Example 1 with AclCreateResult
use of org.apache.kafka.server.authorizer.AclCreateResult in project kafka by apache.
the class ClusterMetadataAuthorizer method createAcls.
/**
* Create ACLs. This function must be called on the active controller, or else
* the futures will fail with NOT_CONTROLLER.
*
* @param requestContext The request context.
* @param aclBindings The ACL bindings to create.
*
* @return a list of futures, one per input acl binding. Each future will be completed
* once addAcl has been called on the controller, and the ACL has been persisted to
* the cluster metadata log.
*/
default List<? extends CompletionStage<AclCreateResult>> createAcls(AuthorizableRequestContext requestContext, List<AclBinding> aclBindings) {
List<CompletableFuture<AclCreateResult>> futures = new ArrayList<>(aclBindings.size());
AclMutator aclMutator = aclMutatorOrException();
aclBindings.forEach(b -> futures.add(new CompletableFuture<>()));
aclMutator.createAcls(aclBindings).whenComplete((results, throwable) -> {
if (throwable == null && results.size() != futures.size()) {
throwable = new UnknownServerException("Invalid size " + "of result set from controller. Expected " + futures.size() + "; got " + results.size());
}
if (throwable == null) {
for (int i = 0; i < futures.size(); i++) {
futures.get(i).complete(results.get(i));
}
} else {
for (CompletableFuture<AclCreateResult> future : futures) {
ApiException e = (throwable instanceof ApiException) ? (ApiException) throwable : ApiError.fromThrowable(throwable).exception();
future.complete(new AclCreateResult(e));
}
}
});
return futures;
}
Also used :
CompletableFuture(java.util.concurrent.CompletableFuture)
ArrayList(java.util.ArrayList)
AclCreateResult(org.apache.kafka.server.authorizer.AclCreateResult)
UnknownServerException(org.apache.kafka.common.errors.UnknownServerException)
ApiException(org.apache.kafka.common.errors.ApiException)
Example 2 with AclCreateResult
use of org.apache.kafka.server.authorizer.AclCreateResult in project kafka by apache.
the class ClusterMetadataAuthorizerTest method testCreateAclsError.
@Test
public void testCreateAclsError() throws Exception {
MockAclMutator mutator = new MockAclMutator();
MockClusterMetadataAuthorizer authorizer = new MockClusterMetadataAuthorizer();
authorizer.setAclMutator(mutator);
CompletableFuture<List<AclCreateResult>> response = new CompletableFuture<>();
response.completeExceptionally(new AuthorizationException("not authorized"));
mutator.setCreateAclsResponse(response);
List<? extends CompletionStage<AclCreateResult>> results = authorizer.createAcls(new MockAuthorizableRequestContext.Builder().build(), TEST_BINDINGS);
assertEquals(2, results.size());
assertEquals(AuthorizationException.class, results.get(0).toCompletableFuture().get().exception().get().getClass());
assertEquals(AuthorizationException.class, results.get(1).toCompletableFuture().get().exception().get().getClass());
}
Also used :
CompletableFuture(java.util.concurrent.CompletableFuture)
AuthorizationException(org.apache.kafka.common.errors.AuthorizationException)
List(java.util.List)
AclCreateResult(org.apache.kafka.server.authorizer.AclCreateResult)
Test(org.junit.jupiter.api.Test)
Example 3 with AclCreateResult
use of org.apache.kafka.server.authorizer.AclCreateResult in project kafka by apache.
the class AclControlManagerTest method testCreateAclDeleteAcl.
