[controller] Fix regression in ACL handling for non-secure admin serv…

…er (#1479) VeniceController refactoring, where the DynamicAccessController (DAC) was inadvertently passed to the Admin Server even when SSL was disabled. The presence of a DAC was incorrectly interpreted as ACL checks being enabled, causing the Admin Server to enforce ACLs on both secure and non-secure channels. This happened because a valid DAC was applied universally to both secure and non-secure admin servers. The fix ensures that the DynamicAccessController is no longer passed to the Admin Server when using a non-secure channel. Additionally, when the NoOpDynamicAccessController is set, it is now explicitly treated as a signal that ACL checks are disabled for HTTP requests in the controller. These changes restore the expected behavior.
linkedin · Jan 28, 2025 · 96dba39 · 96dba39
1 parent 5dfe33b
commit 96dba39
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/...ices/venice-controller/src/main/java/com/linkedin/venice/controller/VeniceController.java b/...ices/venice-controller/src/main/java/com/linkedin/venice/controller/VeniceController.java
@@ -206,7 +206,7 @@ AdminSparkServer createAdminServer(boolean secure) {
         secure || multiClusterConfigs.isControllerEnforceSSLOnly(),
         secure ? multiClusterConfigs.getSslConfig() : Optional.empty(),
         secure && multiClusterConfigs.adminCheckReadMethodForKafka(),
-        accessController,
+        secure ? accessController : Optional.empty(),
         multiClusterConfigs.getDisabledRoutes(),
         multiClusterConfigs.getCommonConfig().getJettyConfigOverrides(),
         multiClusterConfigs.getCommonConfig().isDisableParentRequestTopicForStreamPushes(),

diff --git a/.../venice-controller/src/main/java/com/linkedin/venice/controller/server/AbstractRoute.java b/.../venice-controller/src/main/java/com/linkedin/venice/controller/server/AbstractRoute.java
@@ -6,6 +6,7 @@
 
 import com.linkedin.venice.acl.AclException;
 import com.linkedin.venice.acl.DynamicAccessController;
+import com.linkedin.venice.acl.NoOpDynamicAccessController;
 import com.linkedin.venice.exceptions.VeniceException;
 import java.security.cert.X509Certificate;
 import java.util.Optional;
@@ -164,7 +165,7 @@ protected boolean isAclEnabled() {
     /**
      * {@link accessController} will be empty if ACL is not enabled.
      */
-    return accessController.isPresent();
+    return accessController.isPresent() && !(accessController.get() instanceof NoOpDynamicAccessController);
   }
 
   /**