DefaultAuthCache (ce-auth-providers 7.3.15-ce API)

java.lang.Object
- io.confluent.security.auth.store.cache.DefaultAuthCache

All Implemented Interfaces:

io.confluent.security.auth.metadata.AuthCache, io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>, io.confluent.security.trustservice.store.TrustCache
```
public class DefaultAuthCache
extends Object
implements io.confluent.security.auth.metadata.AuthCache, io.confluent.security.trustservice.store.TrustCache, io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>
```
Cache containing authorization and authentication metadata. This is obtained from a Kafka metadata topic. Assumptions:
- Updates are on a single thread, but access policies and bindings may be read from different threads concurrently.
- Single-writer model ensures that we can perform updates and deletes at resource level for role bindings, for example to add a resource to an existing role binding.

Nested Class Summary
- Nested classes/interfaces inherited from interface io.confluent.security.auth.metadata.AuthCache
  io.confluent.security.auth.metadata.AuthCache.Result

Constructor Summary

Constructors
Constructor and Description
`DefaultAuthCache(io.confluent.security.rbac.RbacRoles rbacRoles, io.confluent.security.authorizer.Scope rootScope)`
`DefaultAuthCache(io.confluent.security.rbac.RbacRoles rbacRoles, io.confluent.security.authorizer.Scope rootScope, boolean supportCentralizedAcls)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`Collection<org.apache.kafka.common.acl.AclBinding>`	`aclBindings(io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.acl.AclBindingFilter aclBindingFilter, Predicate<io.confluent.security.authorizer.ResourcePattern> resourceAccess)`
`Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>>`	`aclRules(io.confluent.security.authorizer.Scope scope)`
`void`	`addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Operation operation, io.confluent.security.authorizer.Scope resourceScope, io.confluent.security.authorizer.ResourceType resourceType)`
`void`	`fail(int partition, String errorMessage)`
`io.confluent.security.authorizer.provider.AuthorizeRule`	`findRule(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Action action)`
`io.confluent.security.auth.store.data.AuthValue`	`get(io.confluent.security.auth.store.data.AuthKey key)`
`Set<org.apache.kafka.common.security.auth.KafkaPrincipal>`	`groups(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal)` Returns the groups of the provided user principal.
`io.confluent.security.auth.metadata.AuthCache.Result`	`healthcheck()`
`io.confluent.security.trustservice.store.data.IdentityPool`	`identityPool(String poolId)`
`Map<String,io.confluent.security.trustservice.store.data.IdentityPool>`	`identityPools()`
`org.jose4j.jwk.JsonWebKeySet`	`jsonWebKeySet(String jwtIssuer)`
`Map<String,org.jose4j.jwk.JsonWebKeySet>`	`jsonWebKeySets()`
`Set<io.confluent.security.authorizer.Scope>`	`knownScopes()`
`Map<? extends io.confluent.security.auth.store.data.AuthKey,? extends io.confluent.security.auth.store.data.AuthValue>`	`map(String type)`
`io.confluent.security.auth.store.data.AuthValue`	`put(io.confluent.security.auth.store.data.AuthKey key, io.confluent.security.auth.store.data.AuthValue value)`
`Set<io.confluent.security.rbac.RoleBinding>`	`rbacRoleBindings(org.apache.kafka.common.security.auth.KafkaPrincipal principal)`
`Set<io.confluent.security.rbac.RoleBinding>`	`rbacRoleBindings(org.apache.kafka.common.security.auth.KafkaPrincipal principal, Set<io.confluent.security.authorizer.Scope> scopes)`
`Set<io.confluent.security.rbac.RoleBinding>`	`rbacRoleBindings(io.confluent.security.rbac.RoleBindingFilter filter)`
`Set<io.confluent.security.rbac.RoleBinding>`	`rbacRoleBindings(io.confluent.security.authorizer.Scope scope)`
`Set<io.confluent.security.rbac.RoleBinding>`	`rbacRoleBindings(Set<io.confluent.security.authorizer.Scope> scopes)`
`io.confluent.security.rbac.RbacRoles`	`rbacRoles()`
`io.confluent.security.auth.store.data.AuthValue`	`remove(io.confluent.security.auth.store.data.AuthKey key)`
`io.confluent.security.authorizer.Scope`	`rootScope()`
`io.confluent.security.store.MetadataStoreStatus`	`status(int partition)`
`int`	`totalAclAccessRules()`
`long`	`totalIdentityPools()`
`int`	`totalJwtIssuers()`
`int`	`totalRbacAccessRules()`
`int`	`totalRoleBindings()`
`io.confluent.security.rbac.UserMetadata`	`userMetadata(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal)`
`Map<org.apache.kafka.common.security.auth.KafkaPrincipal,io.confluent.security.rbac.UserMetadata>`	`users()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultAuthCache

