public interface AuthorizationProvider extends Closeable
| Modifier and Type | Method and Description |
|---|---|
CompletableFuture<Boolean> |
allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
String role,
AuthenticationDataSource authenticationData)
Allow all function operations with in this namespace
|
default Boolean |
allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
String role,
org.apache.pulsar.common.policies.data.NamespaceOperation operation,
AuthenticationDataSource authData) |
default Boolean |
allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
String originalRole,
String role,
org.apache.pulsar.common.policies.data.NamespaceOperation operation,
AuthenticationDataSource authData)
Deprecated.
|
default CompletableFuture<Boolean> |
allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
String role,
org.apache.pulsar.common.policies.data.NamespaceOperation operation,
AuthenticationDataSource authData)
Check if a given role is allowed to execute a given operation on the namespace.
|
default CompletableFuture<Boolean> |
allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
String originalRole,
String role,
org.apache.pulsar.common.policies.data.NamespaceOperation operation,
AuthenticationDataSource authData)
Deprecated.
|
default Boolean |
allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
org.apache.pulsar.common.policies.data.PolicyName policy,
org.apache.pulsar.common.policies.data.PolicyOperation operation,
String role,
AuthenticationDataSource authData) |
default Boolean |
allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName,
org.apache.pulsar.common.policies.data.PolicyName policy,
org.apache.pulsar.common.policies.data.PolicyOperation operation,
String originalRole,
String role,
AuthenticationDataSource authData)
Deprecated.
|
default CompletableFuture<Boolean> |
allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
org.apache.pulsar.common.policies.data.PolicyName policy,
org.apache.pulsar.common.policies.data.PolicyOperation operation,
String role,
AuthenticationDataSource authData)
Check if a given role is allowed to execute a given policy operation on the namespace.
|
default CompletableFuture<Boolean> |
allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
org.apache.pulsar.common.policies.data.PolicyName policy,
org.apache.pulsar.common.policies.data.PolicyOperation operation,
String originalRole,
String role,
AuthenticationDataSource authData)
Deprecated.
|
CompletableFuture<Boolean> |
allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
String role,
AuthenticationDataSource authenticationData)
Allow all sink operations with in this namespace
|
CompletableFuture<Boolean> |
allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName,
String role,
AuthenticationDataSource authenticationData)
Allow all source operations with in this namespace
|
default Boolean |
allowTenantOperation(String tenantName,
String originalRole,
String role,
org.apache.pulsar.common.policies.data.TenantOperation operation,
AuthenticationDataSource authData)
Deprecated.
|
default Boolean |
allowTenantOperation(String tenantName,
String role,
org.apache.pulsar.common.policies.data.TenantOperation operation,
AuthenticationDataSource authData) |
default CompletableFuture<Boolean> |
allowTenantOperationAsync(String tenantName,
String originalRole,
String role,
org.apache.pulsar.common.policies.data.TenantOperation operation,
AuthenticationDataSource authData)
Deprecated.
|
default CompletableFuture<Boolean> |
allowTenantOperationAsync(String tenantName,
String role,
org.apache.pulsar.common.policies.data.TenantOperation operation,
AuthenticationDataSource authData)
Check if a given role is allowed to execute a given operation on the tenant.
|
default Boolean |
allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName,
String originalRole,
String role,
org.apache.pulsar.common.policies.data.TopicOperation operation,
AuthenticationDataSource authData)
Deprecated.
|
default Boolean |
allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName,
String role,
org.apache.pulsar.common.policies.data.TopicOperation operation,
AuthenticationDataSource authData) |
default CompletableFuture<Boolean> |
allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic,
String originalRole,
String role,
org.apache.pulsar.common.policies.data.TopicOperation operation,
AuthenticationDataSource authData)
Deprecated.
|
default CompletableFuture<Boolean> |
allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic,
String role,
org.apache.pulsar.common.policies.data.TopicOperation operation,
AuthenticationDataSource authData)
Check if a given role is allowed to execute a given topic operation on the topic.
|
default Boolean |
allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName,
String role,
org.apache.pulsar.common.policies.data.PolicyName policy,
org.apache.pulsar.common.policies.data.PolicyOperation operation,
AuthenticationDataSource authData) |
default CompletableFuture<Boolean> |
allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topic,
String role,
org.apache.pulsar.common.policies.data.PolicyName policy,
org.apache.pulsar.common.policies.data.PolicyOperation operation,
AuthenticationDataSource authData)
Check if a given role is allowed to execute a given topic operation on topic's policy.
|
CompletableFuture<Boolean> |
canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName,
String role,
AuthenticationDataSource authenticationData,
String subscription)
Check if the specified role has permission to receive messages from the specified fully qualified topic name.
|
CompletableFuture<Boolean> |
canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName,
String role,
AuthenticationDataSource authenticationData)
Check whether the specified role can perform a lookup for the specified topic.
|
CompletableFuture<Boolean> |
canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName,
String role,
AuthenticationDataSource authenticationData)
Check if the specified role has permission to send messages to the specified fully qualified topic name.
|
CompletableFuture<Void> |
grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
Set<org.apache.pulsar.common.policies.data.AuthAction> actions,
String role,
String authDataJson)
Grant authorization-action permission on a namespace to the given client
|
CompletableFuture<Void> |
grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicName,
Set<org.apache.pulsar.common.policies.data.AuthAction> actions,
String role,
String authDataJson)
Grant authorization-action permission on a topic to the given client
|
CompletableFuture<Void> |
grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
String subscriptionName,
Set<String> roles,
String authDataJson)
Grant permission to roles that can access subscription-admin api
|
default void |
initialize(ServiceConfiguration conf,
ConfigurationCacheService configCache)
Deprecated.
