Examples with SimpleAclRule io.strimzi.operator.user.model.acl.SimpleAclRule used on opensource projects

Search in sources :

Example 11 with SimpleAclRule

use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.

the class SimpleAclOperator method getAclBindingFilters.

/**
 * Utility method for preparing AclBindingFilters for deleting ACLs
 *
 * @param username Name of the user
 * @param aclRules ACL rules which should be deleted
 *
 * @return The Future with reconcile result
 */
private Collection<AclBindingFilter> getAclBindingFilters(String username, Set<SimpleAclRule> aclRules) {
    KafkaPrincipal principal = new KafkaPrincipal("User", username);
    Collection<AclBindingFilter> aclBindingFilters = new ArrayList<>();
    for (SimpleAclRule rule : aclRules) {
        aclBindingFilters.add(rule.toKafkaAclBinding(principal).toFilter());
    }
    return aclBindingFilters;
}
Also used : AclBindingFilter(org.apache.kafka.common.acl.AclBindingFilter) ArrayList(java.util.ArrayList) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal)

Example 12 with SimpleAclRule

use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.

the class SimpleAclOperator method getAsync.

/**
 * Returns Set of ACLs applying to single user.
 *
 * @param reconciliation The reconciliation
 * @param username  Name of the user.
 *
 * @return The Set of ACLs applying to single user.
 */
private Future<Set<SimpleAclRule>> getAsync(Reconciliation reconciliation, String username) {
    LOGGER.debugCr(reconciliation, "Searching for ACL rules of user {}", username);
    KafkaPrincipal principal = new KafkaPrincipal("User", username);
    AclBindingFilter aclBindingFilter = new AclBindingFilter(ResourcePatternFilter.ANY, new AccessControlEntryFilter(principal.toString(), null, AclOperation.ANY, AclPermissionType.ANY));
    return Util.kafkaFutureToVertxFuture(reconciliation, vertx, adminClient.describeAcls(aclBindingFilter).values()).compose(aclBindings -> {
        Set<SimpleAclRule> result = new HashSet<>(aclBindings.size());
        LOGGER.debugCr(reconciliation, "ACL rules for user {}", username);
        for (AclBinding aclBinding : aclBindings) {
            LOGGER.debugOp("{}", aclBinding);
            result.add(SimpleAclRule.fromAclBinding(aclBinding));
        }
        return Future.succeededFuture(result);
    });
}
Also used : AclBindingFilter(org.apache.kafka.common.acl.AclBindingFilter) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) AclBinding(org.apache.kafka.common.acl.AclBinding) AccessControlEntryFilter(org.apache.kafka.common.acl.AccessControlEntryFilter) HashSet(java.util.HashSet)

Example 13 with SimpleAclRule

use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.

the class SimpleAclOperatorIT method get.

@Override
Set<SimpleAclRule> get(String username) {
    KafkaPrincipal principal = new KafkaPrincipal("User", username);
    AclBindingFilter aclBindingFilter = new AclBindingFilter(ResourcePatternFilter.ANY, new AccessControlEntryFilter(principal.toString(), null, org.apache.kafka.common.acl.AclOperation.ANY, AclPermissionType.ANY));
    Collection<AclBinding> aclBindings;
    try {
        aclBindings = adminClient.describeAcls(aclBindingFilter).values().get();
    } catch (InterruptedException | ExecutionException e) {
        throw new RuntimeException("Failed to get ACLs", e);
    }
    Set<SimpleAclRule> result = new HashSet<>(aclBindings.size());
    for (AclBinding aclBinding : aclBindings) {
        result.add(SimpleAclRule.fromAclBinding(aclBinding));
    }
    return result.isEmpty() ? null : result;
}
Also used : AclBindingFilter(org.apache.kafka.common.acl.AclBindingFilter) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) AclBinding(org.apache.kafka.common.acl.AclBinding) ExecutionException(java.util.concurrent.ExecutionException) AccessControlEntryFilter(org.apache.kafka.common.acl.AccessControlEntryFilter) HashSet(java.util.HashSet)

Example 14 with SimpleAclRule

use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi by strimzi.

the class SimpleAclOperatorIT method getModified.

@Override
Set<SimpleAclRule> getModified() {
    Set<SimpleAclRule> acls = new HashSet<>();
    acls.add(new SimpleAclRule(AclRuleType.ALLOW, new SimpleAclRuleResource("my-topic", SimpleAclRuleResourceType.TOPIC, AclResourcePatternType.LITERAL), "*", AclOperation.DESCRIBE));
    acls.add(new SimpleAclRule(AclRuleType.ALLOW, new SimpleAclRuleResource("my-topic", SimpleAclRuleResourceType.TOPIC, AclResourcePatternType.LITERAL), "*", AclOperation.WRITE));
    acls.add(new SimpleAclRule(AclRuleType.ALLOW, new SimpleAclRuleResource("my-topic", SimpleAclRuleResourceType.TOPIC, AclResourcePatternType.LITERAL), "*", AclOperation.CREATE));
    return acls;
}
Also used : SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule) HashSet(java.util.HashSet) SimpleAclRuleResource(io.strimzi.operator.user.model.acl.SimpleAclRuleResource)

Example 15 with SimpleAclRule

use of io.strimzi.operator.user.model.acl.SimpleAclRule in project strimzi-kafka-operator by strimzi.

the class KafkaUserOperator method reconcileCredentialsQuotasAndAcls.