@Test
public void testCreateAclDeleteAcl() {
SnapshotRegistry snapshotRegistry = new SnapshotRegistry(new LogContext());
AclControlManager manager = new AclControlManager(snapshotRegistry, Optional.empty());
MockClusterMetadataAuthorizer authorizer = new MockClusterMetadataAuthorizer();
authorizer.loadSnapshot(manager.idToAcl());
List<AclBinding> toCreate = new ArrayList<>();
for (int i = 0; i < 3; i++) {
toCreate.add(TEST_ACLS.get(i).toBinding());
}
toCreate.add(new AclBinding(new ResourcePattern(TOPIC, "*", PatternType.UNKNOWN), new AccessControlEntry("User:*", "*", ALTER, ALLOW)));
ControllerResult<List<AclCreateResult>> createResult = manager.createAcls(toCreate);
List<AclCreateResult> expectedResults = new ArrayList<>();
for (int i = 0; i < 3; i++) {
expectedResults.add(AclCreateResult.SUCCESS);
}
expectedResults.add(new AclCreateResult(new InvalidRequestException("Invalid patternType UNKNOWN")));
for (int i = 0; i < expectedResults.size(); i++) {
AclCreateResult expectedResult = expectedResults.get(i);
if (expectedResult.exception().isPresent()) {
assertEquals(expectedResult.exception().get().getMessage(), createResult.response().get(i).exception().get().getMessage());
} else {
assertFalse(createResult.response().get(i).exception().isPresent());
}
}
RecordTestUtils.replayAll(manager, createResult.records());
assertTrue(manager.iterator(Long.MAX_VALUE).hasNext());
ControllerResult<List<AclDeleteResult>> deleteResult = manager.deleteAcls(Arrays.asList(new AclBindingFilter(new ResourcePatternFilter(ResourceType.ANY, null, LITERAL), AccessControlEntryFilter.ANY), new AclBindingFilter(new ResourcePatternFilter(ResourceType.UNKNOWN, null, LITERAL), AccessControlEntryFilter.ANY)));
assertEquals(2, deleteResult.response().size());
Set<AclBinding> deleted = new HashSet<>();
for (AclDeleteResult.AclBindingDeleteResult result : deleteResult.response().get(0).aclBindingDeleteResults()) {
assertEquals(Optional.empty(), result.exception());
deleted.add(result.aclBinding());
}
assertEquals(new HashSet<>(Arrays.asList(TEST_ACLS.get(0).toBinding(), TEST_ACLS.get(2).toBinding())), deleted);
assertEquals(InvalidRequestException.class, deleteResult.response().get(1).exception().get().getClass());
RecordTestUtils.replayAll(manager, deleteResult.records());
Iterator<List<ApiMessageAndVersion>> iterator = manager.iterator(Long.MAX_VALUE);
assertTrue(iterator.hasNext());
List<ApiMessageAndVersion> list = iterator.next();
assertEquals(1, list.size());
assertEquals(TEST_ACLS.get(1).toBinding(), StandardAcl.fromRecord((AccessControlEntryRecord) list.get(0).message()).toBinding());
assertFalse(iterator.hasNext());
}
Also used :
ResourcePatternFilter(org.apache.kafka.common.resource.ResourcePatternFilter)
ResourcePattern(org.apache.kafka.common.resource.ResourcePattern)
ArrayList(java.util.ArrayList)
AclDeleteResult(org.apache.kafka.server.authorizer.AclDeleteResult)
AclCreateResult(org.apache.kafka.server.authorizer.AclCreateResult)
ApiMessageAndVersion(org.apache.kafka.server.common.ApiMessageAndVersion)
List(java.util.List)
ArrayList(java.util.ArrayList)
InvalidRequestException(org.apache.kafka.common.errors.InvalidRequestException)
AclBinding(org.apache.kafka.common.acl.AclBinding)
HashSet(java.util.HashSet)
AclBindingFilter(org.apache.kafka.common.acl.AclBindingFilter)
LogContext(org.apache.kafka.common.utils.LogContext)
AccessControlEntry(org.apache.kafka.common.acl.AccessControlEntry)
Endpoint(org.apache.kafka.common.Endpoint)
SnapshotRegistry(org.apache.kafka.timeline.SnapshotRegistry)
StandardAclWithIdTest(org.apache.kafka.metadata.authorizer.StandardAclWithIdTest)
StandardAclTest(org.apache.kafka.metadata.authorizer.StandardAclTest)
Test(org.junit.jupiter.api.Test)
Example 4 with AclCreateResult
use of org.apache.kafka.server.authorizer.AclCreateResult in project kafka by apache.
the class ClusterMetadataAuthorizerTest method testCreateAcls.
