Example 1 with Resource
use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class AclBindingTest method testMatching.
@Test
public void testMatching() throws Exception {
assertTrue(ACL1.equals(ACL1));
final AclBinding acl1Copy = new AclBinding(new Resource(ResourceType.TOPIC, "mytopic"), new AccessControlEntry("User:ANONYMOUS", "", AclOperation.ALL, AclPermissionType.ALLOW));
assertTrue(ACL1.equals(acl1Copy));
assertTrue(acl1Copy.equals(ACL1));
assertTrue(ACL2.equals(ACL2));
assertFalse(ACL1.equals(ACL2));
assertFalse(ACL2.equals(ACL1));
assertTrue(AclBindingFilter.ANY.matches(ACL1));
assertFalse(AclBindingFilter.ANY.equals(ACL1));
assertTrue(AclBindingFilter.ANY.matches(ACL2));
assertFalse(AclBindingFilter.ANY.equals(ACL2));
assertTrue(AclBindingFilter.ANY.matches(ACL3));
assertFalse(AclBindingFilter.ANY.equals(ACL3));
assertTrue(AclBindingFilter.ANY.equals(AclBindingFilter.ANY));
assertTrue(ANY_ANONYMOUS.matches(ACL1));
assertFalse(ANY_ANONYMOUS.equals(ACL1));
assertFalse(ANY_ANONYMOUS.matches(ACL2));
assertFalse(ANY_ANONYMOUS.equals(ACL2));
assertTrue(ANY_ANONYMOUS.matches(ACL3));
assertFalse(ANY_ANONYMOUS.equals(ACL3));
assertFalse(ANY_DENY.matches(ACL1));
assertFalse(ANY_DENY.matches(ACL2));
assertTrue(ANY_DENY.matches(ACL3));
assertTrue(ANY_MYTOPIC.matches(ACL1));
assertTrue(ANY_MYTOPIC.matches(ACL2));
assertFalse(ANY_MYTOPIC.matches(ACL3));
assertTrue(ANY_ANONYMOUS.matches(UNKNOWN_ACL));
assertTrue(ANY_DENY.matches(UNKNOWN_ACL));
assertTrue(UNKNOWN_ACL.equals(UNKNOWN_ACL));
assertFalse(ANY_MYTOPIC.matches(UNKNOWN_ACL));
}Example 2 with Resource
use of org.apache.kafka.common.resource.Resource in project ksql by confluentinc.
the class EmbeddedSingleNodeKafkaCluster method addUserAcl.
/**
* Writes the supplied ACL information to ZK, where it will be picked up by the brokes authorizer.
*
* @param username the who.
* @param permission the allow|deny.
* @param resource the thing
* @param ops the what.
*/
public void addUserAcl(final String username, final AclPermissionType permission, final Resource resource, final Set<AclOperation> ops) {
final KafkaPrincipal principal = new KafkaPrincipal("User", username);
final PermissionType scalaPermission = PermissionType$.MODULE$.fromJava(permission);
final Set<Acl> javaAcls = ops.stream().map(Operation$.MODULE$::fromJava).map(op -> new Acl(principal, scalaPermission, "*", op)).collect(Collectors.toSet());
final scala.collection.immutable.Set<Acl> scalaAcls = JavaConversions.asScalaSet(javaAcls).toSet();
kafka.security.auth.ResourceType scalaResType = ResourceType$.MODULE$.fromJava(resource.resourceType());
final kafka.security.auth.Resource scalaResource = new kafka.security.auth.Resource(scalaResType, resource.name());
authorizer.addAcls(scalaAcls, scalaResource);
addedAcls.add(scalaResource);
}
Also used :
Arrays(java.util.Arrays)
Credentials(io.confluent.ksql.testutils.secure.Credentials)
AclPermissionType(org.apache.kafka.common.acl.AclPermissionType)
LoggerFactory(org.slf4j.LoggerFactory)
HashMap(java.util.HashMap)
ServerKeyStore(io.confluent.ksql.testutils.secure.ServerKeyStore)
JaasUtils(org.apache.kafka.common.security.JaasUtils)
SecurityProtocol(org.apache.kafka.common.security.auth.SecurityProtocol)
