Class ConfluentServerAuthorizer

java.lang.Object
io.confluent.security.authorizer.EmbeddedAuthorizer
io.confluent.kafka.security.authorizer.ConfluentServerAuthorizer
All Implemented Interfaces:
io.confluent.security.authorizer.Authorizer, Closeable, AutoCloseable, org.apache.kafka.common.Configurable, org.apache.kafka.common.Reconfigurable, org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer, org.apache.kafka.server.authorizer.Authorizer, org.apache.kafka.server.authorizer.ProviderGetter
Direct Known Subclasses:
LdapAuthorizer, MultiTenantAuthorizer
public class ConfluentServerAuthorizer extends io.confluent.security.authorizer.EmbeddedAuthorizer implements org.apache.kafka.server.authorizer.Authorizer, org.apache.kafka.common.Reconfigurable, org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

  • Nested Class Summary

    Nested classes/interfaces inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

    io.confluent.security.authorizer.EmbeddedAuthorizer.AuthorizerMetrics

  • Constructor Summary

    Constructors
    Constructor
    Description
    ConfluentServerAuthorizer()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    int
    aclCount()
     
    org.apache.kafka.metadata.authorizer.AclMutator
    aclMutatorOrException()
     
    Iterable<org.apache.kafka.common.acl.AclBinding>
    acls(org.apache.kafka.common.acl.AclBindingFilter filter)
     
    Iterable<org.apache.kafka.common.acl.AclBinding>
    acls(org.apache.kafka.common.acl.AclBindingFilter filter, org.apache.kafka.common.acl.AclState aclState)
     
    void
    applyAclChanges(Map<org.apache.kafka.common.Uuid, Optional<org.apache.kafka.metadata.authorizer.ConfluentStandardAcl>> aclChanges)
     
    List<org.apache.kafka.server.authorizer.AuthorizationResult>
    authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
     
    org.apache.kafka.server.authorizer.AuthorizationResult
    authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, org.apache.kafka.common.acl.AclOperation op, org.apache.kafka.common.resource.ResourceType resourceType)
     
    io.confluent.security.authorizer.Action
    buildAction(org.apache.kafka.server.authorizer.Action kafkaAction, org.apache.kafka.common.resource.ResourcePattern kafkaResourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)
     
    void
    completeInitialLoad()
     
    void
    completeInitialLoad(Exception e)
     
    void
    configure(Map<String,?> configs)
     
    void
    configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>
    createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>>
    createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> clusterId)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>
    deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
     
    List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>>
    deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Optional<String> clusterId, org.apache.kafka.common.acl.AclState aclState)
     
    void
    loadAclSnapshot(Map<org.apache.kafka.common.Uuid, org.apache.kafka.metadata.authorizer.ConfluentStandardAcl> acls)
     
    Set<String>
    reconfigurableConfigs()
     
    void
    reconfigure(Map<String,?> configs)
     
    void
    setAclMutator(org.apache.kafka.metadata.authorizer.AclMutator aclMutator)
     
    Map<org.apache.kafka.common.Endpoint, ? extends CompletionStage<Void>>
    start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
     
    void
    validateReconfiguration(Map<String,?> configs)
     

    Methods inherited from class io.confluent.security.authorizer.EmbeddedAuthorizer

    accessRuleProvider, accessRuleProviders, auditLogProvider, authorize, clearAuthorizerProvidersMap, close, getRbacGroupProvider, groupProvider, metadataProvider, removeFromAuthorizerProvidersMap, start

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface io.confluent.security.authorizer.Authorizer

    authorize, authorize, authorize

    Methods inherited from interface org.apache.kafka.server.authorizer.Authorizer

    config, registerAclUpdateListener

    Methods inherited from interface java.io.Closeable

    close

    Methods inherited from interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    createAcls, createInactiveAcls, hardDeleteAcls, validateCreateAclState, validateDeleteAclState

  • Constructor Details

    • ConfluentServerAuthorizer

      public ConfluentServerAuthorizer()

  • Method Details

    • configure

      public void configure(Map<String,?> configs)
      Specified by:
      configure in interface org.apache.kafka.common.Configurable
      Overrides:
      configure in class io.confluent.security.authorizer.EmbeddedAuthorizer

    • reconfigurableConfigs

      public Set<String> reconfigurableConfigs()
      Specified by:
      reconfigurableConfigs in interface org.apache.kafka.common.Reconfigurable