@Test
public void testCreateAcls() throws Exception {
MockAclMutator mutator = new MockAclMutator();
MockClusterMetadataAuthorizer authorizer = new MockClusterMetadataAuthorizer();
authorizer.setAclMutator(mutator);
CompletableFuture<List<AclCreateResult>> response = new CompletableFuture<>();
response.complete(Arrays.asList(AclCreateResult.SUCCESS, new AclCreateResult(new InvalidRequestException("invalid"))));
mutator.setCreateAclsResponse(response);
List<? extends CompletionStage<AclCreateResult>> results = authorizer.createAcls(new MockAuthorizableRequestContext.Builder().build(), TEST_BINDINGS);
assertEquals(2, results.size());
assertEquals(Optional.empty(), results.get(0).toCompletableFuture().get().exception());
assertEquals(InvalidRequestException.class, results.get(1).toCompletableFuture().get().exception().get().getClass());
}
Also used :
CompletableFuture(java.util.concurrent.CompletableFuture)
List(java.util.List)
InvalidRequestException(org.apache.kafka.common.errors.InvalidRequestException)
AclCreateResult(org.apache.kafka.server.authorizer.AclCreateResult)
Test(org.junit.jupiter.api.Test)
Example 5 with AclCreateResult
use of org.apache.kafka.server.authorizer.AclCreateResult in project kafka by apache.
the class AclControlManager method createAcls.
ControllerResult<List<AclCreateResult>> createAcls(List<AclBinding> acls) {
List<AclCreateResult> results = new ArrayList<>(acls.size());
List<ApiMessageAndVersion> records = new ArrayList<>(acls.size());
for (AclBinding acl : acls) {
try {
validateNewAcl(acl);
} catch (Throwable t) {
ApiException e = (t instanceof ApiException) ? (ApiException) t : new UnknownServerException("Unknown error while trying to create ACL", t);
results.add(new AclCreateResult(e));
continue;
}
StandardAcl standardAcl = StandardAcl.fromAclBinding(acl);
if (existingAcls.add(standardAcl)) {
StandardAclWithId standardAclWithId = new StandardAclWithId(newAclId(), standardAcl);
idToAcl.put(standardAclWithId.id(), standardAcl);
records.add(new ApiMessageAndVersion(standardAclWithId.toRecord(), (short) 0));
}
results.add(AclCreateResult.SUCCESS);
}
return new ControllerResult<>(records, results, true);
}
Also used :
StandardAclWithId(org.apache.kafka.metadata.authorizer.StandardAclWithId)
ApiMessageAndVersion(org.apache.kafka.server.common.ApiMessageAndVersion)
ArrayList(java.util.ArrayList)
AclBinding(org.apache.kafka.common.acl.AclBinding)
StandardAcl(org.apache.kafka.metadata.authorizer.StandardAcl)
AclCreateResult(org.apache.kafka.server.authorizer.AclCreateResult)
UnknownServerException(org.apache.kafka.common.errors.UnknownServerException)
ApiException(org.apache.kafka.common.errors.ApiException)
Aggregations
AclCreateResult (org.apache.kafka.server.authorizer.AclCreateResult)5
ArrayList (java.util.ArrayList)3
List (java.util.List)3
CompletableFuture (java.util.concurrent.CompletableFuture)3
Test (org.junit.jupiter.api.Test)3
AclBinding (org.apache.kafka.common.acl.AclBinding)2
ApiException (org.apache.kafka.common.errors.ApiException)2
InvalidRequestException (org.apache.kafka.common.errors.InvalidRequestException)2
UnknownServerException (org.apache.kafka.common.errors.UnknownServerException)2
ApiMessageAndVersion (org.apache.kafka.server.common.ApiMessageAndVersion)2
HashSet (java.util.HashSet)1
Endpoint (org.apache.kafka.common.Endpoint)1
AccessControlEntry (org.apache.kafka.common.acl.AccessControlEntry)1
AclBindingFilter (org.apache.kafka.common.acl.AclBindingFilter)1
AuthorizationException (org.apache.kafka.common.errors.AuthorizationException)1
ResourcePattern (org.apache.kafka.common.resource.ResourcePattern)1
ResourcePatternFilter (org.apache.kafka.common.resource.ResourcePatternFilter)1
LogContext (org.apache.kafka.common.utils.LogContext)1
StandardAcl (org.apache.kafka.metadata.authorizer.StandardAcl)1
StandardAclTest (org.apache.kafka.metadata.authorizer.StandardAclTest)1
