Package org.apache.pulsar.broker.authorization

Interface AuthorizationProvider

All Superinterfaces:

AutoCloseable, Closeable

All Known Implementing Classes:

MultiRolesTokenAuthorizationProvider, PulsarAuthorizationProvider

public interface AuthorizationProvider
extends Closeable

Provider of authorization mechanism.

Method Summary

Modifier and Type	Method	Description
CompletableFuture<Boolean>	allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)	Allow all function operations with in this namespace.
default Boolean	allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, String originalRole, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)	Deprecated.
default Boolean	allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean>	allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String originalRole, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)	Deprecated.
default CompletableFuture<Boolean>	allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)	Check if a given role is allowed to execute a given operation on the namespace.
default Boolean	allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)	Deprecated.
default Boolean	allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)
default CompletableFuture<Boolean>	allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)	Deprecated.
default CompletableFuture<Boolean>	allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)	Check if a given role is allowed to execute a given policy operation on the namespace.
CompletableFuture<Boolean>	allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)	Allow all sink operations with in this namespace.
CompletableFuture<Boolean>	allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)	Allow all source operations with in this namespace.
default Boolean	allowTenantOperation(String tenantName, String originalRole, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)	Deprecated.
default Boolean	allowTenantOperation(String tenantName, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean>	allowTenantOperationAsync(String tenantName, String originalRole, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)	Deprecated.
default CompletableFuture<Boolean>	allowTenantOperationAsync(String tenantName, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)	Check if a given role is allowed to execute a given operation on the tenant.
default Boolean	allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, String originalRole, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)	Deprecated.
default Boolean	allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean>	allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic, String originalRole, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)	Deprecated.
default CompletableFuture<Boolean>	allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)	Check if a given role is allowed to execute a given topic operation on the topic.
default Boolean	allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName, String role, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean>	allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topic, String role, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, AuthenticationDataSource authData)	Check if a given role is allowed to execute a given topic operation on topic's policy.
CompletableFuture<Boolean>	canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription)	Check if the specified role has permission to receive messages from the specified fully qualified topic name.
CompletableFuture<Boolean>	canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)	Check whether the specified role can perform a lookup for the specified topic.
CompletableFuture<Boolean>	canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)	Check if the specified role has permission to send messages to the specified fully qualified topic name.
CompletableFuture<Void>	grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)	Grant authorization-action permission on a namespace to the given client.
CompletableFuture<Void>	grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicName, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)	Grant authorization-action permission on a topic to the given client.
CompletableFuture<Void>	grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, Set<String> roles, String authDataJson)	Grant permission to roles that can access subscription-admin api.
default void	initialize(ServiceConfiguration conf, ConfigurationCacheService configCache)	Deprecated. ConfigurationCacheService is not supported anymore as a way to get access to metadata.
default void	initialize(ServiceConfiguration conf, PulsarResources pulsarResources)	Perform initialization for the authorization provider.
default CompletableFuture<Boolean>	isSuperUser(String role, AuthenticationDataSource authenticationData, ServiceConfiguration serviceConfiguration)	Check if specified role is a super user.
default CompletableFuture<Boolean>	isSuperUser(String role, ServiceConfiguration serviceConfiguration)	Deprecated. Use method isSuperUser(String, AuthenticationDataSource, ServiceConfiguration) Check if specified role is a super user
default CompletableFuture<Boolean>	isTenantAdmin(String tenant, String role, org.apache.pulsar.common.policies.data.TenantInfo tenantInfo, AuthenticationDataSource authenticationData)	Check if specified role is an admin of the tenant.
CompletableFuture<Void>	revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, String role, String authDataJson)	Revoke subscription admin-api access for a role.

Methods inherited from interface java.io.Closeable

close

Method Details

isSuperUser

default CompletableFuture<Boolean> isSuperUser(String role,
 AuthenticationDataSource authenticationData,
 ServiceConfiguration serviceConfiguration)

Check if specified role is a super user.

Parameters:

role - the role to check

authenticationData - authentication data related to the role

Returns:

a CompletableFuture containing a boolean in which true means the role is a super user and false if it is not

isSuperUser

@Deprecated
default CompletableFuture<Boolean> isSuperUser(String role,
 ServiceConfiguration serviceConfiguration)

Deprecated.

Use method isSuperUser(String, AuthenticationDataSource, ServiceConfiguration) Check if specified role is a super user

Parameters:

role - the role to check

Returns:

a CompletableFuture containing a boolean in which true means the role is a super user and false if it is not

isTenantAdmin

default CompletableFuture<Boolean> isTenantAdmin(String tenant,
 String role,
 org.apache.pulsar.common.policies.data.TenantInfo tenantInfo,
 AuthenticationDataSource authenticationData)

Check if specified role is an admin of the tenant.

Parameters:

tenant - the tenant to check

role - the role to check

Returns:

a CompletableFuture containing a boolean in which true means the role is an admin user and false if it is not

initialize

@Deprecated
default void initialize(ServiceConfiguration conf,
 ConfigurationCacheService configCache)
                 throws IOException

Deprecated.

ConfigurationCacheService is not supported anymore as a way to get access to metadata.

Perform initialization for the authorization provider.

Parameters:

conf - broker config object

configCache - pulsar zk configuration cache service

Throws:

IOException - if the initialization fails

See Also:

• initialize(ServiceConfiguration, PulsarResources)

initialize

default void initialize(ServiceConfiguration conf,
 PulsarResources pulsarResources)
                 throws IOException

Perform initialization for the authorization provider.

Parameters:

conf - broker config object

pulsarResources - Resources component for access to metadata

Throws:

IOException - if the initialization fails

canProduceAsync

CompletableFuture<Boolean> canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData)

Check if the specified role has permission to send messages to the specified fully qualified topic name.

Parameters:

topicName - the fully qualified topic name associated with the topic.

role - the app id used to send messages to the topic.

canConsumeAsync

CompletableFuture<Boolean> canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData,
 String subscription)

Check if the specified role has permission to receive messages from the specified fully qualified topic name.

Parameters:

topicName - the fully qualified topic name associated with the topic.

role - the app id used to receive messages from the topic.

subscription - the subscription name defined by the client

canLookupAsync

CompletableFuture<Boolean> canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 AuthenticationDataSource authenticationData)

Check whether the specified role can perform a lookup for the specified topic. For that the caller needs to have producer or consumer permission.

Parameters:

topicName -

role -

Returns:

Throws:

Exception

allowFunctionOpsAsync

CompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 AuthenticationDataSource authenticationData)

Allow all function operations with in this namespace.

Parameters:

namespaceName - The namespace that the function operations can be executed in

role - The role to check

authenticationData - authentication data related to the role

Returns:

a boolean to determine whether authorized or not

allowSourceOpsAsync

CompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 AuthenticationDataSource authenticationData)

Allow all source operations with in this namespace.

Parameters:

namespaceName - The namespace that the sources operations can be executed in

role - The role to check

authenticationData - authentication data related to the role

Returns:

a boolean to determine whether authorized or not

allowSinkOpsAsync

CompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 AuthenticationDataSource authenticationData)

Allow all sink operations with in this namespace.

Parameters:

namespaceName - The namespace that the sink operations can be executed in

role - The role to check

authenticationData - authentication data related to the role

Returns:

a boolean to determine whether authorized or not

grantPermissionAsync

CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
 Set<org.apache.pulsar.common.policies.data.AuthAction> actions,
 String role,
 String authDataJson)

Grant authorization-action permission on a namespace to the given client. NOTE: used to complete with IllegalArgumentException when namespace not found or with IllegalStateException when failed to grant permission. This behavior is now deprecated. Please use the appropriate MetadataStoreException.

Parameters:

namespace -

actions -

role -

authDataJson - additional authdata in json format

Returns:

CompletableFuture

grantSubscriptionPermissionAsync

CompletableFuture<Void> grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
 String subscriptionName,
 Set<String> roles,
 String authDataJson)

Grant permission to roles that can access subscription-admin api.

Parameters:

namespace -

subscriptionName -

roles -

authDataJson - additional authdata in json format

Returns:

revokeSubscriptionPermissionAsync

CompletableFuture<Void> revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
 String subscriptionName,
 String role,
 String authDataJson)

Revoke subscription admin-api access for a role.

Parameters:

namespace -

subscriptionName -

role -

Returns:

grantPermissionAsync

CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicName,
 Set<org.apache.pulsar.common.policies.data.AuthAction> actions,
 String role,
 String authDataJson)

Grant authorization-action permission on a topic to the given client. NOTE: used to complete with IllegalArgumentException when namespace not found or with IllegalStateException when failed to grant permission. This behavior is now deprecated. Please use the appropriate MetadataStoreException.

Parameters:

topicName -

role -

authDataJson - additional authdata in json format

Returns:

CompletableFuture

allowTenantOperationAsync

@Deprecated
default CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName,
 String originalRole,
 String role,
 org.apache.pulsar.common.policies.data.TenantOperation operation,
 AuthenticationDataSource authData)

Deprecated.

Grant authorization-action permission on a tenant to the given client.

