io.confluent.kafka.multitenant.authorizer

Class MultiTenantAuthorizer

java.lang.Object

io.confluent.security.authorizer.EmbeddedAuthorizer

io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer

io.confluent.kafka.multitenant.authorizer.MultiTenantAuthorizer

All Implemented Interfaces:

io.confluent.security.authorizer.Authorizer, Closeable, AutoCloseable, org.apache.kafka.common.Configurable, org.apache.kafka.common.Reconfigurable

public class MultiTenantAuthorizer
extends ConfluentServerAuthorizer

Nested Class Summary

Nested classes/interfaces inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

io.confluent.security.authorizer.EmbeddedAuthorizer.AuthorizationContext, io.confluent.security.authorizer.EmbeddedAuthorizer.AuthorizerMetrics

Field Summary

Fields

Modifier and Type	Field and Description
static String	MAX_ACLS_PER_TENANT_PROP

Fields inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

authorizerConfig, brokerUsers, interBrokerListener, log, providersCreated

Constructor Summary

Constructors

Constructor and Description
MultiTenantAuthorizer()

Method Summary

Modifier and Type	Method and Description
Iterable<org.apache.kafka.common.acl.AclBinding>	acls(org.apache.kafka.common.acl.AclBindingFilter filter)
List<org.apache.kafka.server.authorizer.AuthorizationResult>	authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
void	configure(Map<String,?> configs)
void	configureAccessRuleProviders(Map<String,Object> configs)
protected void	configureProviders(List<io.confluent.security.authorizer.provider.AccessRuleProvider> accessRuleProviders, io.confluent.security.authorizer.provider.GroupProvider groupProvider, io.confluent.security.authorizer.provider.MetadataProvider metadataProvider, org.apache.kafka.server.audit.AuditLogProvider auditLogProvider)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>	createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>	deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
boolean	isAuditLogEnabled()
protected boolean	isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal userOrGroupPrincipal, io.confluent.security.authorizer.Action action)

Methods inherited from class io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer

authorizeByResourceType, centralizedAclProvider, configureServerInfo, createAcls, deleteAcls, reconfigurableConfigs, reconfigure, start, validateReconfiguration, zkAclProvider

Methods inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

accessRuleProvider, accessRuleProviders, auditLogProvider, authorize, authorizeByResourceType, close, groupProvider, logAuditMessage, metadataProvider, metrics, metricsTime, ready, scope, setupAuthorizerMetrics, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.io.Closeable

close

Methods inherited from interface io.confluent.security.authorizer.Authorizer

authorize

Field Detail

MAX_ACLS_PER_TENANT_PROP

public static final String MAX_ACLS_PER_TENANT_PROP

See Also:

Constant Field Values

Constructor Detail

MultiTenantAuthorizer

public MultiTenantAuthorizer()

Method Detail

configureAccessRuleProviders

public void configureAccessRuleProviders(Map<String,Object> configs)

configure

public void configure(Map<String,?> configs)

Specified by:

configure in interface org.apache.kafka.common.Configurable

Overrides:

configure in class io.confluent.security.authorizer.EmbeddedAuthorizer

authorize

public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                              List<org.apache.kafka.server.authorizer.Action> actions)

Overrides:

authorize in class ConfluentServerAuthorizer

isSuperUser

protected boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
                              org.apache.kafka.common.security.auth.KafkaPrincipal userOrGroupPrincipal,
                              io.confluent.security.authorizer.Action action)

Overrides:

isSuperUser in class io.confluent.security.authorizer.EmbeddedAuthorizer

createAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBinding> aclBindings)

Overrides:

createAcls in class ConfluentServerAuthorizer

deleteAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)

Overrides:

deleteAcls in class ConfluentServerAuthorizer

acls

public Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)

Overrides:

acls in class ConfluentServerAuthorizer

configureProviders

protected void configureProviders(List<io.confluent.security.authorizer.provider.AccessRuleProvider> accessRuleProviders,
                                  io.confluent.security.authorizer.provider.GroupProvider groupProvider,
                                  io.confluent.security.authorizer.provider.MetadataProvider metadataProvider,
                                  org.apache.kafka.server.audit.AuditLogProvider auditLogProvider)

Overrides:

configureProviders in class io.confluent.security.authorizer.EmbeddedAuthorizer

isAuditLogEnabled

public boolean isAuditLogEnabled()