/**
 * Reconciles the credentials, quotas and ACLs
 *
 * @param reconciliation    Unique identification for the reconciliation
 * @param user              Model describing the KafkaUser
 * @param userStatus        Status subresource of the KafkaUser custom resource
 *
 * @return                  Future describing the result
 */
private CompositeFuture reconcileCredentialsQuotasAndAcls(Reconciliation reconciliation, KafkaUserModel user, KafkaUserStatus userStatus) {
    Set<SimpleAclRule> tlsAcls = null;
    Set<SimpleAclRule> scramOrNoneAcls = null;
    KafkaUserQuotas tlsQuotas = null;
    KafkaUserQuotas scramOrNoneQuotas = null;
    if (user.isTlsUser() || user.isTlsExternalUser()) {
        tlsAcls = user.getSimpleAclRules();
        tlsQuotas = user.getQuotas();
    } else if (user.isScramUser() || user.isNoneUser()) {
        scramOrNoneAcls = user.getSimpleAclRules();
        scramOrNoneQuotas = user.getQuotas();
    }
    // Reconcile the user SCRAM-SHA-512 credentials
    Future<ReconcileResult<String>> scramCredentialsFuture = scramCredentialsOperator.reconcile(reconciliation, user.getName(), user.getScramSha512Password());
    // Quotas need to reconciled for both regular and TLS username. It will be (possibly) set for one user and deleted for the other
    Future<ReconcileResult<KafkaUserQuotas>> tlsQuotasFuture = quotasOperator.reconcile(reconciliation, KafkaUserModel.getTlsUserName(reconciliation.name()), tlsQuotas);
    Future<ReconcileResult<KafkaUserQuotas>> quotasFuture = quotasOperator.reconcile(reconciliation, KafkaUserModel.getScramUserName(reconciliation.name()), scramOrNoneQuotas);
    // Reconcile the user secret generated by the user operator with the credentials
    Future<ReconcileResult<Secret>> userSecretFuture = reconcileUserSecret(reconciliation, user, userStatus);
    // ACLs need to reconciled for both regular and TLS username. It will be (possibly) set for one user and deleted for the other
    Future<ReconcileResult<Set<SimpleAclRule>>> aclsTlsUserFuture;
    Future<ReconcileResult<Set<SimpleAclRule>>> aclsScramUserFuture;
    if (config.isAclsAdminApiSupported()) {
        aclsTlsUserFuture = aclOperations.reconcile(reconciliation, KafkaUserModel.getTlsUserName(reconciliation.name()), tlsAcls);
        aclsScramUserFuture = aclOperations.reconcile(reconciliation, KafkaUserModel.getScramUserName(reconciliation.name()), scramOrNoneAcls);
    } else {
        aclsTlsUserFuture = Future.succeededFuture(ReconcileResult.noop(null));
        aclsScramUserFuture = Future.succeededFuture(ReconcileResult.noop(null));
    }
    return CompositeFuture.join(scramCredentialsFuture, tlsQuotasFuture, quotasFuture, aclsTlsUserFuture, aclsScramUserFuture, userSecretFuture);
}
Also used : KafkaUserQuotas(io.strimzi.api.kafka.model.KafkaUserQuotas) ReconcileResult(io.strimzi.operator.common.operator.resource.ReconcileResult) SimpleAclRule(io.strimzi.operator.user.model.acl.SimpleAclRule)

Aggregations

SimpleAclRule (io.strimzi.operator.user.model.acl.SimpleAclRule)42 HashSet (java.util.HashSet)36 Reconciliation (io.strimzi.operator.common.Reconciliation)26 Vertx (io.vertx.core.Vertx)26 Checkpoint (io.vertx.junit5.Checkpoint)26 VertxExtension (io.vertx.junit5.VertxExtension)26 VertxTestContext (io.vertx.junit5.VertxTestContext)26 Arrays.asList (java.util.Arrays.asList)26 Set (java.util.Set)26 CoreMatchers.is (org.hamcrest.CoreMatchers.is)26 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)26 Matchers.hasSize (org.hamcrest.Matchers.hasSize)26 AfterAll (org.junit.jupiter.api.AfterAll)26 BeforeAll (org.junit.jupiter.api.BeforeAll)26 Test (org.junit.jupiter.api.Test)26 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)26 ArgumentCaptor (org.mockito.ArgumentCaptor)26 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)26 Mockito.mock (org.mockito.Mockito.mock)26 Mockito.when (org.mockito.Mockito.when)26
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial