Examples with AuthAction org.apache.pulsar.common.policies.data.AuthAction used on opensource projects

Example 1 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class PersistentTopicsImpl method getPermissions.

@Override
public Map<String, Set<AuthAction>> getPermissions(String topic) throws PulsarAdminException {
    try {
        TopicName tn = TopicName.get(topic);
        WebTarget path = topicPath(tn, "permissions");
        return request(path).get(new GenericType<Map<String, Set<AuthAction>>>() {
        });
    } catch (Exception e) {
        throw getApiException(e);
    }
}

Example 2 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class PersistentTopicsBase method internalGetPermissionsOnTopic.

protected Map<String, Set<AuthAction>> internalGetPermissionsOnTopic() {
    // This operation should be reading from zookeeper and it should be allowed without having admin privileges
    validateAdminAccessOnProperty(namespaceName.getProperty());
    String topicUri = topicName.toString();
    try {
        Policies policies = policiesCache().get(path(POLICIES, namespaceName.toString())).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Namespace does not exist"));
        Map<String, Set<AuthAction>> permissions = Maps.newTreeMap();
        AuthPolicies auth = policies.auth_policies;
        // First add namespace level permissions
        for (String role : auth.namespace_auth.keySet()) {
            permissions.put(role, auth.namespace_auth.get(role));
        }
        // Then add topic level permissions
        if (auth.destination_auth.containsKey(topicUri)) {
            for (Map.Entry<String, Set<AuthAction>> entry : auth.destination_auth.get(topicUri).entrySet()) {
                String role = entry.getKey();
                Set<AuthAction> topicPermissions = entry.getValue();
                if (!permissions.containsKey(role)) {
                    permissions.put(role, topicPermissions);
                } else {
                    // Do the union between namespace and topic level
                    Set<AuthAction> union = Sets.union(permissions.get(role), topicPermissions);
                    permissions.put(role, union);
                }
            }
        }
        return permissions;
    } catch (Exception e) {
        log.error("[{}] Failed to get permissions for topic {}", clientAppId(), topicUri, e);
        throw new RestException(e);
    }
}

Example 3 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class AdminTest method persistentTopics.

@Test
void persistentTopics() throws Exception {
    final String property = "prop-xyz";
    final String cluster = "use";
    final String namespace = "ns";
    final String topic = "ds1";
    Policies policies = new Policies();
    doReturn(policies).when(resourceQuotas).getNamespacePolicies(NamespaceName.get(property, cluster, namespace));
    doReturn("client-id").when(resourceQuotas).clientAppId();
    // create policies
    PropertyAdmin admin = new PropertyAdmin();
    admin.getAllowedClusters().add(cluster);
    ZkUtils.createFullPathOptimistic(mockZookKeeper, PulsarWebResource.path(POLICIES, property, cluster, namespace), ObjectMapperFactory.getThreadLocal().writeValueAsBytes(new Policies()), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
    List<String> list = persistentTopics.getList(property, cluster, namespace);
    assertTrue(list.isEmpty());
    // create topic
    assertEquals(persistentTopics.getPartitionedTopicList(property, cluster, namespace), Lists.newArrayList());
    persistentTopics.createPartitionedTopic(property, cluster, namespace, topic, 5, false);
    assertEquals(persistentTopics.getPartitionedTopicList(property, cluster, namespace), Lists.newArrayList(String.format("persistent://%s/%s/%s/%s", property, cluster, namespace, topic)));
    CountDownLatch notificationLatch = new CountDownLatch(2);
    configurationCache.policiesCache().registerListener((path, data, stat) -> {
        notificationLatch.countDown();
    });
    // grant permission
    final Set<AuthAction> actions = Sets.newHashSet(AuthAction.produce);
    final String role = "test-role";
    persistentTopics.grantPermissionsOnTopic(property, cluster, namespace, topic, role, actions);
    // verify permission
    Map<String, Set<AuthAction>> permission = persistentTopics.getPermissionsOnTopic(property, cluster, namespace, topic);
    assertEquals(permission.get(role), actions);
    // remove permission
    persistentTopics.revokePermissionsOnTopic(property, cluster, namespace, topic, role);
    // Wait for cache to be updated
    notificationLatch.await();
    // verify removed permission
    permission = persistentTopics.getPermissionsOnTopic(property, cluster, namespace, topic);
    assertTrue(permission.isEmpty());
}

Example 4 with AuthAction

use of org.apache.pulsar.common.policies.data.AuthAction in project incubator-pulsar by apache.

the class NamespacesImpl method getPermissions.

@Override
public Map<String, Set<AuthAction>> getPermissions(String namespace) throws PulsarAdminException {
    try {
        NamespaceName ns = NamespaceName.get(namespace);
        WebTarget path = namespacePath(ns, "permissions");
        return request(path).get(new GenericType<Map<String, Set<AuthAction>>>() {
        });
    } catch (Exception e) {
        throw getApiException(e);
    }
}