DataplaneProvider (ce-auth-providers 7.6.8-ce API)

java.lang.Object
- io.confluent.security.auth.provider.ConfluentProvider
- - io.confluent.security.auth.dataplane.DataplaneProvider

All Implemented Interfaces:

io.confluent.security.authorizer.AclMigrationAware, io.confluent.security.authorizer.provider.AccessRuleProvider, io.confluent.security.authorizer.provider.Auditable, io.confluent.security.authorizer.provider.GroupProvider, io.confluent.security.authorizer.provider.MetadataProvider, io.confluent.security.authorizer.provider.Provider, io.confluent.security.authorizer.provider.SharedProvider, Closeable, AutoCloseable, org.apache.kafka.common.ClusterResourceListener, org.apache.kafka.common.Configurable, org.apache.kafka.server.authorizer.Authorizer
```
public class DataplaneProvider
extends ConfluentProvider
```

Field Summary

Fields
Modifier and Type Field and Description

static String PROVIDER_NAME

Fields
Modifier and Type	Field and Description
`static String`	`PROVIDER_NAME`

Constructor Summary

Constructors
Constructor and Description

DataplaneProvider()

Constructors
Constructor and Description
`DataplaneProvider()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Operation operation, io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourceType resourceType)`
`io.confluent.security.authorizer.Scope`	`authStoreScope()` Set Scope.ROOT_SCOPE as we can have multiple lkcs in MT Cluster
`io.confluent.security.authorizer.provider.AuthorizeRule`	`findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Action action)`
`Set<org.apache.kafka.common.security.auth.KafkaPrincipal>`	`groups(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal)`
`boolean`	`mayDeny()` We dont have Deny permissions in RBAC and we don't support Centralized ACLs in CCloud
`boolean`	`providerConfigured(Map<String,?> configs)` Brokers running ConfluentProvider should be either: - in the metadata cluster, running MDS.
`String`	`providerName()`
`boolean`	`usesMetadataFromThisKafkaCluster()` Returns true if this broker or controller is running in Metadata service cluster as indicated by `MetadataServerConfig.METADATA_SERVER_CONTROLLER_KRAFT_ENABLED_PROP`

Methods inherited from class io.confluent.security.auth.provider.ConfluentProvider
acls, asAuthorizer, auditLogProvider, authorize, authStore, close, configure, createAcls, createAcls, createRbacAuthorizer, deleteAcls, deleteAcls, isSuperUser, migrationTask, onUpdate, setKafkaMetrics, start, start

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.kafka.server.authorizer.Authorizer
aclCount, acls, authorizeByResourceType, registerAclUpdateListener

- Field Detail
  - PROVIDER_NAME
```
public static final String PROVIDER_NAME
```
    See Also:
    
    Constant Field Values
- Constructor Detail
  - DataplaneProvider
```
public DataplaneProvider()
```
- Method Detail
  - providerName
```
public String providerName()
```
    Specified by:
    
    providerName in interface io.confluent.security.authorizer.provider.Provider
    
    Overrides:
    
    providerName in class ConfluentProvider
  - providerConfigured
```
public boolean providerConfigured(Map<String,?> configs)
```
    Description copied from class: ConfluentProvider
    
    Brokers running ConfluentProvider should be either: - in the metadata cluster, running MDS. These should have metadata server listeners configured. - in another cluster. These should have metadata bootstrap servers configured.
    
    Specified by:
    
    providerConfigured in interface io.confluent.security.authorizer.provider.GroupProvider
    
    Specified by:
    
    providerConfigured in interface io.confluent.security.authorizer.provider.MetadataProvider
    
    Overrides:
    
    providerConfigured in class ConfluentProvider
  - usesMetadataFromThisKafkaCluster
```
public boolean usesMetadataFromThisKafkaCluster()
```
    Description copied from class: ConfluentProvider
    
    Returns true if this broker or controller is running in Metadata service cluster as indicated by MetadataServerConfig.METADATA_SERVER_CONTROLLER_KRAFT_ENABLED_PROP
    
    Specified by:
    
    usesMetadataFromThisKafkaCluster in interface io.confluent.security.authorizer.provider.Provider
    
    Overrides:
    
    usesMetadataFromThisKafkaCluster in class ConfluentProvider
  - authStoreScope
```
public io.confluent.security.authorizer.Scope authStoreScope()
```
    Set Scope.ROOT_SCOPE as we can have multiple lkcs in MT Cluster
    
    Overrides:
    
    authStoreScope in class ConfluentProvider
  - mayDeny
```
public boolean mayDeny()
```
    We dont have Deny permissions in RBAC and we don't support Centralized ACLs in CCloud
    
    Specified by:
    
    mayDeny in interface io.confluent.security.authorizer.provider.AccessRuleProvider
    
    Overrides:
    
    mayDeny in class ConfluentProvider
  - findRule
```
public io.confluent.security.authorizer.provider.AuthorizeRule findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
                                                                        Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                                                                        String host,
                                                                        io.confluent.security.authorizer.Action action)
```
    Specified by:
    
    findRule in interface io.confluent.security.authorizer.provider.AccessRuleProvider
    
    Overrides:
    
    findRule in class ConfluentProvider
  - addMatchingRules
```
public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules,
                             org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
                             Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals,
                             String host,
                             io.confluent.security.authorizer.Operation operation,
                             io.confluent.security.authorizer.Scope scope,
                             io.confluent.security.authorizer.ResourceType resourceType)
```
    Specified by:
    
    addMatchingRules in interface io.confluent.security.authorizer.provider.AccessRuleProvider
    
    Overrides:
    
    addMatchingRules in class ConfluentProvider
  - groups
```
public Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groups(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal)
```
    Specified by:
    
    groups in interface io.confluent.security.authorizer.provider.GroupProvider
    
    Overrides:
    
    groups in class ConfluentProvider

Class DataplaneProvider

Field Summary

Constructor Summary

Method Summary

Methods inherited from class io.confluent.security.auth.provider.ConfluentProvider

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.kafka.server.authorizer.Authorizer

Field Detail

PROVIDER_NAME

Constructor Detail

DataplaneProvider

Method Detail

providerName

providerConfigured

usesMetadataFromThisKafkaCluster

authStoreScope

mayDeny

findRule

addMatchingRules

groups