use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class AclBindingTest method testMatching.
@Test
public void testMatching() throws Exception {
assertTrue(ACL1.equals(ACL1));
final AclBinding acl1Copy = new AclBinding(new Resource(ResourceType.TOPIC, "mytopic"), new AccessControlEntry("User:ANONYMOUS", "", AclOperation.ALL, AclPermissionType.ALLOW));
assertTrue(ACL1.equals(acl1Copy));
assertTrue(acl1Copy.equals(ACL1));
assertTrue(ACL2.equals(ACL2));
assertFalse(ACL1.equals(ACL2));
assertFalse(ACL2.equals(ACL1));
assertTrue(AclBindingFilter.ANY.matches(ACL1));
assertFalse(AclBindingFilter.ANY.equals(ACL1));
assertTrue(AclBindingFilter.ANY.matches(ACL2));
assertFalse(AclBindingFilter.ANY.equals(ACL2));
assertTrue(AclBindingFilter.ANY.matches(ACL3));
assertFalse(AclBindingFilter.ANY.equals(ACL3));
assertTrue(AclBindingFilter.ANY.equals(AclBindingFilter.ANY));
assertTrue(ANY_ANONYMOUS.matches(ACL1));
assertFalse(ANY_ANONYMOUS.equals(ACL1));
assertFalse(ANY_ANONYMOUS.matches(ACL2));
assertFalse(ANY_ANONYMOUS.equals(ACL2));
assertTrue(ANY_ANONYMOUS.matches(ACL3));
assertFalse(ANY_ANONYMOUS.equals(ACL3));
assertFalse(ANY_DENY.matches(ACL1));
assertFalse(ANY_DENY.matches(ACL2));
assertTrue(ANY_DENY.matches(ACL3));
assertTrue(ANY_MYTOPIC.matches(ACL1));
assertTrue(ANY_MYTOPIC.matches(ACL2));
assertFalse(ANY_MYTOPIC.matches(ACL3));
assertTrue(ANY_ANONYMOUS.matches(UNKNOWN_ACL));
assertTrue(ANY_DENY.matches(UNKNOWN_ACL));
assertTrue(UNKNOWN_ACL.equals(UNKNOWN_ACL));
assertFalse(ANY_MYTOPIC.matches(UNKNOWN_ACL));
}
use of org.apache.kafka.common.resource.Resource in project ksql by confluentinc.
the class EmbeddedSingleNodeKafkaCluster method addUserAcl.
/**
* Writes the supplied ACL information to ZK, where it will be picked up by the brokes authorizer.
*
* @param username the who.
* @param permission the allow|deny.
* @param resource the thing
* @param ops the what.
*/
public void addUserAcl(final String username, final AclPermissionType permission, final Resource resource, final Set<AclOperation> ops) {
final KafkaPrincipal principal = new KafkaPrincipal("User", username);
final PermissionType scalaPermission = PermissionType$.MODULE$.fromJava(permission);
final Set<Acl> javaAcls = ops.stream().map(Operation$.MODULE$::fromJava).map(op -> new Acl(principal, scalaPermission, "*", op)).collect(Collectors.toSet());
final scala.collection.immutable.Set<Acl> scalaAcls = JavaConversions.asScalaSet(javaAcls).toSet();
kafka.security.auth.ResourceType scalaResType = ResourceType$.MODULE$.fromJava(resource.resourceType());
final kafka.security.auth.Resource scalaResource = new kafka.security.auth.Resource(scalaResType, resource.name());
authorizer.addAcls(scalaAcls, scalaResource);
addedAcls.add(scalaResource);
}
use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class RequestResponseTest method createDeleteAclsResponse.
private DeleteAclsResponse createDeleteAclsResponse() {
List<AclFilterResponse> responses = new ArrayList<>();
responses.add(new AclFilterResponse(Utils.mkSet(new AclDeletionResult(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic3"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW))), new AclDeletionResult(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic4"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.DESCRIBE, AclPermissionType.DENY))))));
responses.add(new AclFilterResponse(new ApiError(Errors.SECURITY_DISABLED, "No security"), Collections.<AclDeletionResult>emptySet()));
return new DeleteAclsResponse(0, responses);
}
use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class RequestResponseTest method createCreateAclsRequest.
private CreateAclsRequest createCreateAclsRequest() {
List<AclCreation> creations = new ArrayList<>();
creations.add(new AclCreation(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic"), new AccessControlEntry("User:ANONYMOUS", "127.0.0.1", AclOperation.READ, AclPermissionType.ALLOW))));
creations.add(new AclCreation(new AclBinding(new Resource(ResourceType.GROUP, "mygroup"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.WRITE, AclPermissionType.DENY))));
return new CreateAclsRequest.Builder(creations).build();
}
use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class DescribeAclsResponse method toStruct.
@Override
protected Struct toStruct(short version) {
Struct struct = new Struct(ApiKeys.DESCRIBE_ACLS.responseSchema(version));
struct.set(THROTTLE_TIME_MS, throttleTimeMs);
error.write(struct);
Map<Resource, List<AccessControlEntry>> resourceToData = new HashMap<>();
for (AclBinding acl : acls) {
List<AccessControlEntry> entry = resourceToData.get(acl.resource());
if (entry == null) {
entry = new ArrayList<>();
resourceToData.put(acl.resource(), entry);
}
entry.add(acl.entry());
}
List<Struct> resourceStructs = new ArrayList<>();
for (Map.Entry<Resource, List<AccessControlEntry>> tuple : resourceToData.entrySet()) {
Resource resource = tuple.getKey();
Struct resourceStruct = struct.instance(RESOURCES_KEY_NAME);
RequestUtils.resourceSetStructFields(resource, resourceStruct);
List<Struct> dataStructs = new ArrayList<>();
for (AccessControlEntry entry : tuple.getValue()) {
Struct dataStruct = resourceStruct.instance(ACLS_KEY_NAME);
RequestUtils.aceSetStructFields(entry, dataStruct);
dataStructs.add(dataStruct);
}
resourceStruct.set(ACLS_KEY_NAME, dataStructs.toArray());
resourceStructs.add(resourceStruct);
}
struct.set(RESOURCES_KEY_NAME, resourceStructs.toArray());
return struct;
}
Aggregations