Example 1 with VersionedAcls
use of kafka.security.authorizer.AclAuthorizer.VersionedAcls in project kafka by apache.
the class AclAuthorizerBenchmark method prepareAclCache.
private void prepareAclCache() {
Map<ResourcePattern, Set<AclEntry>> aclEntries = new HashMap<>();
for (int resourceId = 0; resourceId < resourceCount; resourceId++) {
ResourcePattern resource = new ResourcePattern((resourceId % 10 == 0) ? ResourceType.GROUP : ResourceType.TOPIC, resourceNamePrefix + resourceId, (resourceId % 5 == 0) ? PatternType.PREFIXED : PatternType.LITERAL);
Set<AclEntry> entries = aclEntries.computeIfAbsent(resource, k -> new HashSet<>());
for (int aclId = 0; aclId < aclCount; aclId++) {
// The principal in the request context we are using
// is principal.toString without any suffix
String principalName = principal.toString() + (aclId == 0 ? "" : aclId);
AccessControlEntry allowAce = new AccessControlEntry(principalName, "*", AclOperation.READ, AclPermissionType.ALLOW);
entries.add(new AclEntry(allowAce));
if (shouldDeny()) {
// dominantly deny the resource
AccessControlEntry denyAce = new AccessControlEntry(principalName, "*", AclOperation.READ, AclPermissionType.DENY);
entries.add(new AclEntry(denyAce));
}
}
}
ResourcePattern resourcePrefix = new ResourcePattern(ResourceType.TOPIC, resourceNamePrefix, PatternType.PREFIXED);
Set<AclEntry> entriesPrefix = aclEntries.computeIfAbsent(resourcePrefix, k -> new HashSet<>());
for (int hostId = 0; hostId < hostPreCount; hostId++) {
AccessControlEntry allowAce = new AccessControlEntry(principal.toString(), "127.0.0." + hostId, AclOperation.READ, AclPermissionType.ALLOW);
entriesPrefix.add(new AclEntry(allowAce));
if (shouldDeny()) {
// dominantly deny the resource
AccessControlEntry denyAce = new AccessControlEntry(principal.toString(), "127.0.0." + hostId, AclOperation.READ, AclPermissionType.DENY);
entriesPrefix.add(new AclEntry(denyAce));
}
}
ResourcePattern resourceWildcard = new ResourcePattern(ResourceType.TOPIC, ResourcePattern.WILDCARD_RESOURCE, PatternType.LITERAL);
Set<AclEntry> entriesWildcard = aclEntries.computeIfAbsent(resourceWildcard, k -> new HashSet<>());
// get dynamic entries number for wildcard acl
for (int hostId = 0; hostId < resourceCount / 10; hostId++) {
String hostName = "127.0.0" + hostId;
// If we didn't skip the host, we would end up having a biased short runtime.
if (hostName.equals(authorizeByResourceTypeHostName)) {
continue;
}
AccessControlEntry allowAce = new AccessControlEntry(principal.toString(), hostName, AclOperation.READ, AclPermissionType.ALLOW);
entriesWildcard.add(new AclEntry(allowAce));
if (shouldDeny()) {
AccessControlEntry denyAce = new AccessControlEntry(principal.toString(), hostName, AclOperation.READ, AclPermissionType.DENY);
entriesWildcard.add(new AclEntry(denyAce));
}
}
for (Map.Entry<ResourcePattern, Set<AclEntry>> entryMap : aclEntries.entrySet()) {
aclAuthorizer.updateCache(entryMap.getKey(), new VersionedAcls(JavaConverters.asScalaSetConverter(entryMap.getValue()).asScala().toSet(), 1));
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
ResourcePattern(org.apache.kafka.common.resource.ResourcePattern)
AclEntry(kafka.security.authorizer.AclEntry)
AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry)
VersionedAcls(kafka.security.authorizer.AclAuthorizer.VersionedAcls)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
Set (java.util.Set)1
VersionedAcls (kafka.security.authorizer.AclAuthorizer.VersionedAcls)1
AclEntry (kafka.security.authorizer.AclEntry)1
AccessControlEntry (org.apache.kafka.common.acl.AccessControlEntry)1
ResourcePattern (org.apache.kafka.common.resource.ResourcePattern)1