HashSet(java.util.HashSet)
ImmutableList(com.google.common.collect.ImmutableList)
Resource(org.apache.kafka.common.resource.Resource)
Files(com.google.common.io.Files)
Operation$(kafka.security.auth.Operation$)
SimpleAclAuthorizer(kafka.security.auth.SimpleAclAuthorizer)
SASL_SSL(org.apache.kafka.common.security.auth.SecurityProtocol.SASL_SSL)
Map(java.util.Map)
PlainLoginModule(org.apache.kafka.common.security.plain.PlainLoginModule)
KafkaConfig(kafka.server.KafkaConfig)
ZKConfig(kafka.utils.ZKConfig)
JavaConversions(scala.collection.JavaConversions)
Logger(org.slf4j.Logger)
Properties(java.util.Properties)
ClientTrustStore(io.confluent.ksql.testutils.secure.ClientTrustStore)
ImmutableMap(com.google.common.collect.ImmutableMap)
TestUtils(org.apache.kafka.test.TestUtils)
SecureKafkaHelper(io.confluent.ksql.testutils.secure.SecureKafkaHelper)
Set(java.util.Set)
ConsumerConfig(org.apache.kafka.clients.consumer.ConsumerConfig)
IOException(java.io.IOException)
AclOperation(org.apache.kafka.common.acl.AclOperation)
Collectors(java.util.stream.Collectors)
File(java.io.File)
StandardCharsets(java.nio.charset.StandardCharsets)
PermissionType(kafka.security.auth.PermissionType)
PermissionType$(kafka.security.auth.PermissionType$)
Acl(kafka.security.auth.Acl)
List(java.util.List)
ExternalResource(org.junit.rules.ExternalResource)
Stream(java.util.stream.Stream)
ResourceType$(kafka.security.auth.ResourceType$)
KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal)
Collections(java.util.Collections)
TemporaryFolder(org.junit.rules.TemporaryFolder)
AclPermissionType(org.apache.kafka.common.acl.AclPermissionType)
PermissionType(kafka.security.auth.PermissionType)
Resource(org.apache.kafka.common.resource.Resource)
ExternalResource(org.junit.rules.ExternalResource)
KafkaPrincipal(org.apache.kafka.common.security.auth.KafkaPrincipal)
Acl(kafka.security.auth.Acl)
Example 3 with Resource
use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class RequestResponseTest method createDeleteAclsResponse.
private DeleteAclsResponse createDeleteAclsResponse() {
List<AclFilterResponse> responses = new ArrayList<>();
responses.add(new AclFilterResponse(Utils.mkSet(new AclDeletionResult(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic3"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW))), new AclDeletionResult(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic4"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.DESCRIBE, AclPermissionType.DENY))))));
responses.add(new AclFilterResponse(new ApiError(Errors.SECURITY_DISABLED, "No security"), Collections.<AclDeletionResult>emptySet()));
return new DeleteAclsResponse(0, responses);
}
Also used :
AclFilterResponse(org.apache.kafka.common.requests.DeleteAclsResponse.AclFilterResponse)
ArrayList(java.util.ArrayList)
AclDeletionResult(org.apache.kafka.common.requests.DeleteAclsResponse.AclDeletionResult)
Resource(org.apache.kafka.common.resource.Resource)
AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry)
AclBinding(org.apache.kafka.common.acl.AclBinding)
Example 4 with Resource
use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class RequestResponseTest method createCreateAclsRequest.
