Package io.confluent.security.auth.dataplane

Class DataplaneAuthWriter

java.lang.Object
io.confluent.security.auth.dataplane.DataplaneAuthWriter
All Implemented Interfaces:
io.confluent.security.auth.metadata.AuthWriter, Writer, io.confluent.security.trustservice.store.TrustWriter, Closeable, AutoCloseable
public class DataplaneAuthWriter extends Object implements io.confluent.security.auth.metadata.AuthWriter, io.confluent.security.trustservice.store.TrustWriter, Writer, Closeable

  • Constructor Details

    • DataplaneAuthWriter

      public DataplaneAuthWriter()

  • Method Details

    • addClusterRoleBinding

      public CompletionStage<Void> addClusterRoleBinding(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal targetPrincipal, String role, io.confluent.security.authorizer.Scope scope, String reason)
      Specified by:
      addClusterRoleBinding in interface io.confluent.security.auth.metadata.AuthWriter

    • removeRoleBinding

      public CompletionStage<Void> removeRoleBinding(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal targetPrincipal, String role, io.confluent.security.authorizer.Scope scope, String reason)
      Specified by:
      removeRoleBinding in interface io.confluent.security.auth.metadata.AuthWriter

    • addResourceRoleBinding

      public CompletionStage<Void> addResourceRoleBinding(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal targetPrincipal, String role, io.confluent.security.authorizer.Scope scope, Collection<io.confluent.security.authorizer.ResourcePattern> resources, String reason)
      Specified by:
      addResourceRoleBinding in interface io.confluent.security.auth.metadata.AuthWriter

    • removeResourceRoleBinding

      public CompletionStage<Void> removeResourceRoleBinding(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal targetPrincipal, String role, io.confluent.security.authorizer.Scope scope, Collection<io.confluent.security.authorizer.ResourcePatternFilter> patternFilters, String reason)
      Specified by:
      removeResourceRoleBinding in interface io.confluent.security.auth.metadata.AuthWriter

    • replaceResourceRoleBinding

      public CompletionStage<Void> replaceResourceRoleBinding(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, org.apache.kafka.common.security.auth.KafkaPrincipal targetPrincipal, String role, io.confluent.security.authorizer.Scope scope, Collection<io.confluent.security.authorizer.ResourcePattern> resources, String reason)
      Specified by:
      replaceResourceRoleBinding in interface io.confluent.security.auth.metadata.AuthWriter

    • addIdentityProvider

      public CompletionStage<Void> addIdentityProvider(Optional<Principal> requesterPrincipal, String orgId, String providerId, String subjectClaim, String issuer, String jwksEndpoint)
      Specified by:
      addIdentityProvider in interface io.confluent.security.trustservice.store.TrustWriter

    • removeIdentityProvider

      public CompletionStage<Void> removeIdentityProvider(Optional<Principal> requesterPrincipal, String orgId, String providerId)
      Specified by:
      removeIdentityProvider in interface io.confluent.security.trustservice.store.TrustWriter

    • replaceIdentityProvider

      public CompletionStage<Void> replaceIdentityProvider(Optional<Principal> requesterPrincipal, String orgId, String providerId, String subjectClaim, String issuer, String jwksEndpoint)
      Specified by:
      replaceIdentityProvider in interface io.confluent.security.trustservice.store.TrustWriter

    • addJwks

      public CompletionStage<Void> addJwks(Optional<Principal> requesterPrincipal, String jwtIssuer, String jwksEndpoint, org.jose4j.jwk.JsonWebKeySet jwks, String reason)
      Specified by:
      addJwks in interface io.confluent.security.trustservice.store.TrustWriter

    • removeJwks

      public CompletionStage<Void> removeJwks(Optional<Principal> requesterPrincipal, String jwtIssuer, String jwksEndpoint, String reason)
      Specified by:
      removeJwks in interface io.confluent.security.trustservice.store.TrustWriter

    • replaceJwks

      public CompletionStage<Void> replaceJwks(Optional<Principal> requesterPrincipal, String jwtIssuer, String jwksEndpoint, org.jose4j.jwk.JsonWebKeySet jwks, String reason)
      Specified by:
      replaceJwks in interface io.confluent.security.trustservice.store.TrustWriter

