use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.
the class PersistentTopicsImpl method getPermissions.
@Override
public Map<String, Set<AuthAction>> getPermissions(String topic) throws PulsarAdminException {
try {
TopicName tn = TopicName.get(topic);
WebTarget path = topicPath(tn, "permissions");
return request(path).get(new GenericType<Map<String, Set<AuthAction>>>() {
});
} catch (Exception e) {
throw getApiException(e);
}
}
use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.
the class PersistentTopicsBase method internalGetPermissionsOnTopic.
protected Map<String, Set<AuthAction>> internalGetPermissionsOnTopic() {
// This operation should be reading from zookeeper and it should be allowed without having admin privileges
validateAdminAccessOnProperty(namespaceName.getProperty());
String topicUri = topicName.toString();
try {
Policies policies = policiesCache().get(path(POLICIES, namespaceName.toString())).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Namespace does not exist"));
Map<String, Set<AuthAction>> permissions = Maps.newTreeMap();
AuthPolicies auth = policies.auth_policies;
// First add namespace level permissions
for (String role : auth.namespace_auth.keySet()) {
permissions.put(role, auth.namespace_auth.get(role));
}
// Then add topic level permissions
if (auth.destination_auth.containsKey(topicUri)) {
for (Map.Entry<String, Set<AuthAction>> entry : auth.destination_auth.get(topicUri).entrySet()) {
String role = entry.getKey();
Set<AuthAction> topicPermissions = entry.getValue();
if (!permissions.containsKey(role)) {
permissions.put(role, topicPermissions);
} else {
// Do the union between namespace and topic level
Set<AuthAction> union = Sets.union(permissions.get(role), topicPermissions);
permissions.put(role, union);
}
}
}
return permissions;
} catch (Exception e) {
log.error("[{}] Failed to get permissions for topic {}", clientAppId(), topicUri, e);
throw new RestException(e);
}
}
use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.
the class AdminTest method persistentTopics.
@Test
void persistentTopics() throws Exception {
final String property = "prop-xyz";
final String cluster = "use";
final String namespace = "ns";
final String topic = "ds1";
Policies policies = new Policies();
doReturn(policies).when(resourceQuotas).getNamespacePolicies(NamespaceName.get(property, cluster, namespace));
doReturn("client-id").when(resourceQuotas).clientAppId();
// create policies
PropertyAdmin admin = new PropertyAdmin();
admin.getAllowedClusters().add(cluster);
ZkUtils.createFullPathOptimistic(mockZookKeeper, PulsarWebResource.path(POLICIES, property, cluster, namespace), ObjectMapperFactory.getThreadLocal().writeValueAsBytes(new Policies()), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
List<String> list = persistentTopics.getList(property, cluster, namespace);
assertTrue(list.isEmpty());
// create topic
assertEquals(persistentTopics.getPartitionedTopicList(property, cluster, namespace), Lists.newArrayList());
persistentTopics.createPartitionedTopic(property, cluster, namespace, topic, 5, false);
assertEquals(persistentTopics.getPartitionedTopicList(property, cluster, namespace), Lists.newArrayList(String.format("persistent://%s/%s/%s/%s", property, cluster, namespace, topic)));
CountDownLatch notificationLatch = new CountDownLatch(2);
configurationCache.policiesCache().registerListener((path, data, stat) -> {
notificationLatch.countDown();
});
// grant permission
final Set<AuthAction> actions = Sets.newHashSet(AuthAction.produce);
final String role = "test-role";
persistentTopics.grantPermissionsOnTopic(property, cluster, namespace, topic, role, actions);
// verify permission
Map<String, Set<AuthAction>> permission = persistentTopics.getPermissionsOnTopic(property, cluster, namespace, topic);
assertEquals(permission.get(role), actions);
// remove permission
persistentTopics.revokePermissionsOnTopic(property, cluster, namespace, topic, role);
// Wait for cache to be updated
notificationLatch.await();
// verify removed permission
permission = persistentTopics.getPermissionsOnTopic(property, cluster, namespace, topic);
assertTrue(permission.isEmpty());
}
use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.
the class NamespacesImpl method getPermissions.
@Override
public Map<String, Set<AuthAction>> getPermissions(String namespace) throws PulsarAdminException {
try {
NamespaceName ns = NamespaceName.get(namespace);
WebTarget path = namespacePath(ns, "permissions");
return request(path).get(new GenericType<Map<String, Set<AuthAction>>>() {
});
} catch (Exception e) {
throw getApiException(e);
}
}
Aggregations