish permissions to subscribe
3 participants
@kozlovic @derekcollison @matthiashanel