public class MultiTenantAuthorizer extends ConfluentServerAuthorizer
| Modifier and Type | Class and Description |
|---|---|
static class |
MultiTenantAuthorizer.TenantAuthorizerMetrics |
| Modifier and Type | Field and Description |
|---|---|
static String |
INTEGER_ID |
static String |
MAX_ACLS_PER_TENANT_PROP |
static String |
RESOURCE_ID |
| Constructor and Description |
|---|
MultiTenantAuthorizer() |
| Modifier and Type | Method and Description |
|---|---|
Iterable<org.apache.kafka.common.acl.AclBinding> |
acls(org.apache.kafka.common.acl.AclBindingFilter filter) |
Iterable<org.apache.kafka.common.acl.AclBinding> |
acls(org.apache.kafka.common.acl.AclBindingFilter filter,
org.apache.kafka.common.acl.AclState aclState) |
List<org.apache.kafka.server.authorizer.AuthorizationResult> |
authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.server.authorizer.Action> actions) |
io.confluent.security.authorizer.Action |
buildAction(org.apache.kafka.server.authorizer.Action kafkaAction,
org.apache.kafka.common.resource.ResourcePattern resourcePattern,
org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
io.confluent.security.authorizer.Scope scope) |
void |
configure(Map<String,?> configs) |
void |
configureAccessRuleProviders(Map<String,Object> configs) |
void |
configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo) |
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> |
createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.common.acl.AclBinding> aclBindings) |
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> |
createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.common.acl.AclBinding> aclBindings,
Optional<String> clusterId) |
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> |
deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters) |
List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> |
deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext,
List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters,
Optional<String> clusterId,
org.apache.kafka.common.acl.AclState aclState) |
boolean |
isAuditLogEnabled() |
static boolean |
isSuperUser(io.confluent.kafka.multitenant.MultiTenantPrincipal tenantPrincipal,
io.confluent.security.authorizer.Action action,
boolean authorizationDisabled,
boolean enableDataplaneRbacForPKC,
boolean oauthSuperUserDisable) |
Set<String> |
reconfigurableConfigs() |
void |
reconfigure(Map<String,?> configs) |
aclCount, aclMutatorOrException, applyAclChanges, authorizeByResourceType, completeInitialLoad, completeInitialLoad, loadAclSnapshot, setAclMutator, start, validateReconfigurationaccessRuleProvider, accessRuleProviders, auditLogProvider, authorize, clearAuthorizerProvidersMap, close, groupProvider, metadataProvider, removeFromAuthorizerProvidersMap, startequals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitcreateAcls, createInactiveAcls, hardDeleteAcls, validateCreateAclState, validateDeleteAclStatepublic static final String MAX_ACLS_PER_TENANT_PROP
public static final String RESOURCE_ID
public static final String INTEGER_ID
public void configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)
configureServerInfo in class ConfluentServerAuthorizerpublic void configure(Map<String,?> configs)
configure in interface org.apache.kafka.common.Configurableconfigure in class ConfluentServerAuthorizerpublic Set<String> reconfigurableConfigs()
reconfigurableConfigs in interface org.apache.kafka.common.ReconfigurablereconfigurableConfigs in class ConfluentServerAuthorizerpublic void reconfigure(Map<String,?> configs)
reconfigure in interface org.apache.kafka.common.Reconfigurablereconfigure in class ConfluentServerAuthorizerpublic List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
authorize in class ConfluentServerAuthorizerpublic static boolean isSuperUser(io.confluent.kafka.multitenant.MultiTenantPrincipal tenantPrincipal,
io.confluent.security.authorizer.Action action,
boolean authorizationDisabled,
boolean enableDataplaneRbacForPKC,
boolean oauthSuperUserDisable)
public io.confluent.security.authorizer.Action buildAction(org.apache.kafka.server.authorizer.Action kafkaAction,
org.apache.kafka.common.resource.ResourcePattern resourcePattern,
org.apache.kafka.common.security.auth.KafkaPrincipal sessionPrincipal,
io.confluent.security.authorizer.Scope scope)
buildAction in class ConfluentServerAuthorizerpublic List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
createAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizercreateAcls in class ConfluentServerAuthorizerpublic List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> clusterId)
createAcls in class ConfluentServerAuthorizerpublic List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Optional<String> clusterId, org.apache.kafka.common.acl.AclState aclState)
deleteAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerdeleteAcls in class ConfluentServerAuthorizerpublic List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
deleteAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizerdeleteAcls in class ConfluentServerAuthorizerpublic Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)
acls in class ConfluentServerAuthorizerpublic Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter, org.apache.kafka.common.acl.AclState aclState)
acls in class ConfluentServerAuthorizerpublic boolean isAuditLogEnabled()