Examples with ResourcePattern org.apache.kafka.common.resource.ResourcePattern used on opensource projects

Example 6 with ResourcePattern

use of org.apache.kafka.common.resource.ResourcePattern in project kafka by apache.

the class MirrorSourceConnectorTest method testAclTransformation.

@Test
public void testAclTransformation() {
    MirrorSourceConnector connector = new MirrorSourceConnector(new SourceAndTarget("source", "target"), new DefaultReplicationPolicy(), x -> true, x -> true);
    AclBinding allowAllAclBinding = new AclBinding(new ResourcePattern(ResourceType.TOPIC, "test_topic", PatternType.LITERAL), new AccessControlEntry("kafka", "", AclOperation.ALL, AclPermissionType.ALLOW));
    AclBinding processedAllowAllAclBinding = connector.targetAclBinding(allowAllAclBinding);
    String expectedRemoteTopicName = "source" + DefaultReplicationPolicy.SEPARATOR_DEFAULT + allowAllAclBinding.pattern().name();
    assertEquals(expectedRemoteTopicName, processedAllowAllAclBinding.pattern().name(), "should change topic name");
    assertEquals(processedAllowAllAclBinding.entry().operation(), AclOperation.READ, "should change ALL to READ");
    assertEquals(processedAllowAllAclBinding.entry().permissionType(), AclPermissionType.ALLOW, "should not change ALLOW");
    AclBinding denyAllAclBinding = new AclBinding(new ResourcePattern(ResourceType.TOPIC, "test_topic", PatternType.LITERAL), new AccessControlEntry("kafka", "", AclOperation.ALL, AclPermissionType.DENY));
    AclBinding processedDenyAllAclBinding = connector.targetAclBinding(denyAllAclBinding);
    assertEquals(processedDenyAllAclBinding.entry().operation(), AclOperation.ALL, "should not change ALL");
    assertEquals(processedDenyAllAclBinding.entry().permissionType(), AclPermissionType.DENY, "should not change DENY");
}

Example 7 with ResourcePattern

use of org.apache.kafka.common.resource.ResourcePattern in project kafka by apache.

the class StandardAcl method toBinding.

public AclBinding toBinding() {
    ResourcePattern resourcePattern = new ResourcePattern(resourceType, resourceName, patternType);
    AccessControlEntry accessControlEntry = new AccessControlEntry(principal, host, operation, permissionType);
    return new AclBinding(resourcePattern, accessControlEntry);
}

Example 8 with ResourcePattern

use of org.apache.kafka.common.resource.ResourcePattern in project kafka by apache.

the class AclAuthorizerBenchmark method prepareAclCache.

