Search in sources :

Example 1 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class PersistentTopicsImpl method getPermissions.

@Override
public Map<String, Set<AuthAction>> getPermissions(String topic) throws PulsarAdminException {
    try {
        TopicName tn = TopicName.get(topic);
        WebTarget path = topicPath(tn, "permissions");
        return request(path).get(new GenericType<Map<String, Set<AuthAction>>>() {
        });
    } catch (Exception e) {
        throw getApiException(e);
    }
}
Also used : WebTarget(javax.ws.rs.client.WebTarget) Map(java.util.Map) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) NotFoundException(org.apache.pulsar.client.admin.PulsarAdminException.NotFoundException) ClientErrorException(javax.ws.rs.ClientErrorException) WebApplicationException(javax.ws.rs.WebApplicationException) PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException) ExecutionException(java.util.concurrent.ExecutionException) ServerErrorException(javax.ws.rs.ServerErrorException) TopicName(org.apache.pulsar.common.naming.TopicName) AuthAction(org.apache.pulsar.common.policies.data.AuthAction)

Example 2 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class PersistentTopicsBase method internalGetPermissionsOnTopic.

protected Map<String, Set<AuthAction>> internalGetPermissionsOnTopic() {
    // This operation should be reading from zookeeper and it should be allowed without having admin privileges
    validateAdminAccessOnProperty(namespaceName.getProperty());
    String topicUri = topicName.toString();
    try {
        Policies policies = policiesCache().get(path(POLICIES, namespaceName.toString())).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Namespace does not exist"));
        Map<String, Set<AuthAction>> permissions = Maps.newTreeMap();
        AuthPolicies auth = policies.auth_policies;
        // First add namespace level permissions
        for (String role : auth.namespace_auth.keySet()) {
            permissions.put(role, auth.namespace_auth.get(role));
        }
        // Then add topic level permissions
        if (auth.destination_auth.containsKey(topicUri)) {
            for (Map.Entry<String, Set<AuthAction>> entry : auth.destination_auth.get(topicUri).entrySet()) {
                String role = entry.getKey();
                Set<AuthAction> topicPermissions = entry.getValue();
                if (!permissions.containsKey(role)) {
                    permissions.put(role, topicPermissions);
                } else {
                    // Do the union between namespace and topic level
                    Set<AuthAction> union = Sets.union(permissions.get(role), topicPermissions);
                    permissions.put(role, union);
                }
            }
        }
        return permissions;
    } catch (Exception e) {
        log.error("[{}] Failed to get permissions for topic {}", clientAppId(), topicUri, e);
        throw new RestException(e);
    }
}
Also used : AuthPolicies(org.apache.pulsar.common.policies.data.AuthPolicies) AuthPolicies(org.apache.pulsar.common.policies.data.AuthPolicies) Policies(org.apache.pulsar.common.policies.data.Policies) RestException(org.apache.pulsar.broker.web.RestException) NotAllowedException(org.apache.pulsar.broker.service.BrokerServiceException.NotAllowedException) NotFoundException(org.apache.pulsar.client.admin.PulsarAdminException.NotFoundException) PreconditionFailedException(org.apache.pulsar.client.admin.PulsarAdminException.PreconditionFailedException) RestException(org.apache.pulsar.broker.web.RestException) PulsarClientException(org.apache.pulsar.client.api.PulsarClientException) ManagedLedgerException(org.apache.bookkeeper.mledger.ManagedLedgerException) SubscriptionBusyException(org.apache.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException) WebApplicationException(javax.ws.rs.WebApplicationException) KeeperException(org.apache.zookeeper.KeeperException) PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) TopicBusyException(org.apache.pulsar.broker.service.BrokerServiceException.TopicBusyException) PulsarServerException(org.apache.pulsar.broker.PulsarServerException) AuthAction(org.apache.pulsar.common.policies.data.AuthAction)

Example 3 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class AdminTest method persistentTopics.

@Test
void persistentTopics() throws Exception {
    final String property = "prop-xyz";
    final String cluster = "use";
    final String namespace = "ns";
    final String topic = "ds1";
    Policies policies = new Policies();
    doReturn(policies).when(resourceQuotas).getNamespacePolicies(NamespaceName.get(property, cluster, namespace));
    doReturn("client-id").when(resourceQuotas).clientAppId();
    // create policies
    PropertyAdmin admin = new PropertyAdmin();
    admin.getAllowedClusters().add(cluster);
    ZkUtils.createFullPathOptimistic(mockZookKeeper, PulsarWebResource.path(POLICIES, property, cluster, namespace), ObjectMapperFactory.getThreadLocal().writeValueAsBytes(new Policies()), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
    List<String> list = persistentTopics.getList(property, cluster, namespace);
    assertTrue(list.isEmpty());
    // create topic
    assertEquals(persistentTopics.getPartitionedTopicList(property, cluster, namespace), Lists.newArrayList());
    persistentTopics.createPartitionedTopic(property, cluster, namespace, topic, 5, false);
    assertEquals(persistentTopics.getPartitionedTopicList(property, cluster, namespace), Lists.newArrayList(String.format("persistent://%s/%s/%s/%s", property, cluster, namespace, topic)));
    CountDownLatch notificationLatch = new CountDownLatch(2);
    configurationCache.policiesCache().registerListener((path, data, stat) -> {
        notificationLatch.countDown();
    });
    // grant permission
    final Set<AuthAction> actions = Sets.newHashSet(AuthAction.produce);
    final String role = "test-role";
    persistentTopics.grantPermissionsOnTopic(property, cluster, namespace, topic, role, actions);
    // verify permission
    Map<String, Set<AuthAction>> permission = persistentTopics.getPermissionsOnTopic(property, cluster, namespace, topic);
    assertEquals(permission.get(role), actions);
    // remove permission
    persistentTopics.revokePermissionsOnTopic(property, cluster, namespace, topic, role);
    // Wait for cache to be updated
    notificationLatch.await();
    // verify removed permission
    permission = persistentTopics.getPermissionsOnTopic(property, cluster, namespace, topic);
    assertTrue(permission.isEmpty());
}
Also used : Policies(org.apache.pulsar.common.policies.data.Policies) Set(java.util.Set) PropertyAdmin(org.apache.pulsar.common.policies.data.PropertyAdmin) CountDownLatch(java.util.concurrent.CountDownLatch) AuthAction(org.apache.pulsar.common.policies.data.AuthAction) Test(org.testng.annotations.Test) MockedPulsarServiceBaseTest(org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)

Example 4 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class NamespacesImpl method getPermissions.

@Override
public Map<String, Set<AuthAction>> getPermissions(String namespace) throws PulsarAdminException {
    try {
        NamespaceName ns = NamespaceName.get(namespace);
        WebTarget path = namespacePath(ns, "permissions");
        return request(path).get(new GenericType<Map<String, Set<AuthAction>>>() {
        });
    } catch (Exception e) {
        throw getApiException(e);
    }
}
Also used : NamespaceName(org.apache.pulsar.common.naming.NamespaceName) WebTarget(javax.ws.rs.client.WebTarget) Map(java.util.Map) PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException) AuthAction(org.apache.pulsar.common.policies.data.AuthAction)

Aggregations

AuthAction (org.apache.pulsar.common.policies.data.AuthAction)4 PulsarAdminException (org.apache.pulsar.client.admin.PulsarAdminException)3 Map (java.util.Map)2 ExecutionException (java.util.concurrent.ExecutionException)2 WebApplicationException (javax.ws.rs.WebApplicationException)2 WebTarget (javax.ws.rs.client.WebTarget)2 NotFoundException (org.apache.pulsar.client.admin.PulsarAdminException.NotFoundException)2 Policies (org.apache.pulsar.common.policies.data.Policies)2 IOException (java.io.IOException)1 Set (java.util.Set)1 CountDownLatch (java.util.concurrent.CountDownLatch)1 ClientErrorException (javax.ws.rs.ClientErrorException)1 ServerErrorException (javax.ws.rs.ServerErrorException)1 MultivaluedMap (javax.ws.rs.core.MultivaluedMap)1 ManagedLedgerException (org.apache.bookkeeper.mledger.ManagedLedgerException)1 PulsarServerException (org.apache.pulsar.broker.PulsarServerException)1 MockedPulsarServiceBaseTest (org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest)1 NotAllowedException (org.apache.pulsar.broker.service.BrokerServiceException.NotAllowedException)1 SubscriptionBusyException (org.apache.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException)1 TopicBusyException (org.apache.pulsar.broker.service.BrokerServiceException.TopicBusyException)1