Examples with AclEntry - kafka.security.authorizer.AclEntry

Example 1 with AclEntry

use of kafka.security.authorizer.AclEntry in project kafka by apache.

the class AclAuthorizerBenchmark method prepareAclCache.

private void prepareAclCache() {
    Map<ResourcePattern, Set<AclEntry>> aclEntries = new HashMap<>();
    for (int resourceId = 0; resourceId < resourceCount; resourceId++) {
        ResourcePattern resource = new ResourcePattern((resourceId % 10 == 0) ? ResourceType.GROUP : ResourceType.TOPIC, resourceNamePrefix + resourceId, (resourceId % 5 == 0) ? PatternType.PREFIXED : PatternType.LITERAL);
        Set<AclEntry> entries = aclEntries.computeIfAbsent(resource, k -> new HashSet<>());
        for (int aclId = 0; aclId < aclCount; aclId++) {
            // The principal in the request context we are using
            // is principal.toString without any suffix
            String principalName = principal.toString() + (aclId == 0 ? "" : aclId);
            AccessControlEntry allowAce = new AccessControlEntry(principalName, "*", AclOperation.READ, AclPermissionType.ALLOW);
            entries.add(new AclEntry(allowAce));
            if (shouldDeny()) {
                // dominantly deny the resource
                AccessControlEntry denyAce = new AccessControlEntry(principalName, "*", AclOperation.READ, AclPermissionType.DENY);
                entries.add(new AclEntry(denyAce));
            }
        }
    }
    ResourcePattern resourcePrefix = new ResourcePattern(ResourceType.TOPIC, resourceNamePrefix, PatternType.PREFIXED);
    Set<AclEntry> entriesPrefix = aclEntries.computeIfAbsent(resourcePrefix, k -> new HashSet<>());
    for (int hostId = 0; hostId < hostPreCount; hostId++) {
        AccessControlEntry allowAce = new AccessControlEntry(principal.toString(), "127.0.0." + hostId, AclOperation.READ, AclPermissionType.ALLOW);
        entriesPrefix.add(new AclEntry(allowAce));
        if (shouldDeny()) {
            // dominantly deny the resource
            AccessControlEntry denyAce = new AccessControlEntry(principal.toString(), "127.0.0." + hostId, AclOperation.READ, AclPermissionType.DENY);
            entriesPrefix.add(new AclEntry(denyAce));
        }
    }
    ResourcePattern resourceWildcard = new ResourcePattern(ResourceType.TOPIC, ResourcePattern.WILDCARD_RESOURCE, PatternType.LITERAL);
    Set<AclEntry> entriesWildcard = aclEntries.computeIfAbsent(resourceWildcard, k -> new HashSet<>());
    // get dynamic entries number for wildcard acl
    for (int hostId = 0; hostId < resourceCount / 10; hostId++) {
        String hostName = "127.0.0" + hostId;
        // If we didn't skip the host, we would end up having a biased short runtime.
        if (hostName.equals(authorizeByResourceTypeHostName)) {
            continue;
        }
        AccessControlEntry allowAce = new AccessControlEntry(principal.toString(), hostName, AclOperation.READ, AclPermissionType.ALLOW);
        entriesWildcard.add(new AclEntry(allowAce));
        if (shouldDeny()) {
            AccessControlEntry denyAce = new AccessControlEntry(principal.toString(), hostName, AclOperation.READ, AclPermissionType.DENY);
            entriesWildcard.add(new AclEntry(denyAce));
        }
    }
    for (Map.Entry<ResourcePattern, Set<AclEntry>> entryMap : aclEntries.entrySet()) {
        aclAuthorizer.updateCache(entryMap.getKey(), new VersionedAcls(JavaConverters.asScalaSetConverter(entryMap.getValue()).asScala().toSet(), 1));
    }
}

Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) ResourcePattern(org.apache.kafka.common.resource.ResourcePattern) AclEntry(kafka.security.authorizer.AclEntry) AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry) VersionedAcls(kafka.security.authorizer.AclAuthorizer.VersionedAcls) HashMap(java.util.HashMap) Map(java.util.Map)

Example 2 with AclEntry

use of kafka.security.authorizer.AclEntry in project kafka by apache.

the class AclAuthorizerBenchmark method prepareAclToUpdate.

private void prepareAclToUpdate() {
    scala.collection.mutable.Set<AclEntry> entries = new scala.collection.mutable.HashSet<>();
    for (int i = 0; i < resourceCount; i++) {
        scala.collection.immutable.Set<AclEntry> immutable = new scala.collection.immutable.HashSet<>();
        for (int j = 0; j < aclCount; j++) {
            entries.add(new AclEntry(new AccessControlEntry(principal.toString(), "127.0.0" + j, AclOperation.WRITE, AclPermissionType.ALLOW)));
            immutable = entries.toSet();
        }
        aclToUpdate.put(new ResourcePattern(ResourceType.TOPIC, randomResourceName(resourceNamePrefix), PatternType.LITERAL), new AclAuthorizer.VersionedAcls(immutable, i));
    }
}

Also used : AclAuthorizer(kafka.security.authorizer.AclAuthorizer) ResourcePattern(org.apache.kafka.common.resource.ResourcePattern) AclEntry(kafka.security.authorizer.AclEntry) AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry) VersionedAcls(kafka.security.authorizer.AclAuthorizer.VersionedAcls) HashSet(java.util.HashSet)

Aggregations

HashSet (java.util.HashSet)2 VersionedAcls (kafka.security.authorizer.AclAuthorizer.VersionedAcls)2 AclEntry (kafka.security.authorizer.AclEntry)2 AccessControlEntry (org.apache.kafka.common.acl.AccessControlEntry)2 ResourcePattern (org.apache.kafka.common.resource.ResourcePattern)2 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Set (java.util.Set)1 AclAuthorizer (kafka.security.authorizer.AclAuthorizer)1