private CreateAclsRequest createCreateAclsRequest() {
List<AclCreation> creations = new ArrayList<>();
creations.add(new AclCreation(new AclBinding(new Resource(ResourceType.TOPIC, "mytopic"), new AccessControlEntry("User:ANONYMOUS", "127.0.0.1", AclOperation.READ, AclPermissionType.ALLOW))));
creations.add(new AclCreation(new AclBinding(new Resource(ResourceType.GROUP, "mygroup"), new AccessControlEntry("User:ANONYMOUS", "*", AclOperation.WRITE, AclPermissionType.DENY))));
return new CreateAclsRequest.Builder(creations).build();
}
Also used :
ArrayList(java.util.ArrayList)
Resource(org.apache.kafka.common.resource.Resource)
AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry)
AclCreation(org.apache.kafka.common.requests.CreateAclsRequest.AclCreation)
AclBinding(org.apache.kafka.common.acl.AclBinding)
Example 5 with Resource
use of org.apache.kafka.common.resource.Resource in project apache-kafka-on-k8s by banzaicloud.
the class DescribeAclsResponse method toStruct.
@Override
protected Struct toStruct(short version) {
Struct struct = new Struct(ApiKeys.DESCRIBE_ACLS.responseSchema(version));
struct.set(THROTTLE_TIME_MS, throttleTimeMs);
error.write(struct);
Map<Resource, List<AccessControlEntry>> resourceToData = new HashMap<>();
for (AclBinding acl : acls) {
List<AccessControlEntry> entry = resourceToData.get(acl.resource());
if (entry == null) {
entry = new ArrayList<>();
resourceToData.put(acl.resource(), entry);
}
entry.add(acl.entry());
}
List<Struct> resourceStructs = new ArrayList<>();
for (Map.Entry<Resource, List<AccessControlEntry>> tuple : resourceToData.entrySet()) {
Resource resource = tuple.getKey();
Struct resourceStruct = struct.instance(RESOURCES_KEY_NAME);
RequestUtils.resourceSetStructFields(resource, resourceStruct);
List<Struct> dataStructs = new ArrayList<>();
for (AccessControlEntry entry : tuple.getValue()) {
Struct dataStruct = resourceStruct.instance(ACLS_KEY_NAME);
RequestUtils.aceSetStructFields(entry, dataStruct);
dataStructs.add(dataStruct);
}
resourceStruct.set(ACLS_KEY_NAME, dataStructs.toArray());
resourceStructs.add(resourceStruct);
}
struct.set(RESOURCES_KEY_NAME, resourceStructs.toArray());
return struct;
}
Also used :
HashMap(java.util.HashMap)
Resource(org.apache.kafka.common.resource.Resource)
ArrayList(java.util.ArrayList)
AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry)
Struct(org.apache.kafka.common.protocol.types.Struct)
ArrayList(java.util.ArrayList)
List(java.util.List)
AclBinding(org.apache.kafka.common.acl.AclBinding)
HashMap(java.util.HashMap)
Map(java.util.Map)
Aggregations
Resource (org.apache.kafka.common.resource.Resource)5
ArrayList (java.util.ArrayList)3
AccessControlEntry (org.apache.kafka.common.acl.AccessControlEntry)3
AclBinding (org.apache.kafka.common.acl.AclBinding)3
HashMap (java.util.HashMap)2
List (java.util.List)2
Map (java.util.Map)2
ImmutableList (com.google.common.collect.ImmutableList)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
Files (com.google.common.io.Files)1
ClientTrustStore (io.confluent.ksql.testutils.secure.ClientTrustStore)1
Credentials (io.confluent.ksql.testutils.secure.Credentials)1
SecureKafkaHelper (io.confluent.ksql.testutils.secure.SecureKafkaHelper)1
ServerKeyStore (io.confluent.ksql.testutils.secure.ServerKeyStore)1
File (java.io.File)1
IOException (java.io.IOException)1
StandardCharsets (java.nio.charset.StandardCharsets)1
Arrays (java.util.Arrays)1
Collections (java.util.Collections)1
HashSet (java.util.HashSet)1
