k/describe_configs: added describe configs authorization

Signed-off-by: Michal Maslanka <michal@vectorized.io>
redpanda-data · Mar 31, 2021 · f6fa9b2 · f6fa9b2
1 parent 936df84
commit f6fa9b2
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/v/kafka/server/handlers/describe_configs.cc b/src/v/kafka/server/handlers/describe_configs.cc
@@ -20,6 +20,7 @@
 #include "model/metadata.h"
 #include "model/namespace.h"
 #include "model/validation.h"
+#include "security/acl.h"
 #include "ssx/sformat.h"
 
 #include <seastar/core/do_with.hh>
@@ -223,6 +224,9 @@ ss::future<response_ptr> describe_configs_handler::handle(
 
     describe_configs_response response;
     response.data.results.reserve(request.data.resources.size());
+    bool cluster_authorized = ctx.authorized(
+      security::acl_operation::describe_configs,
+      security::default_cluster_name);
 
     for (auto& resource : request.data.resources) {
         response.data.results.push_back(describe_configs_result{
@@ -249,6 +253,12 @@ ss::future<response_ptr> describe_configs_handler::handle(
                 result.error_code = error_code::unknown_topic_or_partition;
                 continue;
             }
+
+            if (!ctx.authorized(
+                  security::acl_operation::describe_configs, topic.tp)) {
+                result.error_code = error_code::topic_authorization_failed;
+                continue;
+            }
             /**
              * Redpanda extensions
              */
@@ -327,6 +337,10 @@ ss::future<response_ptr> describe_configs_handler::handle(
         }
 
         case config_resource_type::broker:
+            if (!cluster_authorized) {
+                result.error_code = error_code::cluster_authorization_failed;
+                continue;
+            }
             report_broker_config(result);
             break;