Package io.confluent.security.auth.store.cache

Class ScopePrincipalAccessRuleStore

java.lang.Object
io.confluent.security.auth.store.cache.ScopePrincipalAccessRuleStore
All Implemented Interfaces:
AccessRuleStore
public class ScopePrincipalAccessRuleStore extends Object implements AccessRuleStore
AccessRuleStore to be used only for Cloud RBAC. It segregates rules on scope -> principal -> resourcePattern for the better performance in the Cloud.

  • Constructor Summary

    Constructors
    Constructor
    Description
    ScopePrincipalAccessRuleStore()
     
    ScopePrincipalAccessRuleStore(Map<io.confluent.security.authorizer.Scope,Map<org.apache.kafka.common.security.auth.KafkaPrincipal,NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>>>> accessRules)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    add(io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.security.auth.KafkaPrincipal principal, Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> rules)
     
    void
    addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, io.confluent.security.authorizer.Scope resourceScope, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> principals, String host, io.confluent.security.roledefinitions.Operation operation, io.confluent.security.roledefinitions.ResourceType resourceType)
     
    io.confluent.security.authorizer.provider.AuthorizeRule
    findMatchingRule(Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.authorizer.Action action)
     
    NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>>
    get(io.confluent.security.authorizer.Scope scope)
     
    Set<io.confluent.security.authorizer.Scope>
    knownScopes()
     
    Set<io.confluent.security.authorizer.AccessRule>
    remove(io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourcePattern resourcePattern)
     
    void
    removeDeletedAccessRules(io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.security.auth.KafkaPrincipal principal, Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> keepRules)
     
    long
    ruleCount()
     
    void
    update(io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourcePattern resourcePattern, Set<io.confluent.security.authorizer.AccessRule> newRules)
     

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • ScopePrincipalAccessRuleStore

      public ScopePrincipalAccessRuleStore()

    • ScopePrincipalAccessRuleStore

      public ScopePrincipalAccessRuleStore(Map<io.confluent.security.authorizer.Scope,Map<org.apache.kafka.common.security.auth.KafkaPrincipal,NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>>>> accessRules)

  • Method Details

    • knownScopes

      public Set<io.confluent.security.authorizer.Scope> knownScopes()
      Specified by:
      knownScopes in interface AccessRuleStore

    • get

      public NavigableMap<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> get(io.confluent.security.authorizer.Scope scope)
      Specified by:
      get in interface AccessRuleStore

    • add

      public void add(io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.security.auth.KafkaPrincipal principal, Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> rules)
      Specified by:
      add in interface AccessRuleStore

    • update

      public void update(io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourcePattern resourcePattern, Set<io.confluent.security.authorizer.AccessRule> newRules)
      Specified by:
      update in interface AccessRuleStore

    • remove

      public Set<io.confluent.security.authorizer.AccessRule> remove(io.confluent.security.authorizer.Scope scope, io.confluent.security.authorizer.ResourcePattern resourcePattern)
      Specified by:
      remove in interface AccessRuleStore

    • findMatchingRule

      public io.confluent.security.authorizer.provider.AuthorizeRule findMatchingRule(Set<org.apache.kafka.common.security.auth.KafkaPrincipal> matchingPrincipals, String host, io.confluent.security.authorizer.Action action)
      Specified by:
      findMatchingRule in interface AccessRuleStore

    • addMatchingRules

      public void addMatchingRules(io.confluent.security.authorizer.provider.ResourceAuthorizeRules matchingRules, io.confluent.security.authorizer.Scope resourceScope, Set<org.apache.kafka.common.security.auth.KafkaPrincipal> principals, String host, io.confluent.security.roledefinitions.Operation operation, io.confluent.security.roledefinitions.ResourceType resourceType)
      Specified by:
      addMatchingRules in interface AccessRuleStore

    • ruleCount

      public long ruleCount()
      Specified by:
      ruleCount in interface AccessRuleStore

    • removeDeletedAccessRules

      public void removeDeletedAccessRules(io.confluent.security.authorizer.Scope scope, org.apache.kafka.common.security.auth.KafkaPrincipal principal, Map<io.confluent.security.authorizer.ResourcePattern,Set<io.confluent.security.authorizer.AccessRule>> keepRules)
      Specified by:
      removeDeletedAccessRules in interface AccessRuleStore