Examples with AuthPolicies - com.yahoo.pulsar.common.policies.data.AuthPolicies

Example 1 with AuthPolicies

use of com.yahoo.pulsar.common.policies.data.AuthPolicies in project pulsar by yahoo.

the class PersistentTopics method getPermissionsOnDestination.

@GET
@Path("/{property}/{cluster}/{namespace}/{destination}/permissions")
@ApiOperation(value = "Get permissions on a destination.", notes = "Retrieve the effective permissions for a destination. These permissions are defined by the permissions set at the" + "namespace level combined (union) with any eventual specific permission set on the destination.")
@ApiResponses(value = { @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Namespace doesn't exist") })
public Map<String, Set<AuthAction>> getPermissionsOnDestination(@PathParam("property") String property, @PathParam("cluster") String cluster, @PathParam("namespace") String namespace, @PathParam("destination") @Encoded String destination) {
    // This operation should be reading from zookeeper and it should be allowed without having admin privileges
    destination = decode(destination);
    validateAdminAccessOnProperty(property);
    String destinationUri = DestinationName.get(domain(), property, cluster, namespace, destination).toString();
    try {
        Policies policies = policiesCache().get(path("policies", property, cluster, namespace)).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Namespace does not exist"));
        Map<String, Set<AuthAction>> permissions = Maps.newTreeMap();
        AuthPolicies auth = policies.auth_policies;
        // First add namespace level permissions
        for (String role : auth.namespace_auth.keySet()) {
            permissions.put(role, auth.namespace_auth.get(role));
        }
        // Then add destination level permissions
        if (auth.destination_auth.containsKey(destinationUri)) {
            for (Map.Entry<String, Set<AuthAction>> entry : auth.destination_auth.get(destinationUri).entrySet()) {
                String role = entry.getKey();
                Set<AuthAction> destinationPermissions = entry.getValue();
                if (!permissions.containsKey(role)) {
                    permissions.put(role, destinationPermissions);
                } else {
                    // Do the union between namespace and destination level
                    Set<AuthAction> union = Sets.union(permissions.get(role), destinationPermissions);
                    permissions.put(role, union);
                }
            }
        }
        return permissions;
    } catch (Exception e) {
        log.error("[{}] Failed to get permissions for destination {}", clientAppId(), destinationUri, e);
        throw new RestException(e);
    }
}

Also used : AuthPolicies(com.yahoo.pulsar.common.policies.data.AuthPolicies) Policies(com.yahoo.pulsar.common.policies.data.Policies) AuthPolicies(com.yahoo.pulsar.common.policies.data.AuthPolicies) Set(java.util.Set) RestException(com.yahoo.pulsar.broker.web.RestException) Map(java.util.Map) TreeMap(java.util.TreeMap) RestException(com.yahoo.pulsar.broker.web.RestException) TopicBusyException(com.yahoo.pulsar.broker.service.BrokerServiceException.TopicBusyException) WebApplicationException(javax.ws.rs.WebApplicationException) PulsarClientException(com.yahoo.pulsar.client.api.PulsarClientException) PreconditionFailedException(com.yahoo.pulsar.client.admin.PulsarAdminException.PreconditionFailedException) SubscriptionBusyException(com.yahoo.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException) NotFoundException(com.yahoo.pulsar.client.admin.PulsarAdminException.NotFoundException) NotAllowedException(com.yahoo.pulsar.broker.service.BrokerServiceException.NotAllowedException) KeeperException(org.apache.zookeeper.KeeperException) IOException(java.io.IOException) AuthAction(com.yahoo.pulsar.common.policies.data.AuthAction) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

NotAllowedException (com.yahoo.pulsar.broker.service.BrokerServiceException.NotAllowedException)1 SubscriptionBusyException (com.yahoo.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException)1 TopicBusyException (com.yahoo.pulsar.broker.service.BrokerServiceException.TopicBusyException)1 RestException (com.yahoo.pulsar.broker.web.RestException)1 NotFoundException (com.yahoo.pulsar.client.admin.PulsarAdminException.NotFoundException)1 PreconditionFailedException (com.yahoo.pulsar.client.admin.PulsarAdminException.PreconditionFailedException)1 PulsarClientException (com.yahoo.pulsar.client.api.PulsarClientException)1 AuthAction (com.yahoo.pulsar.common.policies.data.AuthAction)1 AuthPolicies (com.yahoo.pulsar.common.policies.data.AuthPolicies)1 Policies (com.yahoo.pulsar.common.policies.data.Policies)1 ApiOperation (io.swagger.annotations.ApiOperation)1 ApiResponses (io.swagger.annotations.ApiResponses)1 IOException (java.io.IOException)1 Map (java.util.Map)1 Set (java.util.Set)1 TreeMap (java.util.TreeMap)1 GET (javax.ws.rs.GET)1 Path (javax.ws.rs.Path)1 WebApplicationException (javax.ws.rs.WebApplicationException)1 KeeperException (org.apache.zookeeper.KeeperException)1