Example 1 with AuthAction
use of com.yahoo.pulsar.common.policies.data.AuthAction in project pulsar by yahoo.
the class PersistentTopics method getPermissionsOnDestination.
@GET
@Path("/{property}/{cluster}/{namespace}/{destination}/permissions")
@ApiOperation(value = "Get permissions on a destination.", notes = "Retrieve the effective permissions for a destination. These permissions are defined by the permissions set at the" + "namespace level combined (union) with any eventual specific permission set on the destination.")
@ApiResponses(value = { @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Namespace doesn't exist") })
public Map<String, Set<AuthAction>> getPermissionsOnDestination(@PathParam("property") String property, @PathParam("cluster") String cluster, @PathParam("namespace") String namespace, @PathParam("destination") @Encoded String destination) {
// This operation should be reading from zookeeper and it should be allowed without having admin privileges
destination = decode(destination);
validateAdminAccessOnProperty(property);
String destinationUri = DestinationName.get(domain(), property, cluster, namespace, destination).toString();
try {
Policies policies = policiesCache().get(path("policies", property, cluster, namespace)).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Namespace does not exist"));
Map<String, Set<AuthAction>> permissions = Maps.newTreeMap();
AuthPolicies auth = policies.auth_policies;
// First add namespace level permissions
for (String role : auth.namespace_auth.keySet()) {
permissions.put(role, auth.namespace_auth.get(role));
}
// Then add destination level permissions
if (auth.destination_auth.containsKey(destinationUri)) {
for (Map.Entry<String, Set<AuthAction>> entry : auth.destination_auth.get(destinationUri).entrySet()) {
String role = entry.getKey();
Set<AuthAction> destinationPermissions = entry.getValue();
if (!permissions.containsKey(role)) {
permissions.put(role, destinationPermissions);
} else {
// Do the union between namespace and destination level
Set<AuthAction> union = Sets.union(permissions.get(role), destinationPermissions);
permissions.put(role, union);
}
}
}
return permissions;
} catch (Exception e) {
log.error("[{}] Failed to get permissions for destination {}", clientAppId(), destinationUri, e);
throw new RestException(e);
}
}
Also used :
AuthPolicies(com.yahoo.pulsar.common.policies.data.AuthPolicies)
Policies(com.yahoo.pulsar.common.policies.data.Policies)
AuthPolicies(com.yahoo.pulsar.common.policies.data.AuthPolicies)
Set(java.util.Set)
RestException(com.yahoo.pulsar.broker.web.RestException)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
RestException(com.yahoo.pulsar.broker.web.RestException)
TopicBusyException(com.yahoo.pulsar.broker.service.BrokerServiceException.TopicBusyException)
WebApplicationException(javax.ws.rs.WebApplicationException)
PulsarClientException(com.yahoo.pulsar.client.api.PulsarClientException)
PreconditionFailedException(com.yahoo.pulsar.client.admin.PulsarAdminException.PreconditionFailedException)
SubscriptionBusyException(com.yahoo.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException)
NotFoundException(com.yahoo.pulsar.client.admin.PulsarAdminException.NotFoundException)
NotAllowedException(com.yahoo.pulsar.broker.service.BrokerServiceException.NotAllowedException)
KeeperException(org.apache.zookeeper.KeeperException)
IOException(java.io.IOException)
AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with AuthAction
use of com.yahoo.pulsar.common.policies.data.AuthAction in project pulsar by yahoo.
the class AdminTest method persistentTopics.
@Test
void persistentTopics() throws Exception {
final String property = "prop-xyz";
final String cluster = "use";
final String namespace = "ns";
final String destination = "ds1";
Policies policies = new Policies();
doReturn(policies).when(resourceQuotas).getNamespacePolicies(property, cluster, namespace);
doReturn("client-id").when(resourceQuotas).clientAppId();
// create policies
PropertyAdmin admin = new PropertyAdmin();
admin.getAllowedClusters().add(cluster);
ZkUtils.createFullPathOptimistic(mockZookKeeper, PulsarWebResource.path("policies", property, cluster, namespace), ObjectMapperFactory.getThreadLocal().writeValueAsBytes(new Policies()), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
List<String> list = persistentTopics.getList(property, cluster, namespace);
assertTrue(list.isEmpty());
// create destination
persistentTopics.createPartitionedTopic(property, cluster, namespace, destination, 5, false);
CountDownLatch notificationLatch = new CountDownLatch(2);
configurationCache.policiesCache().registerListener((path, data, stat) -> {
notificationLatch.countDown();
});
// grant permission
final Set<AuthAction> actions = Sets.newHashSet(AuthAction.produce);
final String role = "test-role";
persistentTopics.grantPermissionsOnDestination(property, cluster, namespace, destination, role, actions);
// verify permission
Map<String, Set<AuthAction>> permission = persistentTopics.getPermissionsOnDestination(property, cluster, namespace, destination);
assertEquals(permission.get(role), actions);
// remove permission
persistentTopics.revokePermissionsOnDestination(property, cluster, namespace, destination, role);
// Wait for cache to be updated
notificationLatch.await();
// verify removed permission
permission = persistentTopics.getPermissionsOnDestination(property, cluster, namespace, destination);
assertTrue(permission.isEmpty());
}
Also used :
Policies(com.yahoo.pulsar.common.policies.data.Policies)
Set(java.util.Set)
PropertyAdmin(com.yahoo.pulsar.common.policies.data.PropertyAdmin)
CountDownLatch(java.util.concurrent.CountDownLatch)
AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction)
Test(org.testng.annotations.Test)
MockedPulsarServiceBaseTest(com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)
Aggregations
AuthAction (com.yahoo.pulsar.common.policies.data.AuthAction)2
Policies (com.yahoo.pulsar.common.policies.data.Policies)2
Set (java.util.Set)2
MockedPulsarServiceBaseTest (com.yahoo.pulsar.broker.auth.MockedPulsarServiceBaseTest)1
NotAllowedException (com.yahoo.pulsar.broker.service.BrokerServiceException.NotAllowedException)1
SubscriptionBusyException (com.yahoo.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException)1
TopicBusyException (com.yahoo.pulsar.broker.service.BrokerServiceException.TopicBusyException)1
RestException (com.yahoo.pulsar.broker.web.RestException)1
NotFoundException (com.yahoo.pulsar.client.admin.PulsarAdminException.NotFoundException)1
PreconditionFailedException (com.yahoo.pulsar.client.admin.PulsarAdminException.PreconditionFailedException)1
PulsarClientException (com.yahoo.pulsar.client.api.PulsarClientException)1
AuthPolicies (com.yahoo.pulsar.common.policies.data.AuthPolicies)1
PropertyAdmin (com.yahoo.pulsar.common.policies.data.PropertyAdmin)1
ApiOperation (io.swagger.annotations.ApiOperation)1
ApiResponses (io.swagger.annotations.ApiResponses)1
IOException (java.io.IOException)1
Map (java.util.Map)1
TreeMap (java.util.TreeMap)1
CountDownLatch (java.util.concurrent.CountDownLatch)1
GET (javax.ws.rs.GET)1
