Examples with StandardAclWithId - org.apache.kafka.metadata.authorizer.StandardAclWithId

Example 1 with StandardAclWithId

use of org.apache.kafka.metadata.authorizer.StandardAclWithId in project kafka by apache.

the class AclsDelta method replay.

public void replay(AccessControlEntryRecord record) {
    StandardAclWithId aclWithId = StandardAclWithId.fromRecord(record);
    changes.put(aclWithId.id(), Optional.of(aclWithId.acl()));
}

Also used : StandardAclWithId(org.apache.kafka.metadata.authorizer.StandardAclWithId)

Example 2 with StandardAclWithId

use of org.apache.kafka.metadata.authorizer.StandardAclWithId in project kafka by apache.

the class AclControlManager method replay.

public void replay(AccessControlEntryRecord record, Optional<OffsetAndEpoch> snapshotId) {
    StandardAclWithId aclWithId = StandardAclWithId.fromRecord(record);
    idToAcl.put(aclWithId.id(), aclWithId.acl());
    existingAcls.add(aclWithId.acl());
    if (!snapshotId.isPresent()) {
        authorizer.ifPresent(a -> {
            a.addAcl(aclWithId.id(), aclWithId.acl());
        });
    }
}

Also used : StandardAclWithId(org.apache.kafka.metadata.authorizer.StandardAclWithId)

Example 3 with StandardAclWithId

use of org.apache.kafka.metadata.authorizer.StandardAclWithId in project kafka by apache.

the class AclControlManagerTest method testLoadSnapshot.

@Test
public void testLoadSnapshot() {
    SnapshotRegistry snapshotRegistry = new SnapshotRegistry(new LogContext());
    snapshotRegistry.getOrCreateSnapshot(0);
    AclControlManager manager = new AclControlManager(snapshotRegistry, Optional.empty());
    // Load TEST_ACLS into the AclControlManager.
    Set<ApiMessageAndVersion> loadedAcls = new HashSet<>();
    for (StandardAclWithId acl : TEST_ACLS) {
        AccessControlEntryRecord record = acl.toRecord();
        assertTrue(loadedAcls.add(new ApiMessageAndVersion(record, (short) 0)));
        manager.replay(acl.toRecord(), Optional.empty());
    }
    // Verify that the ACLs stored in the AclControlManager match the ones we expect.
    Set<ApiMessageAndVersion> foundAcls = new HashSet<>();
    for (Iterator<List<ApiMessageAndVersion>> iterator = manager.iterator(Long.MAX_VALUE); iterator.hasNext(); ) {
        for (ApiMessageAndVersion apiMessageAndVersion : iterator.next()) {
            assertTrue(foundAcls.add(apiMessageAndVersion));
        }
    }
    assertEquals(loadedAcls, foundAcls);
    // Once we complete the snapshot load, the ACLs should be reflected in the authorizer.
    MockClusterMetadataAuthorizer authorizer = new MockClusterMetadataAuthorizer();
    authorizer.loadSnapshot(manager.idToAcl());
    assertEquals(new HashSet<>(StandardAclTest.TEST_ACLS), new HashSet<>(authorizer.acls.values()));
    // Test reverting to an empty state and then completing the snapshot load without
    // setting an authorizer. This simulates the case where the user didn't configure
    // a cluster metadata authorizer.
    snapshotRegistry.revertToSnapshot(0);
    authorizer.loadSnapshot(manager.idToAcl());
    assertFalse(manager.iterator(Long.MAX_VALUE).hasNext());
}

Also used : SnapshotRegistry(org.apache.kafka.timeline.SnapshotRegistry) StandardAclWithId(org.apache.kafka.metadata.authorizer.StandardAclWithId) ApiMessageAndVersion(org.apache.kafka.server.common.ApiMessageAndVersion) RemoveAccessControlEntryRecord(org.apache.kafka.common.metadata.RemoveAccessControlEntryRecord) AccessControlEntryRecord(org.apache.kafka.common.metadata.AccessControlEntryRecord) LogContext(org.apache.kafka.common.utils.LogContext) List(java.util.List) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) StandardAclWithIdTest(org.apache.kafka.metadata.authorizer.StandardAclWithIdTest) StandardAclTest(org.apache.kafka.metadata.authorizer.StandardAclTest) Test(org.junit.jupiter.api.Test)

Example 4 with StandardAclWithId

use of org.apache.kafka.metadata.authorizer.StandardAclWithId in project kafka by apache.

the class AclControlManager method createAcls.

