public class MultiTenantAuthorizer extends ConfluentServerAuthorizer
Modifier and Type | Field and Description |
---|---|
static String |
MAX_ACLS_PER_TENANT_PROP |
Constructor and Description |
---|
MultiTenantAuthorizer() |
Modifier and Type | Method and Description |
---|---|
Iterable<org.apache.kafka.common.acl.AclBinding> |
acls(org.apache.kafka.common.acl.AclBindingFilter filter) |
protected io.confluent.security.authorizer.Action |
actionForAuthorizeByResourceType(io.confluent.security.authorizer.RequestContext requestContext,
io.confluent.security.authorizer.Operation operation,
io.confluent.security.authorizer.ResourceType resourceType) |
List<org.apache.kafka.server.authorizer.AuthorizationResult> |
authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.server.authorizer.Action> actions) |
void |
configure(Map<String,?> configs) |
void |
configureAccessRuleProviders(Map<String,Object> configs) |
protected void |
configureProviders(List<io.confluent.security.authorizer.provider.AccessRuleProvider> accessRuleProviders,
io.confluent.security.authorizer.provider.GroupProvider groupProvider,
io.confluent.security.authorizer.provider.MetadataProvider metadataProvider,
org.apache.kafka.server.audit.AuditLogProvider auditLogProvider) |
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> |
createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.common.acl.AclBinding> aclBindings) |
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> |
createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.common.acl.AclBinding> aclBindings,
Optional<String> clusterId) |
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> |
deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters) |
io.confluent.security.authorizer.Action |
getAction(org.apache.kafka.server.authorizer.Action kafkaAction,
io.confluent.security.authorizer.ResourcePattern resourcePattern,
org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal) |
boolean |
isAuditLogEnabled() |
protected boolean |
isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
org.apache.kafka.common.security.auth.KafkaPrincipal userOrGroupPrincipal,
io.confluent.security.authorizer.Action action) |
static boolean |
isSuperUser(io.confluent.kafka.multitenant.MultiTenantPrincipal tenantPrincipal,
io.confluent.security.authorizer.Action action,
boolean authorizationDisabled,
boolean enableDataplaneRbacForPKC,
boolean oauthSuperUserDisable) |
authorizeByResourceType, centralizedAclProvider, configureServerInfo, deleteAcls, reconfigurableConfigs, reconfigure, start, validateReconfiguration, zkAclProvider
accessRuleProvider, accessRuleProviders, auditLogProvider, authorize, authorizeByResourceType, close, groupProvider, logAuditMessage, metadataProvider, metrics, metricsTime, ready, scope, setupAuthorizerMetrics, start
public static final String MAX_ACLS_PER_TENANT_PROP
public void configure(Map<String,?> configs)
configure
in interface org.apache.kafka.common.Configurable
configure
in class ConfluentServerAuthorizer
public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
authorize
in class ConfluentServerAuthorizer
protected boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal userOrGroupPrincipal, io.confluent.security.authorizer.Action action)
isSuperUser
in class io.confluent.security.authorizer.EmbeddedAuthorizer
public static boolean isSuperUser(io.confluent.kafka.multitenant.MultiTenantPrincipal tenantPrincipal, io.confluent.security.authorizer.Action action, boolean authorizationDisabled, boolean enableDataplaneRbacForPKC, boolean oauthSuperUserDisable)
protected io.confluent.security.authorizer.Action actionForAuthorizeByResourceType(io.confluent.security.authorizer.RequestContext requestContext, io.confluent.security.authorizer.Operation operation, io.confluent.security.authorizer.ResourceType resourceType)
actionForAuthorizeByResourceType
in class io.confluent.security.authorizer.EmbeddedAuthorizer
public io.confluent.security.authorizer.Action getAction(org.apache.kafka.server.authorizer.Action kafkaAction, io.confluent.security.authorizer.ResourcePattern resourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal)
getAction
in class ConfluentServerAuthorizer
public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
createAcls
in class ConfluentServerAuthorizer
public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> clusterId)
createAcls
in class ConfluentServerAuthorizer
public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
deleteAcls
in class ConfluentServerAuthorizer
public Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)
acls
in class ConfluentServerAuthorizer
protected void configureProviders(List<io.confluent.security.authorizer.provider.AccessRuleProvider> accessRuleProviders, io.confluent.security.authorizer.provider.GroupProvider groupProvider, io.confluent.security.authorizer.provider.MetadataProvider metadataProvider, org.apache.kafka.server.audit.AuditLogProvider auditLogProvider)
configureProviders
in class io.confluent.security.authorizer.EmbeddedAuthorizer
public boolean isAuditLogEnabled()