Package io.confluent.security.auth.provider

Class AuthnzProvider

java.lang.Object
io.confluent.security.auth.provider.AuthnzProvider
All Implemented Interfaces:
io.confluent.security.authorizer.provider.AccessRuleProvider, io.confluent.security.authorizer.provider.Provider, Closeable, AutoCloseable, org.apache.kafka.common.Configurable, org.apache.kafka.server.authorizer.Authorizer
public class AuthnzProvider extends Object implements io.confluent.security.authorizer.provider.AccessRuleProvider, org.apache.kafka.server.authorizer.Authorizer

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    PROVIDER_NAME
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    AuthnzProvider()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    Iterable<org.apache.kafka.common.acl.AclBinding>
    acls(org.apache.kafka.common.acl.AclBindingFilter filter)
     
    void
    addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.roledefinitions.Operation operation, io.confluent.security.authorizer.Scope scope, io.confluent.security.roledefinitions.ResourceType resourceType)
     
    List<org.apache.kafka.server.authorizer.AuthorizationResult>
    authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
     
    io.confluent.security.auth.metadata.AuthStore
    authStore()
     
    io.confluent.security.authorizer.Scope
    authStoreScope()
     
    void
    close()
     
    void
    configure(Map<String,?> configs)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>
    createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>
    createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> aclClusterId)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>
    deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>
    deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Optional<String> aclClusterId, org.apache.kafka.common.acl.AclState aclState)
     
    io.confluent.security.authorizer.provider.AuthorizeRule
    findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Action action)
     
    boolean
    isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)
     
    boolean
    mayDeny()
     
    String
    providerName()
     
    void
    setKafkaMetrics(org.apache.kafka.common.metrics.Metrics metrics)
     
    Map<org.apache.kafka.common.Endpoint,? extends CompletionStage<Void>>
    start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
     
    CompletionStage<Void>
    start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)
     
    boolean
    usesMetadataFromThisKafkaCluster()
     

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface io.confluent.security.authorizer.provider.AccessRuleProvider

    asAuthorizer

    Methods inherited from interface org.apache.kafka.server.authorizer.Authorizer

    aclCount, acls, authorizeByResourceType, config, registerAclUpdateListener

  • Field Details

  • Constructor Details

    • AuthnzProvider

      public AuthnzProvider()

  • Method Details

    • configure

      public void configure(Map<String,?> configs)
      Specified by:
      configure in interface org.apache.kafka.common.Configurable

    • authStoreScope

      public io.confluent.security.authorizer.Scope authStoreScope()

    • providerName

      public String providerName()
      Specified by:
      providerName in interface io.confluent.security.authorizer.provider.Provider

    • usesMetadataFromThisKafkaCluster

      public boolean usesMetadataFromThisKafkaCluster()
      Specified by:
      usesMetadataFromThisKafkaCluster in interface io.confluent.security.authorizer.provider.Provider

    • start

      public CompletionStage<Void> start(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)
      Specified by:
      start in interface io.confluent.security.authorizer.provider.Provider

    • mayDeny

      public boolean mayDeny()
      Specified by:
      mayDeny in interface io.confluent.security.authorizer.provider.AccessRuleProvider

    • isSuperUser

      public boolean isSuperUser(org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)
      Specified by:
      isSuperUser in interface io.confluent.security.authorizer.provider.AccessRuleProvider

    • findRule

      public io.confluent.security.authorizer.provider.AuthorizeRule findRule(org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.authorizer.Action action)
      Specified by:
      findRule in interface io.confluent.security.authorizer.provider.AccessRuleProvider

    • addMatchingRules

      public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> groupPrincipals, String host, io.confluent.security.roledefinitions.Operation operation, io.confluent.security.authorizer.Scope scope, io.confluent.security.roledefinitions.ResourceType resourceType)
      Specified by:
      addMatchingRules in interface io.confluent.security.authorizer.provider.AccessRuleProvider

    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable

    • authStore

      public io.confluent.security.auth.metadata.AuthStore authStore()

    • start

      public Map<org.apache.kafka.common.Endpoint,? extends CompletionStage<Void>> start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
      Specified by:
      start in interface org.apache.kafka.server.authorizer.Authorizer

    • authorize

      public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
      Specified by:
      authorize in interface org.apache.kafka.server.authorizer.Authorizer

    • createAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
      Specified by:
      createAcls in interface org.apache.kafka.server.authorizer.Authorizer

    • createAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> aclClusterId)
      Specified by:
      createAcls in interface org.apache.kafka.server.authorizer.Authorizer

    • deleteAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
      Specified by:
      deleteAcls in interface org.apache.kafka.server.authorizer.Authorizer

    • deleteAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Optional<String> aclClusterId, org.apache.kafka.common.acl.AclState aclState)
      Specified by:
      deleteAcls in interface org.apache.kafka.server.authorizer.Authorizer

    • acls

      public Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)
      Specified by:
      acls in interface org.apache.kafka.server.authorizer.Authorizer

    • setKafkaMetrics

      public void setKafkaMetrics(org.apache.kafka.common.metrics.Metrics metrics)