io.confluent.security.auth.provider

Class AuthnzProvider

java.lang.Object

io.confluent.security.auth.provider.AuthnzProvider

All Implemented Interfaces:

io.confluent.security.authorizer.provider.AccessRuleProvider, io.confluent.security.authorizer.provider.Provider, Closeable, AutoCloseable, org.apache.kafka.common.Configurable, org.apache.kafka.server.authorizer.Authorizer

public class AuthnzProvider
extends Object
implements io.confluent.security.authorizer.provider.AccessRuleProvider, org.apache.kafka.server.authorizer.Authorizer

Field Summary

Fields

Modifier and Type	Field and Description
static String	PROVIDER_NAME

Constructor Summary

Constructors

Constructor and Description
AuthnzProvider()

Method Summary

Modifier and Type	Method and Description
Iterable<org.apache.kafka.common.acl.AclBinding>	acls(org.apache.kafka.common.acl.AclBindingFilter filter)
void	addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Operation operation, io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourceType resourceType)
List<org.apache.kafka.server.authorizer.AuthorizationResult>	authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
io.confluent.security.auth.metadata.AuthStore	authStore()
io.confluent.security.authorizer.Scope	authStoreScope()
void	close()
void	configure(Map<String,?> configs)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>	createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>	createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> aclClusterId)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>	deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>	deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Optional<String> aclClusterId, org.apache.kafka.common.acl.AclState aclState)
io.confluent.security.authorizer.provider.AuthorizeRule	findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Action action)
boolean	isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)
boolean	mayDeny()
String	providerName()
void	setKafkaMetrics(org.apache.kafka.common.metrics.Metrics metrics)
Map<org.apache.kafka.common.Endpoint,? extends CompletionStage<Void>>	start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
CompletionStage<Void>	start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo, Map<String,?> clientConfig)
boolean	usesMetadataFromThisKafkaCluster()

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.confluent.security.authorizer.provider.AccessRuleProvider

asAuthorizer

Methods inherited from interface org.apache.kafka.server.authorizer.Authorizer

aclCount, acls, authorizeByResourceType, registerAclUpdateListener

Field Detail

PROVIDER_NAME

public static final String PROVIDER_NAME

See Also:

Constant Field Values

Constructor Detail

AuthnzProvider

public AuthnzProvider()

Method Detail

configure

public void configure(Map<String,?> configs)

Specified by:

configure in interface org.apache.kafka.common.Configurable

authStoreScope

public io.confluent.security.authorizer.Scope authStoreScope()

providerName

public String providerName()

Specified by:

providerName in interface io.confluent.security.authorizer.provider.Provider

usesMetadataFromThisKafkaCluster

public boolean usesMetadataFromThisKafkaCluster()

Specified by:

usesMetadataFromThisKafkaCluster in interface io.confluent.security.authorizer.provider.Provider

start

public CompletionStage<Void> start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo,
                                   Map<String,?> clientConfig)

Specified by:

start in interface io.confluent.security.authorizer.provider.Provider

mayDeny

public boolean mayDeny()

Specified by:

mayDeny in interface io.confluent.security.authorizer.provider.AccessRuleProvider

isSuperUser

public boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                           io.confluent.security.authorizer.Scope scope)

Specified by:

isSuperUser in interface io.confluent.security.authorizer.provider.AccessRuleProvider

findRule

public io.confluent.security.authorizer.provider.AuthorizeRule findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
                                                                        Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                                                                        String host,
                                                                        io.confluent.security.authorizer.Action action)

Specified by:

findRule in interface io.confluent.security.authorizer.provider.AccessRuleProvider

addMatchingRules

public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules,
                             org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
                             Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                             String host,
                             io.confluent.security.authorizer.Operation operation,
                             io.confluent.security.authorizer.Scope scope,
                             io.confluent.security.authorizer.ResourceType resourceType)

Specified by:

addMatchingRules in interface io.confluent.security.authorizer.provider.AccessRuleProvider

close

public void close()

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

authStore

public io.confluent.security.auth.metadata.AuthStore authStore()

start

public Map<org.apache.kafka.common.Endpoint,? extends CompletionStage<Void>> start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)

Specified by:

start in interface org.apache.kafka.server.authorizer.Authorizer

authorize

public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                              List<org.apache.kafka.server.authorizer.Action> actions)

Specified by:

authorize in interface org.apache.kafka.server.authorizer.Authorizer

createAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBinding> aclBindings)

Specified by:

createAcls in interface org.apache.kafka.server.authorizer.Authorizer

createAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBinding> aclBindings,
                                                                                                      Optional<String> aclClusterId)

Specified by:

createAcls in interface org.apache.kafka.server.authorizer.Authorizer

deleteAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)

Specified by:

deleteAcls in interface org.apache.kafka.server.authorizer.Authorizer

deleteAcls

public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
                                                                                                      List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters,
                                                                                                      Optional<String> aclClusterId,
                                                                                                      org.apache.kafka.common.acl.AclState aclState)

Specified by:

deleteAcls in interface org.apache.kafka.server.authorizer.Authorizer

acls

public Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)

Specified by:

acls in interface org.apache.kafka.server.authorizer.Authorizer

setKafkaMetrics

public void setKafkaMetrics(org.apache.kafka.common.metrics.Metrics metrics)