    • validateReconfiguration

      public void validateReconfiguration(Map<String,?> configs) throws org.apache.kafka.common.config.ConfigException
      Specified by:
      validateReconfiguration in interface org.apache.kafka.common.Reconfigurable
      Throws:
      org.apache.kafka.common.config.ConfigException

    • reconfigure

      public void reconfigure(Map<String,?> configs)
      Specified by:
      reconfigure in interface org.apache.kafka.common.Reconfigurable

    • configureServerInfo

      public void configureServerInfo(org.apache.kafka.server.authorizer.internals.ConfluentAuthorizerServerInfo serverInfo)
      Overrides:
      configureServerInfo in class io.confluent.security.authorizer.EmbeddedAuthorizer

    • start

      public Map<org.apache.kafka.common.Endpoint, ? extends CompletionStage<Void>> start(org.apache.kafka.server.authorizer.AuthorizerServerInfo serverInfo)
      Specified by:
      start in interface org.apache.kafka.server.authorizer.Authorizer

    • authorize

      public List<org.apache.kafka.server.authorizer.AuthorizationResult> authorize(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.server.authorizer.Action> actions)
      Specified by:
      authorize in interface org.apache.kafka.server.authorizer.Authorizer

    • authorizeByResourceType

      public org.apache.kafka.server.authorizer.AuthorizationResult authorizeByResourceType(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, org.apache.kafka.common.acl.AclOperation op, org.apache.kafka.common.resource.ResourceType resourceType)
      Specified by:
      authorizeByResourceType in interface org.apache.kafka.server.authorizer.Authorizer

    • setAclMutator

      public void setAclMutator(org.apache.kafka.metadata.authorizer.AclMutator aclMutator)
      Specified by:
      setAclMutator in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • aclMutatorOrException

      public org.apache.kafka.metadata.authorizer.AclMutator aclMutatorOrException()
      Specified by:
      aclMutatorOrException in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • completeInitialLoad

      public void completeInitialLoad()
      Specified by:
      completeInitialLoad in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • completeInitialLoad

      public void completeInitialLoad(Exception e)
      Specified by:
      completeInitialLoad in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • loadAclSnapshot

      public void loadAclSnapshot(Map<org.apache.kafka.common.Uuid, org.apache.kafka.metadata.authorizer.ConfluentStandardAcl> acls)
      Specified by:
      loadAclSnapshot in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • applyAclChanges

      public void applyAclChanges(Map<org.apache.kafka.common.Uuid, Optional<org.apache.kafka.metadata.authorizer.ConfluentStandardAcl>> aclChanges)
      Specified by:
      applyAclChanges in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • createAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings)
      Specified by:
      createAcls in interface org.apache.kafka.server.authorizer.Authorizer
      Specified by:
      createAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • createAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclCreateResult>> createAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBinding> aclBindings, Optional<String> clusterId)
      Specified by:
      createAcls in interface org.apache.kafka.server.authorizer.Authorizer

    • deleteAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters)
      Specified by:
      deleteAcls in interface org.apache.kafka.server.authorizer.Authorizer
      Specified by:
      deleteAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • deleteAcls

      public List<? extends CompletionStage<org.apache.kafka.server.authorizer.AclDeleteResult>> deleteAcls(org.apache.kafka.server.authorizer.AuthorizableRequestContext requestContext, List<org.apache.kafka.common.acl.AclBindingFilter> aclBindingFilters, Optional<String> clusterId, org.apache.kafka.common.acl.AclState aclState)
      Specified by:
      deleteAcls in interface org.apache.kafka.server.authorizer.Authorizer
      Specified by:
      deleteAcls in interface org.apache.kafka.metadata.authorizer.ClusterMetadataAuthorizer

    • acls

      public Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter)
      Specified by:
      acls in interface org.apache.kafka.server.authorizer.Authorizer

    • acls

      public Iterable<org.apache.kafka.common.acl.AclBinding> acls(org.apache.kafka.common.acl.AclBindingFilter filter, org.apache.kafka.common.acl.AclState aclState)
      Specified by:
      acls in interface org.apache.kafka.server.authorizer.Authorizer

    • aclCount

      public int aclCount()
      Specified by:
      aclCount in interface org.apache.kafka.server.authorizer.Authorizer

    • buildAction

      public io.confluent.security.authorizer.Action buildAction(org.apache.kafka.server.authorizer.Action kafkaAction, org.apache.kafka.common.resource.ResourcePattern kafkaResourcePattern, org.apache.kafka.common.security.auth.KafkaPrincipal principal, io.confluent.security.authorizer.Scope scope)