    • addIdentityPool

      public CompletionStage<Void> addIdentityPool(Optional<Principal> requesterPrincipal, String poolId, int version, String issuer, String providerId, String jwksEndpoint, String subjectClaim, String serviceAccount, String policy, String orgId, String reason)
      Specified by:
      addIdentityPool in interface io.confluent.security.trustservice.store.TrustWriter

    • removeIdentityPool

      public CompletionStage<Void> removeIdentityPool(Optional<Principal> requesterPrincipal, String poolId, String reason)
      Specified by:
      removeIdentityPool in interface io.confluent.security.trustservice.store.TrustWriter

    • replaceIdentityPool

      public CompletionStage<Void> replaceIdentityPool(Optional<Principal> requesterPrincipal, String poolId, int version, String issuer, String providerId, String jwksEndpoint, String subjectClaim, String serviceAccount, String policy, String orgId, String reason)
      Specified by:
      replaceIdentityPool in interface io.confluent.security.trustservice.store.TrustWriter

    • addRefreshTokenInfo

      public CompletionStage<Void> addRefreshTokenInfo(Optional<Principal> requesterPrincipal, String issuer, String encryptedRefreshToken, long issuedAt, String subClaim, String sessionId)
      Specified by:
      addRefreshTokenInfo in interface io.confluent.security.trustservice.store.TrustWriter

    • removeRefreshTokenInfo

      public CompletionStage<Void> removeRefreshTokenInfo(Optional<Principal> requesterPrincipal, String issuer, String subClaim)
      Specified by:
      removeRefreshTokenInfo in interface io.confluent.security.trustservice.store.TrustWriter

    • replaceRefreshTokenInfo

      public CompletionStage<Void> replaceRefreshTokenInfo(Optional<Principal> requesterPrincipal, String issuer, String encryptedRefreshToken, long issuedAt, String subClaim, String sessionId)
      Specified by:
      replaceRefreshTokenInfo in interface io.confluent.security.trustservice.store.TrustWriter

    • createAcls

      public CompletionStage<Void> createAcls(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.acl.AclBinding aclBinding)
      Specified by:
      createAcls in interface io.confluent.security.auth.metadata.AuthWriter

    • createAcls

      public Map<org.apache.kafka.common.acl.AclBinding,CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, io.confluent.security.authorizer.Scope scope, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
      Specified by:
      createAcls in interface io.confluent.security.auth.metadata.AuthWriter

    • deleteAcls

      public CompletionStage<Collection<org.apache.kafka.common.acl.AclBinding>> deleteAcls(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.acl.AclBindingFilter aclBindingFilter, Predicate<io.confluent.security.authorizer.ResourcePattern> resourceAccess)
      Specified by:
      deleteAcls in interface io.confluent.security.auth.metadata.AuthWriter

    • deleteAcls

      public Map<org.apache.kafka.common.acl.AclBindingFilter,CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(Optional<org.apache.kafka.common.security.auth.KafkaPrincipal> callingPrincipal, io.confluent.security.authorizer.Scope scope, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Predicate<io.confluent.security.authorizer.ResourcePattern> resourceAccess)
      Specified by:
      deleteAcls in interface io.confluent.security.auth.metadata.AuthWriter

    • startWriter

      public void startWriter(int i)
      Description copied from interface: Writer
      Starts master writer with the specified generation id. Writer generation is determined by the MetadataServiceCoordinator during writer election.
      Specified by:
      startWriter in interface Writer
      Parameters:
      i - Generation id of writer

    • stopWriter

      public void stopWriter(Integer integer)
      Description copied from interface: Writer
      Stops this writer because a new master writer was elected. If `generationId` is null, the writer is stopped regardless of the current generation of the writer. If not, the writer is stopped only if its current generation matches the provided value.
      Specified by:
      stopWriter in interface Writer
      Parameters:
      integer - Generation id of writer being stopped or null to stop regardless of current writer generation

    • ready

      public boolean ready()
      Description copied from interface: Writer
      Returns true if this is the master writer and is ready to process requests
      Specified by:
      ready in interface Writer

    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable