Search in sources :

Example 1 with Resource

use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.

the class AclBindingTest method testMatching.

@Test
public void testMatching() throws Exception {
    assertTrue(ACL1.equals(ACL1));
    final AclBinding acl1Copy = new AclBinding(new Resource(ResourceType.TOPIC, "mytopic"), new AccessControlEntry("User:ANONYMOUS", "", AclOperation.ALL, AclPermissionType.ALLOW));
    assertTrue(ACL1.equals(acl1Copy));
    assertTrue(acl1Copy.equals(ACL1));
    assertTrue(ACL2.equals(ACL2));
    assertFalse(ACL1.equals(ACL2));
    assertFalse(ACL2.equals(ACL1));
    assertTrue(AclBindingFilter.ANY.matches(ACL1));
    assertFalse(AclBindingFilter.ANY.equals(ACL1));
    assertTrue(AclBindingFilter.ANY.matches(ACL2));
    assertFalse(AclBindingFilter.ANY.equals(ACL2));
    assertTrue(AclBindingFilter.ANY.matches(ACL3));
    assertFalse(AclBindingFilter.ANY.equals(ACL3));
    assertTrue(AclBindingFilter.ANY.equals(AclBindingFilter.ANY));
    assertTrue(ANY_ANONYMOUS.matches(ACL1));
    assertFalse(ANY_ANONYMOUS.equals(ACL1));
    assertFalse(ANY_ANONYMOUS.matches(ACL2));
    assertFalse(ANY_ANONYMOUS.equals(ACL2));
    assertTrue(ANY_ANONYMOUS.matches(ACL3));
    assertFalse(ANY_ANONYMOUS.equals(ACL3));
    assertFalse(ANY_DENY.matches(ACL1));
    assertFalse(ANY_DENY.matches(ACL2));
    assertTrue(ANY_DENY.matches(ACL3));
    assertTrue(ANY_MYTOPIC.matches(ACL1));
    assertTrue(ANY_MYTOPIC.matches(ACL2));
    assertFalse(ANY_MYTOPIC.matches(ACL3));
    assertTrue(ANY_ANONYMOUS.matches(UNKNOWN_ACL));
    assertTrue(ANY_DENY.matches(UNKNOWN_ACL));
    assertTrue(UNKNOWN_ACL.equals(UNKNOWN_ACL));
    assertFalse(ANY_MYTOPIC.matches(UNKNOWN_ACL));
}
Also used : Resource(org.apache.kafka.common.resource.Resource) Test(org.junit.Test)

Example 2 with Resource

use of org.apache.kafka.common.resource.Resource in project ksql by confluentinc.

the class EmbeddedSingleNodeKafkaCluster method addUserAcl.

/**
 * Writes the supplied ACL information to ZK, where it will be picked up by the brokes authorizer.
 *
 * @param username    the who.
 * @param permission  the allow|deny.
 * @param resource    the thing
 * @param ops         the what.
 */
public void addUserAcl(final String username, final AclPermissionType permission, final Resource resource, final Set<AclOperation> ops) {
    final KafkaPrincipal principal = new KafkaPrincipal("User", username);
    final PermissionType scalaPermission = PermissionType$.MODULE$.fromJava(permission);
    final Set<Acl> javaAcls = ops.stream().map(Operation$.MODULE$::fromJava).map(op -> new Acl(principal, scalaPermission, "*", op)).collect(Collectors.toSet());
    final scala.collection.immutable.Set<Acl> scalaAcls = JavaConversions.asScalaSet(javaAcls).toSet();
    kafka.security.auth.ResourceType scalaResType = ResourceType$.MODULE$.fromJava(resource.resourceType());
    final kafka.security.auth.Resource scalaResource = new kafka.security.auth.Resource(scalaResType, resource.name());
    authorizer.addAcls(scalaAcls, scalaResource);
    addedAcls.add(scalaResource);
}
Also used : Arrays(java.util.Arrays) Credentials(io.confluent.ksql.testutils.secure.Credentials) AclPermissionType(org.apache.kafka.common.acl.AclPermissionType) LoggerFactory(org.slf4j.LoggerFactory) HashMap(java.util.HashMap) ServerKeyStore(io.confluent.ksql.testutils.secure.ServerKeyStore) JaasUtils(org.apache.kafka.common.security.JaasUtils) SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol) HashSet(java.util.HashSet) ImmutableList(com.google.common.collect.ImmutableList) Resource(org.apache.kafka.common.resource.Resource) Files(com.google.common.io.Files) Operation$(kafka.security.auth.Operation$) SimpleAclAuthorizer(kafka.security.auth.SimpleAclAuthorizer) SASL_SSL(org.apache.kafka.common.security.auth.SecurityProtocol.SASL_SSL) Map(java.util.Map) PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule) KafkaConfig(kafka.server.KafkaConfig) ZKConfig(kafka.utils.ZKConfig) JavaConversions(scala.collection.JavaConversions) Logger(org.slf4j.Logger) Properties(java.util.Properties) ClientTrustStore(io.confluent.ksql.testutils.secure.ClientTrustStore) ImmutableMap(com.google.common.collect.ImmutableMap) TestUtils(org.apache.kafka.test.TestUtils) SecureKafkaHelper(io.confluent.ksql.testutils.secure.SecureKafkaHelper) Set(java.util.Set) ConsumerConfig(org.apache.kafka.clients.consumer.ConsumerConfig) IOException(java.io.IOException) AclOperation(org.apache.kafka.common.acl.AclOperation) Collectors(java.util.stream.Collectors) File(java.io.File) StandardCharsets(java.nio.charset.StandardCharsets) PermissionType(kafka.security.auth.PermissionType) PermissionType$(kafka.security.auth.PermissionType$) Acl(kafka.security.auth.Acl) List(java.util.List) ExternalResource(org.junit.rules.ExternalResource) Stream(java.util.stream.Stream) ResourceType$(kafka.security.auth.ResourceType$) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) Collections(java.util.Collections) TemporaryFolder(org.junit.rules.TemporaryFolder) AclPermissionType(org.apache.kafka.common.acl.AclPermissionType) PermissionType(kafka.security.auth.PermissionType) Resource(org.apache.kafka.common.resource.Resource) ExternalResource(org.junit.rules.ExternalResource) KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal) Acl(kafka.security.auth.Acl)

Example 3 with Resource

use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.

the class RequestResponseTest method createDeleteAclsResponse.

private DeleteAclsResponse createDeleteAclsResponse() {
    List<AclFilterResponse> responses = new ArrayList<>();
    responses.add(new AclFilterResponse(Utils.mkSet(new AclDeletionResult(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic3"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW))), new AclDeletionResult(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic4"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.DESCRIBE, AclPermissionType.DENY))))));
    responses.add(new AclFilterResponse(new ApiError(Errors.SECURITY_DISABLED, "No security"), Collections.<AclDeletionResult>emptySet()));
    return new DeleteAclsResponse(0, responses);
}
Also used : AclFilterResponse(org.apache.kafka.common.requests.DeleteAclsResponse.AclFilterResponse) ArrayList(java.util.ArrayList) AclDeletionResult(org.apache.kafka.common.requests.DeleteAclsResponse.AclDeletionResult) Resource(org.apache.kafka.common.resource.Resource) AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry) AclBinding(org.apache.kafka.common.acl.AclBinding)

Example 4 with Resource

use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.

the class RequestResponseTest method createCreateAclsRequest.

private CreateAclsRequest createCreateAclsRequest() {
    List<AclCreation> creations = new ArrayList<>();
    creations.add(new AclCreation(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic"), new AccessControlEntry("User:ANONYMOUS", "127.0.0.1", AclOperation.READ, AclPermissionType.ALLOW))));
    creations.add(new AclCreation(new AclBinding(new Resource(ResourceType.GROUP, "mygroup"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.WRITE, AclPermissionType.DENY))));
    return new CreateAclsRequest.Builder(creations).build();
}
Also used : ArrayList(java.util.ArrayList) Resource(org.apache.kafka.common.resource.Resource) AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry) AclCreation(org.apache.kafka.common.requests.CreateAclsRequest.AclCreation) AclBinding(org.apache.kafka.common.acl.AclBinding)

Example 5 with Resource

use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.

the class DescribeAclsResponse method toStruct.

@Override
protected Struct toStruct(short version) {
    Struct struct = new Struct(ApiKeys.DESCRIBE_ACLS.responseSchema(version));
    struct.set(THROTTLE_TIME_MS, throttleTimeMs);
    error.write(struct);
    Map<Resource, List<AccessControlEntry>> resourceToData = new HashMap<>();
    for (AclBinding acl : acls) {
        List<AccessControlEntry> entry = resourceToData.get(acl.resource());
        if (entry == null) {
            entry = new ArrayList<>();
            resourceToData.put(acl.resource(), entry);
        }
        entry.add(acl.entry());
    }
    List<Struct> resourceStructs = new ArrayList<>();
    for (Map.Entry<Resource, List<AccessControlEntry>> tuple : resourceToData.entrySet()) {
        Resource resource = tuple.getKey();
        Struct resourceStruct = struct.instance(RESOURCES_KEY_NAME);
        RequestUtils.resourceSetStructFields(resource, resourceStruct);
        List<Struct> dataStructs = new ArrayList<>();
        for (AccessControlEntry entry : tuple.getValue()) {
            Struct dataStruct = resourceStruct.instance(ACLS_KEY_NAME);
            RequestUtils.aceSetStructFields(entry, dataStruct);
            dataStructs.add(dataStruct);
        }
        resourceStruct.set(ACLS_KEY_NAME, dataStructs.toArray());
        resourceStructs.add(resourceStruct);
    }
    struct.set(RESOURCES_KEY_NAME, resourceStructs.toArray());
    return struct;
}
Also used : HashMap(java.util.HashMap) Resource(org.apache.kafka.common.resource.Resource) ArrayList(java.util.ArrayList) AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry) Struct(org.apache.kafka.common.protocol.types.Struct) ArrayList(java.util.ArrayList) List(java.util.List) AclBinding(org.apache.kafka.common.acl.AclBinding) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

Resource (org.apache.kafka.common.resource.Resource)5 ArrayList (java.util.ArrayList)3 AccessControlEntry (org.apache.kafka.common.acl.AccessControlEntry)3 AclBinding (org.apache.kafka.common.acl.AclBinding)3 HashMap (java.util.HashMap)2 List (java.util.List)2 Map (java.util.Map)2 ImmutableList (com.google.common.collect.ImmutableList)1 ImmutableMap (com.google.common.collect.ImmutableMap)1 Files (com.google.common.io.Files)1 ClientTrustStore (io.confluent.ksql.testutils.secure.ClientTrustStore)1 Credentials (io.confluent.ksql.testutils.secure.Credentials)1 SecureKafkaHelper (io.confluent.ksql.testutils.secure.SecureKafkaHelper)1 ServerKeyStore (io.confluent.ksql.testutils.secure.ServerKeyStore)1 File (java.io.File)1 IOException (java.io.IOException)1 StandardCharsets (java.nio.charset.StandardCharsets)1 Arrays (java.util.Arrays)1 Collections (java.util.Collections)1 HashSet (java.util.HashSet)1