io.confluent.kafka.security.authorizer

Class ConfluentServerAuthorizer

java.lang.Object

io.confluent.security.authorizer.EmbeddedAuthorizer

io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer

All Implemented Interfaces:

io.confluent.security.authorizer.Authorizer, Closeable, AutoCloseable, org.apache.kafka.common.Configurable, org.apache.kafka.common.Reconfigurable, org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

Direct Known Subclasses:

LdapAuthorizer, MultiTenantAuthorizer

public class ConfluentServerAuthorizer
extends io.confluent.security.authorizer.EmbeddedAuthorizer
implements org.apache.kafka.server.authorizer.Authorizer, org.apache.kafka.common.Reconfigurable, org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
protected static class	ConfluentServerAuthorizer.AclAuthorizers

Nested classes/interfaces inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

io.confluent.security.authorizer.EmbeddedAuthorizer.AuthorizationContext, io.confluent.security.authorizer.EmbeddedAuthorizer.AuthorizerMetrics

Field Summary

Fields inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

accessRuleProviders, allowEveryoneIfNoAcl, authorizerConfig, authorizerMetrics, brokerUsers, clusterId, initTimeout, interBrokerListener, log, providersCreated, ready, scope

Constructor Summary

Constructors

Constructor and Description
ConfluentServerAuthorizer()

Method Summary

Modifier and Type	Method and Description
int	aclCount()
org.apache.kafka.metadata.authorizer.AclMutator	aclMutatorOrException()
Iterable<org.apache.kafka.common.acl.AclBinding>	acls(org.apache.kafka.common.acl.AclBindingFilter filter)
void	addAcl(org.apache.kafka.common.Uuid id, org.apache.kafka.metadata.authorizer.ConfluentStandardAcl acl)
List<org.apache.kafka.server.authorizer.AuthorizationResult>	authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
org.apache.kafka.server.authorizer.AuthorizationResult	authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, org.apache.kafka.common.acl.AclOperation op, org.apache.kafka.common.resource.ResourceType resourceType)
io.confluent.security.authorizer.Action	buildAction(org.apache.kafka.server.authorizer.Action kafkaAction, org.apache.kafka.common.resource.ResourcePattern kafkaResourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)
protected ConfluentServerAuthorizer.AclAuthorizers	collectAuthorizers()
void	completeInitialLoad()
void	completeInitialLoad(Exception e)
void	configure(Map<String,?> configs)
void	configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>	createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>	createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> clusterId)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>	deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>	deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Optional<String> clusterId)
void	loadSnapshot(Map<org.apache.kafka.common.Uuid,org.apache.kafka.metadata.authorizer.ConfluentStandardAcl> acls)
Set<String>	reconfigurableConfigs()
void	reconfigure(Map<String,?> configs)
void	removeAcl(org.apache.kafka.common.Uuid id)
void	setAclMutator(org.apache.kafka.metadata.authorizer.AclMutator aclMutator)
Map<org.apache.kafka.common.Endpoint,? extends CompletionStage<Void>>	start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
void	validateReconfiguration(Map<String,?> configs)

Methods inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

accessRuleProvider, accessRuleProviders, actionForAuthorizeByResourceType, auditLogProvider, authorize, authorizeByResourceType, close, configureProviders, futureOrTimeout, groupProvider, isSuperUser, logAuditMessage, metadataProvider, metrics, metricsTime, ready, scope, setupAuthorizerMetrics, start

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.io.Closeable

close

Methods inherited from interface io.confluent.security.authorizer.Authorizer

authorize, authorize

Constructor Detail

ConfluentServerAuthorizer

public ConfluentServerAuthorizer()

Method Detail

configure

public void configure(Map<String,?> configs)

Specified by:

configure in interface org.apache.kafka.common.Configurable

Overrides:

configure in class io.confluent.security.authorizer.EmbeddedAuthorizer

reconfigurableConfigs

public Set<String> reconfigurableConfigs()

Specified by:

reconfigurableConfigs in interface org.apache.kafka.common.Reconfigurable

validateReconfiguration

public void validateReconfiguration(Map<String,?> configs)
                             throws org.apache.kafka.common.config.ConfigException

Specified by:

validateReconfiguration in interface org.apache.kafka.common.Reconfigurable

Throws:

org.apache.kafka.common.config.ConfigException

reconfigure

public void reconfigure(Map<String,?> configs)

Specified by:

reconfigure in interface org.apache.kafka.common.Reconfigurable

configureServerInfo

public void configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)

Overrides:

configureServerInfo in class io.confluent.security.authorizer.EmbeddedAuthorizer

collectAuthorizers

protected ConfluentServerAuthorizer.AclAuthorizers collectAuthorizers()

start

public Map<org.apache.kafka.common.Endpoint,? extends CompletionStage<Void>> start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)

authorize

public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                              List<org.apache.kafka.server.authorizer.Action> actions)

authorizeByResourceType

public org.apache.kafka.server.authorizer.AuthorizationResult authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                      org.apache.kafka.common.acl.AclOperation op,
                                                                                      org.apache.kafka.common.resource.ResourceType resourceType)

setAclMutator

public void setAclMutator(org.apache.kafka.metadata.authorizer.AclMutator aclMutator)

Specified by:

setAclMutator in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

aclMutatorOrException

public org.apache.kafka.metadata.authorizer.AclMutator aclMutatorOrException()

Specified by:

aclMutatorOrException in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

completeInitialLoad

public void completeInitialLoad()

Specified by:

completeInitialLoad in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

completeInitialLoad

public void completeInitialLoad(Exception e)

Specified by:

completeInitialLoad in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

loadSnapshot

public void loadSnapshot(Map<org.apache.kafka.common.Uuid,org.apache.kafka.metadata.authorizer.ConfluentStandardAcl> acls)

Specified by:

loadSnapshot in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

addAcl

public void addAcl(org.apache.kafka.common.Uuid id,
                   org.apache.kafka.metadata.authorizer.ConfluentStandardAcl acl)

Specified by:

addAcl in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

removeAcl

public void removeAcl(org.apache.kafka.common.Uuid id)

Specified by:

removeAcl in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

createAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBinding> aclBindings)

Specified by:

createAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

createAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBinding> aclBindings,
                                                                                                      Optional<String> clusterId)

deleteAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)

Specified by:

deleteAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

deleteAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters,
                                                                                                      Optional<String> clusterId)

acls

public Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)

aclCount

public int aclCount()

buildAction

public io.confluent.security.authorizer.Action buildAction(org.apache.kafka.server.authorizer.Action kafkaAction,
                                                           org.apache.kafka.common.resource.ResourcePattern kafkaResourcePattern,
                                                           org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                                                           io.confluent.security.authorizer.Scope scope)