ControllerResult<List<AclCreateResult>> createAcls(List<AclBinding> acls) {
    List<AclCreateResult> results = new ArrayList<>(acls.size());
    List<ApiMessageAndVersion> records = new ArrayList<>(acls.size());
    for (AclBinding acl : acls) {
        try {
            validateNewAcl(acl);
        } catch (Throwable t) {
            ApiException e = (t instanceof ApiException) ? (ApiException) t : new UnknownServerException("Unknown error while trying to create ACL", t);
            results.add(new AclCreateResult(e));
            continue;
        }
        StandardAcl standardAcl = StandardAcl.fromAclBinding(acl);
        if (existingAcls.add(standardAcl)) {
            StandardAclWithId standardAclWithId = new StandardAclWithId(newAclId(), standardAcl);
            idToAcl.put(standardAclWithId.id(), standardAcl);
            records.add(new ApiMessageAndVersion(standardAclWithId.toRecord(), (short) 0));
        }
        results.add(AclCreateResult.SUCCESS);
    }
    return new ControllerResult<>(records, results, true);
}

Also used : StandardAclWithId(org.apache.kafka.metadata.authorizer.StandardAclWithId) ApiMessageAndVersion(org.apache.kafka.server.common.ApiMessageAndVersion) ArrayList(java.util.ArrayList) AclBinding(org.apache.kafka.common.acl.AclBinding) StandardAcl(org.apache.kafka.metadata.authorizer.StandardAcl) AclCreateResult(org.apache.kafka.server.authorizer.AclCreateResult) UnknownServerException(org.apache.kafka.common.errors.UnknownServerException) ApiException(org.apache.kafka.common.errors.ApiException)

Example 5 with StandardAclWithId

use of org.apache.kafka.metadata.authorizer.StandardAclWithId in project kafka by apache.

the class AclsImage method write.

public void write(Consumer<List<ApiMessageAndVersion>> out) {
    List<ApiMessageAndVersion> batch = new ArrayList<>();
    for (Entry<Uuid, StandardAcl> entry : acls.entrySet()) {
        StandardAclWithId aclWithId = new StandardAclWithId(entry.getKey(), entry.getValue());
        batch.add(new ApiMessageAndVersion(aclWithId.toRecord(), (short) 0));
    }
    out.accept(batch);
}

Also used : Uuid(org.apache.kafka.common.Uuid) StandardAclWithId(org.apache.kafka.metadata.authorizer.StandardAclWithId) ApiMessageAndVersion(org.apache.kafka.server.common.ApiMessageAndVersion) ArrayList(java.util.ArrayList) StandardAcl(org.apache.kafka.metadata.authorizer.StandardAcl)

Aggregations

StandardAclWithId (org.apache.kafka.metadata.authorizer.StandardAclWithId)5 ArrayList (java.util.ArrayList)3 ApiMessageAndVersion (org.apache.kafka.server.common.ApiMessageAndVersion)3 StandardAcl (org.apache.kafka.metadata.authorizer.StandardAcl)2 HashSet (java.util.HashSet)1 List (java.util.List)1 Uuid (org.apache.kafka.common.Uuid)1 AclBinding (org.apache.kafka.common.acl.AclBinding)1 ApiException (org.apache.kafka.common.errors.ApiException)1 UnknownServerException (org.apache.kafka.common.errors.UnknownServerException)1 AccessControlEntryRecord (org.apache.kafka.common.metadata.AccessControlEntryRecord)1 RemoveAccessControlEntryRecord (org.apache.kafka.common.metadata.RemoveAccessControlEntryRecord)1 LogContext (org.apache.kafka.common.utils.LogContext)1 StandardAclTest (org.apache.kafka.metadata.authorizer.StandardAclTest)1 StandardAclWithIdTest (org.apache.kafka.metadata.authorizer.StandardAclWithIdTest)1 AclCreateResult (org.apache.kafka.server.authorizer.AclCreateResult)1 SnapshotRegistry (org.apache.kafka.timeline.SnapshotRegistry)1 Test (org.junit.jupiter.api.Test)1