io.confluent.security.auth.store.cache

Class ScopeAccessRuleStore

java.lang.Object

io.confluent.security.auth.store.cache.ScopeAccessRuleStore

All Implemented Interfaces:

AccessRuleStore

public class ScopeAccessRuleStore
extends Object
implements AccessRuleStore

AccessRuleStore to be used only for CP RBAC. It segregates rules on scope -> resourcePattern which is more suited for CP case.

Constructor Summary

Constructors

Constructor and Description
ScopeAccessRuleStore()
ScopeAccessRuleStore(Map<io.confluent.security.authorizer.Scope,NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>>> accessRules)

Method Summary

Modifier and Type	Method and Description
void	add(io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.security.auth.KafkaPrincipal principal, Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> rules)
void	addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, io.confluent.security.authorizer.Scope resourceScope, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> principals, String host, io.confluent.security.authorizer.Operation operation, io.confluent.security.authorizer.ResourceType resourceType)
io.confluent.security.authorizer.provider.AuthorizeRule	findMatchingRule(Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.authorizer.Action action)
NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>>	get(io.confluent.security.authorizer.Scope scope)
Set<io.confluent.security.authorizer.Scope>	knownScopes()
Set<io.confluent.security.authorizer.AccessRule>	remove(io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourcePattern resourcePattern)
void	removeDeletedAccessRules(io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.security.auth.KafkaPrincipal principal, Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> keepRules)
long	ruleCount()
void	update(io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourcePattern resourcePattern, Set<io.confluent.security.authorizer.AccessRule> newRules)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ScopeAccessRuleStore

public ScopeAccessRuleStore(Map<io.confluent.security.authorizer.Scope,NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>>> accessRules)

ScopeAccessRuleStore

public ScopeAccessRuleStore()

Method Detail

knownScopes

public Set<io.confluent.security.authorizer.Scope> knownScopes()

Specified by:

knownScopes in interface AccessRuleStore

get

public NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> get(io.confluent.security.authorizer.Scope scope)

Specified by:

get in interface AccessRuleStore

add

public void add(io.confluent.security.authorizer.Scope scope,
                org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> rules)

Specified by:

add in interface AccessRuleStore

update

public void update(io.confluent.security.authorizer.Scope scope,
                   io.confluent.security.authorizer.ResourcePattern resourcePattern,
                   Set<io.confluent.security.authorizer.AccessRule> newRules)

Specified by:

update in interface AccessRuleStore

remove

public Set<io.confluent.security.authorizer.AccessRule> remove(io.confluent.security.authorizer.Scope scope,
                                                               io.confluent.security.authorizer.ResourcePattern resourcePattern)

Specified by:

remove in interface AccessRuleStore

findMatchingRule

public io.confluent.security.authorizer.provider.AuthorizeRule findMatchingRule(Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals,
                                                                                String host,
                                                                                io.confluent.security.authorizer.Action action)

Specified by:

findMatchingRule in interface AccessRuleStore

addMatchingRules

public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules,
                             io.confluent.security.authorizer.Scope resourceScope,
                             Set<org.apache.kafka.common.security.auth.KafkaPrincipal> principals,
                             String host,
                             io.confluent.security.authorizer.Operation operation,
                             io.confluent.security.authorizer.ResourceType resourceType)

Specified by:

addMatchingRules in interface AccessRuleStore

ruleCount

public long ruleCount()

Specified by:

ruleCount in interface AccessRuleStore

removeDeletedAccessRules

public void removeDeletedAccessRules(io.confluent.security.authorizer.Scope scope,
                                     org.apache.kafka.common.security.auth.KafkaPrincipal principal,
                                     Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> keepRules)

Specified by:

removeDeletedAccessRules in interface AccessRuleStore