io.confluent.kafka.security.authorizer.acl

Class AclProvider

java.lang.Object

kafka.security.authorizer.AclAuthorizer

io.confluent.kafka.security.authorizer.acl.AclProvider

All Implemented Interfaces:

ExtendedAccessRuleProvider, io.confluent.security.authorizer.provider.AccessRuleProvider, io.confluent.security.authorizer.provider.Provider, Closeable, AutoCloseable, kafka.metrics.KafkaMetricsGroup, kafka.utils.Logging, org.apache.kafka.common.Configurable, org.apache.kafka.server.authorizer.Authorizer

public class AclProvider
extends kafka.security.authorizer.AclAuthorizer
implements ExtendedAccessRuleProvider

AclProvider implementation for ACLs stored in Zookeeper.

Nested Class Summary

Nested classes/interfaces inherited from class kafka.security.authorizer.AclAuthorizer

kafka.security.authorizer.AclAuthorizer.AclCacheTuple, kafka.security.authorizer.AclAuthorizer.AclCacheTuple$, kafka.security.authorizer.AclAuthorizer.AclChangedNotificationHandler$, kafka.security.authorizer.AclAuthorizer.AclSeqs, kafka.security.authorizer.AclAuthorizer.ResourceOrdering, kafka.security.authorizer.AclAuthorizer.VersionedAcls, kafka.security.authorizer.AclAuthorizer.VersionedAcls$

Constructor Summary

Constructors

Constructor and Description
AclProvider()

Method Summary

Modifier and Type	Method and Description
void	addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.authorizer.Operation operation, io.confluent.security.authorizer.Scope resourceScope, io.confluent.security.authorizer.ResourceType resourceType)
Optional<org.apache.kafka.server.authorizer.Authorizer>	asAuthorizer()
List<org.apache.kafka.server.authorizer.AuthorizationResult>	authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
io.confluent.security.authorizer.provider.AuthorizeRule	findRule(Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.authorizer.Action action)
boolean	isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)
boolean	mayDeny()
String	providerName()
Map<org.apache.kafka.common.Endpoint,CompletableFuture<Void>>	start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
CompletionStage<Void>	start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo, Map<String,?> interBrokerListenerConfigs)
void	updateCache(org.apache.kafka.common.resource.ResourcePattern resource, kafka.security.authorizer.AclAuthorizer.VersionedAcls versionedAcls)
boolean	usesMetadataFromThisKafkaCluster()

Methods inherited from class kafka.security.authorizer.AclAuthorizer

aclCacheSnapshot, AclCacheTuple, AclChangedNotificationHandler, aclChangeNotificationExpirationMs_$eq, aclChangeNotificationExpirationMs, aclCount, acls, AllowEveryoneIfNoAclIsFoundProp, authorizeByResourceType, authorizerLogger, close, configPrefix, configure, createAcls, createAcls, debug, debug, deleteAcls, deleteAcls, error, error, explicitMetricName, fatal, fatal, findMatchingAclForPrincipal, findMatchingAclFromCacheByPrincipals, hasAclForResource, info, info, isDebugEnabled, isSuperUser, isTraceEnabled, logAuditMessage, logger, loggerName, logIdent_$eq, logIdent, matchingAcls, maxUpdateRetries_$eq, maxUpdateRetries, metricName, msgWithLogIdent, newGauge, newGauge, newGauge$default$3, newHistogram, newHistogram$default$2, newHistogram$default$3, newMeter, newMeter, newMeter$default$4, newTimer, newTimer$default$4, NoAcls, processAclChangeNotification, registerAclUpdateListener, removeMetric, removeMetric, removeMetric$default$2, shouldCheckResourceAclExistence, startZkChangeListeners, SuperUsersProp, trace, trace, validateAclCaches, warn, warn, WildcardHost, ZkConnectionTimeOutProp, ZkMaxInFlightRequests, ZkSessionTimeOutProp, ZkUrlProp

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.confluent.kafka.security.authorizer.acl.ExtendedAccessRuleProvider

addMatchingRules, findRule

Methods inherited from interface org.apache.kafka.common.Configurable

configure

Methods inherited from interface java.io.Closeable

close

Methods inherited from interface kafka.metrics.KafkaMetricsGroup

$init$

Methods inherited from interface kafka.utils.Logging

$init$

Constructor Detail

AclProvider

public AclProvider()

Method Detail

providerName

public String providerName()

Specified by:

providerName in interface io.confluent.security.authorizer.provider.Provider

isSuperUser

public boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                           io.confluent.security.authorizer.Scope scope)

Specified by:

isSuperUser in interface io.confluent.security.authorizer.provider.AccessRuleProvider

mayDeny

public boolean mayDeny()

Specified by:

mayDeny in interface io.confluent.security.authorizer.provider.AccessRuleProvider

usesMetadataFromThisKafkaCluster

public boolean usesMetadataFromThisKafkaCluster()

Specified by:

usesMetadataFromThisKafkaCluster in interface io.confluent.security.authorizer.provider.Provider

findRule

public io.confluent.security.authorizer.provider.AuthorizeRule findRule(Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals,
                                                                        String host,
                                                                        io.confluent.security.authorizer.Action action)

Specified by:

findRule in interface ExtendedAccessRuleProvider

addMatchingRules

public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules,
                             Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals,
                             String host,
                             io.confluent.security.authorizer.Operation operation,
                             io.confluent.security.authorizer.Scope resourceScope,
                             io.confluent.security.authorizer.ResourceType resourceType)

Specified by:

addMatchingRules in interface ExtendedAccessRuleProvider

start

public CompletionStage<Void> start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo,
                                   Map<String,?> interBrokerListenerConfigs)

Specified by:

start in interface io.confluent.security.authorizer.provider.Provider

start

public Map<org.apache.kafka.common.Endpoint,CompletableFuture<Void>> start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)

Specified by:

start in interface org.apache.kafka.server.authorizer.Authorizer

Overrides:

start in class kafka.security.authorizer.AclAuthorizer

authorize

public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                              List<org.apache.kafka.server.authorizer.Action> actions)

Specified by:

authorize in interface org.apache.kafka.server.authorizer.Authorizer

Overrides:

authorize in class kafka.security.authorizer.AclAuthorizer

updateCache

public void updateCache(org.apache.kafka.common.resource.ResourcePattern resource,
                        kafka.security.authorizer.AclAuthorizer.VersionedAcls versionedAcls)

Overrides:

updateCache in class kafka.security.authorizer.AclAuthorizer

asAuthorizer

public Optional<org.apache.kafka.server.authorizer.Authorizer> asAuthorizer()

Specified by:

asAuthorizer in interface io.confluent.security.authorizer.provider.AccessRuleProvider