public DefaultAuthCache(io.confluent.security.rbac.RbacRoles rbacRoles,
                        io.confluent.security.authorizer.Scope rootScope)

DefaultAuthCache

public DefaultAuthCache(io.confluent.security.rbac.RbacRoles rbacRoles,
                        io.confluent.security.authorizer.Scope rootScope,
                        boolean supportCentralizedAcls)

Method Detail

groups
```
public Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groups(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal)
```
Returns the groups of the provided user principal.

Specified by:

groups in interface io.confluent.security.auth.metadata.AuthCache

Parameters:

userPrincipal - User principal

Returns:

Set of group principals of the user, which may be empty

rbacRoleBindings

public Set<io.confluent.security.rbac.RoleBinding> rbacRoleBindings(io.confluent.security.authorizer.Scope scope)

Specified by:: rbacRoleBindings in interface io.confluent.security.auth.metadata.AuthCache

rbacRoleBindings

public Set<io.confluent.security.rbac.RoleBinding> rbacRoleBindings(Set<io.confluent.security.authorizer.Scope> scopes)

Specified by:: rbacRoleBindings in interface io.confluent.security.auth.metadata.AuthCache

rbacRoleBindings

public Set<io.confluent.security.rbac.RoleBinding> rbacRoleBindings(io.confluent.security.rbac.RoleBindingFilter filter)

Specified by:: rbacRoleBindings in interface io.confluent.security.auth.metadata.AuthCache

rbacRoleBindings

public Set<io.confluent.security.rbac.RoleBinding> rbacRoleBindings(org.apache.kafka.common.security.auth.KafkaPrincipal principal)

Specified by:: rbacRoleBindings in interface io.confluent.security.auth.metadata.AuthCache

rbacRoleBindings

public Set<io.confluent.security.rbac.RoleBinding> rbacRoleBindings(org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                                                                    Set<io.confluent.security.authorizer.Scope> scopes)

Specified by:: rbacRoleBindings in interface io.confluent.security.auth.metadata.AuthCache

jsonWebKeySets
```
public Map<String,org.jose4j.jwk.JsonWebKeySet> jsonWebKeySets()
```
Specified by:

jsonWebKeySets in interface io.confluent.security.trustservice.store.TrustCache

jsonWebKeySet
```
public org.jose4j.jwk.JsonWebKeySet jsonWebKeySet(String jwtIssuer)
```
Specified by:

jsonWebKeySet in interface io.confluent.security.trustservice.store.TrustCache

identityPool
```
public io.confluent.security.trustservice.store.data.IdentityPool identityPool(String poolId)
```
Specified by:

identityPool in interface io.confluent.security.trustservice.store.TrustCache

identityPools
```
public Map<String,io.confluent.security.trustservice.store.data.IdentityPool> identityPools()
```
Specified by:

identityPools in interface io.confluent.security.trustservice.store.TrustCache

userMetadata

public io.confluent.security.rbac.UserMetadata userMetadata(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal)

Specified by:: userMetadata in interface io.confluent.security.auth.metadata.AuthCache

users

public Map<org.apache.kafka.common.security.auth.KafkaPrincipal,io.confluent.security.rbac.UserMetadata> users()