Parameters:

tenantName -

originalRole - role not overriden by proxy role if request do pass through proxy

role - originalRole | proxyRole if the request didn't pass through proxy

operation -

authData -

Returns:

CompletableFuture

allowTenantOperation

@Deprecated
default Boolean allowTenantOperation(String tenantName,
 String originalRole,
 String role,
 org.apache.pulsar.common.policies.data.TenantOperation operation,
 AuthenticationDataSource authData)

Deprecated.

allowTenantOperationAsync

default CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName,
 String role,
 org.apache.pulsar.common.policies.data.TenantOperation operation,
 AuthenticationDataSource authData)

Check if a given role is allowed to execute a given operation on the tenant.

Parameters:

tenantName - tenant name

role - role name

operation - tenant operation

authData - authenticated data of the role

Returns:

a completable future represents check result

allowTenantOperation

default Boolean allowTenantOperation(String tenantName,
 String role,
 org.apache.pulsar.common.policies.data.TenantOperation operation,
 AuthenticationDataSource authData)

allowNamespaceOperationAsync

default CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 org.apache.pulsar.common.policies.data.NamespaceOperation operation,
 AuthenticationDataSource authData)

Check if a given role is allowed to execute a given operation on the namespace.

Parameters:

namespaceName - namespace name

role - role name

operation - namespace operation

authData - authenticated data

Returns:

a completable future represents check result

allowNamespaceOperation

default Boolean allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String role,
 org.apache.pulsar.common.policies.data.NamespaceOperation operation,
 AuthenticationDataSource authData)

allowNamespaceOperationAsync

@Deprecated
default CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String originalRole,
 String role,
 org.apache.pulsar.common.policies.data.NamespaceOperation operation,
 AuthenticationDataSource authData)

Deprecated.

Grant authorization-action permission on a namespace to the given client.

Parameters:

namespaceName -

role -

operation -

authData -

Returns:

CompletableFuture

allowNamespaceOperation

@Deprecated
default Boolean allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 String originalRole,
 String role,
 org.apache.pulsar.common.policies.data.NamespaceOperation operation,
 AuthenticationDataSource authData)

Deprecated.

allowNamespacePolicyOperationAsync

default CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String role,
 AuthenticationDataSource authData)

Check if a given role is allowed to execute a given policy operation on the namespace.

Parameters:

namespaceName - namespace name

policy - policy name

operation - policy operation

role - role name

authData - authenticated data

Returns:

a completable future represents check result

allowNamespacePolicyOperation

default Boolean allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String role,
 AuthenticationDataSource authData)

allowNamespacePolicyOperationAsync

@Deprecated
default CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)

Deprecated.

Grant authorization-action permission on a namespace to the given client.

Parameters:

namespaceName -

originalRole - role not overriden by proxy role if request do pass through proxy

role - originalRole | proxyRole if the request didn't pass through proxy

operation -

authData -

Returns:

CompletableFuture

allowNamespacePolicyOperation

@Deprecated
default Boolean allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 String originalRole,
 String role,
 AuthenticationDataSource authData)

Deprecated.

allowTopicOperationAsync

default CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic,
 String role,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 AuthenticationDataSource authData)

Check if a given role is allowed to execute a given topic operation on the topic.

Parameters:

topic - topic name

role - role name

operation - topic operation

authData - authenticated data

Returns:

CompletableFuture

allowTopicOperation

default Boolean allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 AuthenticationDataSource authData)

allowTopicOperationAsync

@Deprecated
default CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic,
 String originalRole,
 String role,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 AuthenticationDataSource authData)

Deprecated.

Grant authorization-action permission on a topic to the given client.

Parameters:

topic -

originalRole - role not overriden by proxy role if request do pass through proxy

role - originalRole | proxyRole if the request didn't pass through proxy

operation -

authData -

Returns:

CompletableFuture

allowTopicOperation

@Deprecated
default Boolean allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName,
 String originalRole,
 String role,
 org.apache.pulsar.common.policies.data.TopicOperation operation,
 AuthenticationDataSource authData)

Deprecated.

allowTopicPolicyOperationAsync

default CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topic,
 String role,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 AuthenticationDataSource authData)

Check if a given role is allowed to execute a given topic operation on topic's policy.

Parameters:

topic - topic name

role - role name

operation - topic operation

authData - authenticated data

Returns:

CompletableFuture

allowTopicPolicyOperation

default Boolean allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName,
 String role,
 org.apache.pulsar.common.policies.data.PolicyName policy,
 org.apache.pulsar.common.policies.data.PolicyOperation operation,
 AuthenticationDataSource authData)