private void prepareAclCache() {
    Map<ResourcePattern, Set<AclEntry>> aclEntries = new HashMap<>();
    for (int resourceId = 0; resourceId < resourceCount; resourceId++) {
        ResourcePattern resource = new ResourcePattern((resourceId % 10 == 0) ? ResourceType.GROUP : ResourceType.TOPIC, resourceNamePrefix + resourceId, (resourceId % 5 == 0) ? PatternType.PREFIXED : PatternType.LITERAL);
        Set<AclEntry> entries = aclEntries.computeIfAbsent(resource, k -> new HashSet<>());
        for (int aclId = 0; aclId < aclCount; aclId++) {
            // The principal in the request context we are using
            // is principal.toString without any suffix
            String principalName = principal.toString() + (aclId == 0 ? "" : aclId);
            AccessControlEntry allowAce = new AccessControlEntry(principalName, "*", AclOperation.READ, AclPermissionType.ALLOW);
            entries.add(new AclEntry(allowAce));
            if (shouldDeny()) {
                // dominantly deny the resource
                AccessControlEntry denyAce = new AccessControlEntry(principalName, "*", AclOperation.READ, AclPermissionType.DENY);
                entries.add(new AclEntry(denyAce));
            }
        }
    }
    ResourcePattern resourcePrefix = new ResourcePattern(ResourceType.TOPIC, resourceNamePrefix, PatternType.PREFIXED);
    Set<AclEntry> entriesPrefix = aclEntries.computeIfAbsent(resourcePrefix, k -> new HashSet<>());
    for (int hostId = 0; hostId < hostPreCount; hostId++) {
        AccessControlEntry allowAce = new AccessControlEntry(principal.toString(), "127.0.0." + hostId, AclOperation.READ, AclPermissionType.ALLOW);
        entriesPrefix.add(new AclEntry(allowAce));
        if (shouldDeny()) {
            // dominantly deny the resource
            AccessControlEntry denyAce = new AccessControlEntry(principal.toString(), "127.0.0." + hostId, AclOperation.READ, AclPermissionType.DENY);
            entriesPrefix.add(new AclEntry(denyAce));
        }
    }
    ResourcePattern resourceWildcard = new ResourcePattern(ResourceType.TOPIC, ResourcePattern.WILDCARD_RESOURCE, PatternType.LITERAL);
    Set<AclEntry> entriesWildcard = aclEntries.computeIfAbsent(resourceWildcard, k -> new HashSet<>());
    // get dynamic entries number for wildcard acl
    for (int hostId = 0; hostId < resourceCount / 10; hostId++) {
        String hostName = "127.0.0" + hostId;
        // If we didn't skip the host, we would end up having a biased short runtime.
        if (hostName.equals(authorizeByResourceTypeHostName)) {
            continue;
        }
        AccessControlEntry allowAce = new AccessControlEntry(principal.toString(), hostName, AclOperation.READ, AclPermissionType.ALLOW);
        entriesWildcard.add(new AclEntry(allowAce));
        if (shouldDeny()) {
            AccessControlEntry denyAce = new AccessControlEntry(principal.toString(), hostName, AclOperation.READ, AclPermissionType.DENY);
            entriesWildcard.add(new AclEntry(denyAce));
        }
    }
    for (Map.Entry<ResourcePattern, Set<AclEntry>> entryMap : aclEntries.entrySet()) {
        aclAuthorizer.updateCache(entryMap.getKey(), new VersionedAcls(JavaConverters.asScalaSetConverter(entryMap.getValue()).asScala().toSet(), 1));
    }
}

Example 9 with ResourcePattern

use of org.apache.kafka.common.resource.ResourcePattern in project kafka by apache.

the class AclAuthorizerBenchmark method prepareAclToUpdate.

private void prepareAclToUpdate() {
    scala.collection.mutable.Set<AclEntry> entries = new scala.collection.mutable.HashSet<>();
    for (int i = 0; i < resourceCount; i++) {
        scala.collection.immutable.Set<AclEntry> immutable = new scala.collection.immutable.HashSet<>();
        for (int j = 0; j < aclCount; j++) {
            entries.add(new AclEntry(new AccessControlEntry(principal.toString(), "127.0.0" + j, AclOperation.WRITE, AclPermissionType.ALLOW)));
            immutable = entries.toSet();
        }
        aclToUpdate.put(new ResourcePattern(ResourceType.TOPIC, randomResourceName(resourceNamePrefix), PatternType.LITERAL), new AclAuthorizer.VersionedAcls(immutable, i));
    }
}

Example 10 with ResourcePattern

use of org.apache.kafka.common.resource.ResourcePattern in project kafka by apache.

the class AclAuthorizerBenchmark method setup.

@Setup(Level.Trial)
public void setup() throws Exception {
    prepareAclCache();
    prepareAclToUpdate();
    // By adding `-95` to the resource name prefix, we cause the `TreeMap.from/to` call to return
    // most map entries. In such cases, we rely on the filtering based on `String.startsWith`
    // to return the matching ACLs. Using a more efficient data structure (e.g. a prefix
    // tree) should improve performance significantly).
    actions = Collections.singletonList(new Action(AclOperation.WRITE, new ResourcePattern(ResourceType.TOPIC, resourceNamePrefix + 95, PatternType.LITERAL), 1, true, true));
    authorizeContext = new RequestContext(new RequestHeader(ApiKeys.PRODUCE, Integer.valueOf(1).shortValue(), "someclient", 1), "1", InetAddress.getByName("127.0.0.1"), principal, ListenerName.normalised("listener"), SecurityProtocol.PLAINTEXT, ClientInformation.EMPTY, false);
    authorizeByResourceTypeContext = new RequestContext(new RequestHeader(ApiKeys.PRODUCE, Integer.valueOf(1).shortValue(), "someclient", 1), "1", InetAddress.getByName(authorizeByResourceTypeHostName), principal, ListenerName.normalised("listener"), SecurityProtocol.PLAINTEXT, ClientInformation.EMPTY, false);
}