Specified by:: users in interface io.confluent.security.auth.metadata.AuthCache

knownScopes
```
public Set<io.confluent.security.authorizer.Scope> knownScopes()
```
Specified by:

knownScopes in interface io.confluent.security.auth.metadata.AuthCache

rootScope
```
public io.confluent.security.authorizer.Scope rootScope()
```
Specified by:

rootScope in interface io.confluent.security.auth.metadata.AuthCache

rbacRoles
```
public io.confluent.security.rbac.RbacRoles rbacRoles()
```
Specified by:

rbacRoles in interface io.confluent.security.auth.metadata.AuthCache

aclRules

public Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> aclRules(io.confluent.security.authorizer.Scope scope)

Specified by:: aclRules in interface io.confluent.security.auth.metadata.AuthCache

aclBindings

public Collection<org.apache.kafka.common.acl.AclBinding> aclBindings(io.confluent.security.authorizer.Scope scope,
                                                                      org.apache.kafka.common.acl.AclBindingFilter aclBindingFilter,
                                                                      Predicate<io.confluent.security.authorizer.ResourcePattern> resourceAccess)

Specified by:: aclBindings in interface io.confluent.security.auth.metadata.AuthCache

findRule

public io.confluent.security.authorizer.provider.AuthorizeRule findRule(org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal,
                                                                        Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                                                                        String host,
                                                                        io.confluent.security.authorizer.Action action)

Specified by:: findRule in interface io.confluent.security.auth.metadata.AuthCache

addMatchingRules

public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules,
                             org.apache.kafka.common.security.auth.KafkaPrincipal userPrincipal,
                             Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                             String host,
                             io.confluent.security.authorizer.Operation operation,
                             io.confluent.security.authorizer.Scope resourceScope,
                             io.confluent.security.authorizer.ResourceType resourceType)

Specified by:: addMatchingRules in interface io.confluent.security.auth.metadata.AuthCache

healthcheck
```
public io.confluent.security.auth.metadata.AuthCache.Result healthcheck()
```
Specified by:

healthcheck in interface io.confluent.security.auth.metadata.AuthCache

get
```
public io.confluent.security.auth.store.data.AuthValue get(io.confluent.security.auth.store.data.AuthKey key)
```
Specified by:

get in interface io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>

put

public io.confluent.security.auth.store.data.AuthValue put(io.confluent.security.auth.store.data.AuthKey key,
                                                           io.confluent.security.auth.store.data.AuthValue value)

Specified by:: put in interface io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>

remove
```
public io.confluent.security.auth.store.data.AuthValue remove(io.confluent.security.auth.store.data.AuthKey key)
```
Specified by:

remove in interface io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>

map
```
public Map<? extends io.confluent.security.auth.store.data.AuthKey,? extends io.confluent.security.auth.store.data.AuthValue> map(String type)
```
Specified by:

map in interface io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>

fail
```
public void fail(int partition,
                 String errorMessage)
```
Specified by:

fail in interface io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>

status
```
public io.confluent.security.store.MetadataStoreStatus status(int partition)
```
Specified by:

status in interface io.confluent.security.store.KeyValueStore<io.confluent.security.auth.store.data.AuthKey,io.confluent.security.auth.store.data.AuthValue>

totalRoleBindings
```
public int totalRoleBindings()
```

totalRbacAccessRules
```
public int totalRbacAccessRules()
```

totalAclAccessRules
```
public int totalAclAccessRules()
```

totalJwtIssuers
```
public int totalJwtIssuers()
```

totalIdentityPools
```
public long totalIdentityPools()
```

Class DefaultAuthCache

Nested Class Summary

Nested classes/interfaces inherited from interface io.confluent.security.auth.metadata.AuthCache

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

DefaultAuthCache

DefaultAuthCache

Method Detail

groups

rbacRoleBindings

rbacRoleBindings

rbacRoleBindings

rbacRoleBindings

rbacRoleBindings

jsonWebKeySets

jsonWebKeySet

identityPool

identityPools

userMetadata

users

knownScopes

rootScope

rbacRoles

aclRules

aclBindings

findRule

addMatchingRules

healthcheck

get

put

remove

map

fail

status

totalRoleBindings

totalRbacAccessRules

totalAclAccessRules

totalJwtIssuers

totalIdentityPools