Class MultiTenantApis

java.lang.Object
io.confluent.kafka.multitenant.schema.MultiTenantApis
public class MultiTenantApis extends Object

  • Constructor Summary

    Constructors
    Constructor
    Description
    MultiTenantApis(boolean areSbcApisEnabled)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    isApiAllowed(org.apache.kafka.common.protocol.ApiKeys api, short version, io.confluent.kafka.multitenant.MultiTenantPrincipal principal)
    Check whether an API is supported.

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • MultiTenantApis

      public MultiTenantApis(boolean areSbcApisEnabled)
      Parameters:
      areSbcApisEnabled - denotes whether the SBC-related APIs are allowed or not

  • Method Details

    • isApiAllowed

      public boolean isApiAllowed(org.apache.kafka.common.protocol.ApiKeys api, short version, io.confluent.kafka.multitenant.MultiTenantPrincipal principal)
      Check whether an API is supported. Internal broker and ACL APIs are not allowed through the interceptor. There is no reason to expose the former and the latter requires finer-grained authorization handling than is currently possible. In particular, we need to restrict the resource types that the user is allowed to modify, but this cannot be done through an ACL (the CreateAcl API is only authorized by Alter(Cluster)), and cannot be done through the interceptor itself unless we're willing to fail the full request.