All Classes and Interfaces
Class
Description
Maps Kafka ACL and related classes to Confluent cross-component authorization classes.
Caches authentication attempts, whether successful or unsuccessful.
A
CallbackHandler that recognizes
CompositeBearerValidatorCallbackHandler
for validating Authentication Tokens issued by Confluent and external Identity Provider.A trust manager that verifies that the client invalid input: '&' server certificate presented during
clientAuth belongs to confluent cloud and then delegates to the
defaultTrustManager for general certificate chain validation.A per-connection sensor manager to manage the lifecycles of the connection_info metrics.
Enforce the policy when creating the cluster links, for example enforcing maximum number of cluster links per tenant.
This class is used to authenticate default data policy between various sasl mechanisms.
Enum class that represents different modes of Default Data Policy validation in the authenticator.
The default implementation of
MTlsConnectionManager that relies on the broker session.These functions transform various pieces of internal information to remove internal
implementation details.
This class loads user metadata from the topic _confluent-user_metadata.
Per-connection manager for deprecated request metric and its quota.
A
CallbackHandler that recognizes
OAuthBearerValidatorCallback and OAuthBearerExtensionsValidatorCallback
for validating a secured OAuth 2 bearer token issued by Confluent/external OIDC provider, SASL extensions
specifying the logical cluster this token is meant for and an identity pool ID to assume if token is from
external OIDC provider.With Fetch From Follower in cloud, consumers can fetch from the closest replica.
Authenticate users based on YAML config file which is periodically reloaded
Manages the per-partition hot partition metrics derived from the bytes-in and bytes-out metrics on each partition.
Builder of
HotPartitionSensors to follow the patterns of existing PartitionSensors creation.Helper class to create and access the hot partition sensors for a
TopicPartition.Fetches Signature Verification key information from AuthCache according to issuer information
from the token claim.
This class loads the LogicalClusterMetadata from the topic configured by
ConfluentConfigs.CDC_LKC_METADATA_TOPIC_CONFIG.
An interface to implement sampled recording of metrics.
Principal builder that returns a
MultiTenantPrincipal if tenant
id is available.This class loads and caches SASL secrets from a JSON file stored on the local
filesystem.
A
CallbackHandler for the OAuthLoginModule of a Kafka Broker.A
CallbackHandler that recognizes
OAuthBearerValidatorCallback and OAuthBearerExtensionsValidatorCallback
for validating a secured OAuth 2 bearer token issued by Confluent and SASL extensions
specifying the logical cluster this token is meant for.This class is used to build a KafkaPrincipal which provides support for SASL/OAUTHBEARER authentication.
This holds metadata passed from CCloud related to this physical cluster
SaslServer implementation for SASL/PLAIN with an authenticator
provided through the constructor.
Enum class that represents different mode of SNI host name validation in the authenticator.
The SpiffeIdPrincipalExtractor is a component designed to extract Principals from SPIFFE IDs.
Represents specifications for ssl certificates - pem and pkcs
Provider implementation which derives access rules from
StandardAuthorizer,
which is the default authorizer for KRaft and stores rules in the __cluster_metadata
topic.Multi-tenant authorizer that supports:
ACLs with TenantUser:clusterId_userId as principal
ACLs with TenantUser*:clusterId_ as wildcard prefixed principal
ACLs with User:* as wildcard principal (e.g.
This class contains the core logic to transform Kafka requests and responses so that
topics/groups/etc have appropriate tenant prefixes.
Starting first with K2's initial Freight offering and XENI, zone alignment between the
client, the Confluent-provided gateway into Confluent Cloud, and the serving broker is almost
always possible, so it's important to track how exactly the zones of these three layers align.
Tenant partition assignor that attempts to balance tenant partitions across available
brokers to ensure that quotas allocated to the broker per-partition can be fully
utilized without overloading brokers.
Topic details from new topic or partition create request.
A
MetricSampler that samples at most once every intervalNanos.An abstract
CallbackHandler for the OAuthLoginModule.A
CallbackHandler that recognizes
TokenBearerValidatorCallbackHandler
for validating a Authentication Tokens issued by Confluent.Responsible for keeping tenant (lkc) metadata in memory, and updating it and related data as needed.
Pojo representing the JSON value pushed to the CDC topic for the allowed network IDs on this networkId.
This class is used to authenticate networkID authentication logic between various sasl mechanisms.
Enum class that represents different modes of NetworkId validation in the authenticator.
This class is responsible for processing user deletion events
and performing soft deletion of ACLs associated with the deleted user.