ConfigurationCacheService is not supported anymore as a way to get access to metadata.
|
default void |
initialize(ServiceConfiguration conf,
PulsarResources pulsarResources)
Perform initialization for the authorization provider
|
default CompletableFuture<Boolean> |
isSuperUser(String role,
AuthenticationDataSource authenticationData,
ServiceConfiguration serviceConfiguration)
Check if specified role is a super user
|
default CompletableFuture<Boolean> |
isSuperUser(String role,
ServiceConfiguration serviceConfiguration)
Deprecated.
Use method
isSuperUser(String, AuthenticationDataSource, ServiceConfiguration)
Check if specified role is a super user |
default CompletableFuture<Boolean> |
isTenantAdmin(String tenant,
String role,
org.apache.pulsar.common.policies.data.TenantInfo tenantInfo,
AuthenticationDataSource authenticationData)
Check if specified role is an admin of the tenant
|
CompletableFuture<Void> |
revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace,
String subscriptionName,
String role,
String authDataJson)
Revoke subscription admin-api access for a role
|
default CompletableFuture<Boolean> isSuperUser(String role, AuthenticationDataSource authenticationData, ServiceConfiguration serviceConfiguration)
role - the role to checkauthenticationData - authentication data related to the roledefault CompletableFuture<Boolean> isSuperUser(String role, ServiceConfiguration serviceConfiguration)
isSuperUser(String, AuthenticationDataSource, ServiceConfiguration)
Check if specified role is a super userrole - the role to checkdefault CompletableFuture<Boolean> isTenantAdmin(String tenant, String role, org.apache.pulsar.common.policies.data.TenantInfo tenantInfo, AuthenticationDataSource authenticationData)
tenant - the tenant to checkrole - the role to check@Deprecated default void initialize(ServiceConfiguration conf, ConfigurationCacheService configCache) throws IOException
conf - broker config objectconfigCache - pulsar zk configuration cache serviceIOException - if the initialization failsinitialize(ServiceConfiguration, PulsarResources)default void initialize(ServiceConfiguration conf, PulsarResources pulsarResources) throws IOException
conf - broker config objectpulsarResources - Resources component for access to metadataIOException - if the initialization failsCompletableFuture<Boolean> canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)
topicName - the fully qualified topic name associated with the topic.role - the app id used to send messages to the topic.CompletableFuture<Boolean> canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription)
topicName - the fully qualified topic name associated with the topic.role - the app id used to receive messages from the topic.subscription - the subscription name defined by the clientCompletableFuture<Boolean> canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData)
topicName - role - ExceptionCompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)
namespaceName - The namespace that the function operations can be executed inrole - The role to checkauthenticationData - authentication data related to the roleCompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)
namespaceName - The namespace that the sources operations can be executed inrole - The role to checkauthenticationData - authentication data related to the roleCompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData)
namespaceName - The namespace that the sink operations can be executed inrole - The role to checkauthenticationData - authentication data related to the roleCompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)
namespace - actions - role - authDataJson - additional authdata in json formatCompletableFuture<Void> grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, Set<String> roles, String authDataJson)
namespace - subscriptionName - roles - authDataJson - additional authdata in json formatCompletableFuture<Void> revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, String role, String authDataJson)
namespace - subscriptionName - role - CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicName, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson)
topicName - role - authDataJson - additional authdata in json format@Deprecated default CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, String originalRole, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)
tenantName - originalRole - role not overriden by proxy role if request do pass through proxyrole - originalRole | proxyRole if the request didn't pass through proxyoperation - authData - @Deprecated default Boolean allowTenantOperation(String tenantName, String originalRole, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)
tenantName - tenant namerole - role nameoperation - tenant operationauthData - authenticated data of the roledefault Boolean allowTenantOperation(String tenantName, String role, org.apache.pulsar.common.policies.data.TenantOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)
namespaceName - namespace namerole - role nameoperation - namespace operationauthData - authenticated datadefault Boolean allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)
@Deprecated default CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String originalRole, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)
namespaceName - role - operation - authData - @Deprecated default Boolean allowNamespaceOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, String originalRole, String role, org.apache.pulsar.common.policies.data.NamespaceOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)
namespaceName - namespace namepolicy - policy nameoperation - policy operationrole - role nameauthData - authenticated datadefault Boolean allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData)
@Deprecated default CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)
namespaceName - originalRole - role not overriden by proxy role if request do pass through proxyrole - originalRole | proxyRole if the request didn't pass through proxyoperation - authData - @Deprecated default Boolean allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData)
default CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)
topic - topic namerole - role nameoperation - topic operationauthData - authenticated datadefault Boolean allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)
@Deprecated default CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topic, String originalRole, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)
topic - originalRole - role not overriden by proxy role if request do pass through proxyrole - originalRole | proxyRole if the request didn't pass through proxyoperation - authData - @Deprecated default Boolean allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, String originalRole, String role, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationDataSource authData)
default CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topic, String role, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, AuthenticationDataSource authData)
topic - topic namerole - role nameoperation - topic operationauthData - authenticated datadefault Boolean allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName, String role, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, AuthenticationDataSource authData)
Copyright © 2017–2021 Apache Software Foundation. All rights reserved.