Examples with Policies org.apache.pulsar.common.policies.data.Policies used on opensource projects

Search in sources :

Example 61 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class PersistentTopicsBase method internalRevokePermissionsOnTopic.

protected void internalRevokePermissionsOnTopic(String role) {
    // This operation should be reading from zookeeper and it should be allowed without having admin privileges
    validateAdminAccessOnProperty(namespaceName.getProperty());
    validatePoliciesReadOnlyAccess();
    String topicUri = topicName.toString();
    Stat nodeStat = new Stat();
    Policies policies;
    try {
        byte[] content = globalZk().getData(path(POLICIES, namespaceName.toString()), null, nodeStat);
        policies = jsonMapper().readValue(content, Policies.class);
    } catch (KeeperException.NoNodeException e) {
        log.warn("[{}] Failed to revoke permissions on topic {}: Namespace does not exist", clientAppId(), topicUri);
        throw new RestException(Status.NOT_FOUND, "Namespace does not exist");
    } catch (Exception e) {
        log.error("[{}] Failed to revoke permissions for topic {}", clientAppId(), topicUri, e);
        throw new RestException(e);
    }
    if (!policies.auth_policies.destination_auth.containsKey(topicUri) || !policies.auth_policies.destination_auth.get(topicUri).containsKey(role)) {
        log.warn("[{}] Failed to revoke permission from role {} on topic: Not set at topic level", clientAppId(), role, topicUri);
        throw new RestException(Status.PRECONDITION_FAILED, "Permissions are not set at the topic level");
    }
    policies.auth_policies.destination_auth.get(topicUri).remove(role);
    try {
        // Write the new policies to zookeeper
        String namespacePath = path(POLICIES, namespaceName.toString());
        globalZk().setData(namespacePath, jsonMapper().writeValueAsBytes(policies), nodeStat.getVersion());
        // invalidate the local cache to force update
        policiesCache().invalidate(namespacePath);
        globalZkCache().invalidate(namespacePath);
        log.info("[{}] Successfully revoke access for role {} - topic {}", clientAppId(), role, topicUri);
    } catch (Exception e) {
        log.error("[{}] Failed to revoke permissions for topic {}", clientAppId(), topicUri, e);
        throw new RestException(e);
    }
}
Also used : Stat(org.apache.zookeeper.data.Stat) AuthPolicies(org.apache.pulsar.common.policies.data.AuthPolicies) Policies(org.apache.pulsar.common.policies.data.Policies) RestException(org.apache.pulsar.broker.web.RestException) KeeperException(org.apache.zookeeper.KeeperException) NotAllowedException(org.apache.pulsar.broker.service.BrokerServiceException.NotAllowedException) NotFoundException(org.apache.pulsar.client.admin.PulsarAdminException.NotFoundException) PreconditionFailedException(org.apache.pulsar.client.admin.PulsarAdminException.PreconditionFailedException) RestException(org.apache.pulsar.broker.web.RestException) PulsarClientException(org.apache.pulsar.client.api.PulsarClientException) ManagedLedgerException(org.apache.bookkeeper.mledger.ManagedLedgerException) SubscriptionBusyException(org.apache.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException) WebApplicationException(javax.ws.rs.WebApplicationException) KeeperException(org.apache.zookeeper.KeeperException) PulsarAdminException(org.apache.pulsar.client.admin.PulsarAdminException) IOException(java.io.IOException) ExecutionException(java.util.concurrent.ExecutionException) TopicBusyException(org.apache.pulsar.broker.service.BrokerServiceException.TopicBusyException) PulsarServerException(org.apache.pulsar.broker.PulsarServerException)

Example 62 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class AdminResource method getNamespacePolicies.

protected Policies getNamespacePolicies(NamespaceName namespaceName) {
    try {
        Policies policies = policiesCache().get(AdminResource.path(POLICIES, namespaceName.toString())).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Namespace does not exist"));
        // fetch bundles from LocalZK-policies
        NamespaceBundles bundles = pulsar().getNamespaceService().getNamespaceBundleFactory().getBundles(namespaceName);
        BundlesData bundleData = NamespaceBundleFactory.getBundlesData(bundles);
        policies.bundles = bundleData != null ? bundleData : policies.bundles;
        return policies;
    } catch (RestException re) {
        throw re;
    } catch (Exception e) {
        log.error("[{}] Failed to get namespace policies {}", clientAppId(), namespaceName, e);
        throw new RestException(e);
    }
}
Also used : NamespaceIsolationPolicies(org.apache.pulsar.common.policies.impl.NamespaceIsolationPolicies) LocalPolicies(org.apache.pulsar.common.policies.data.LocalPolicies) Policies(org.apache.pulsar.common.policies.data.Policies) NamespaceBundles(org.apache.pulsar.common.naming.NamespaceBundles) RestException(org.apache.pulsar.broker.web.RestException) BundlesData(org.apache.pulsar.common.policies.data.BundlesData) RestException(org.apache.pulsar.broker.web.RestException) KeeperException(org.apache.zookeeper.KeeperException) MalformedURLException(java.net.MalformedURLException) WebApplicationException(javax.ws.rs.WebApplicationException)

Example 63 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class ResourceQuotasBase method internalGetNamespaceBundleResourceQuota.

@SuppressWarnings("deprecation")
protected ResourceQuota internalGetNamespaceBundleResourceQuota(String bundleRange) {
    validateSuperUserAccess();
    Policies policies = getNamespacePolicies(namespaceName);
    if (!namespaceName.isGlobal()) {
        validateClusterOwnership(namespaceName.getCluster());
        validateClusterForProperty(namespaceName.getProperty(), namespaceName.getCluster());
    }
    NamespaceBundle nsBundle = validateNamespaceBundleRange(namespaceName, policies.bundles, bundleRange);
    try {
        return pulsar().getLocalZkCacheService().getResourceQuotaCache().getQuota(nsBundle);
    } catch (Exception e) {
        log.error("[{}] Failed to get resource quota for namespace bundle {}", clientAppId(), nsBundle.toString());
        throw new RestException(e);
    }
}
Also used : NamespaceBundle(org.apache.pulsar.common.naming.NamespaceBundle) Policies(org.apache.pulsar.common.policies.data.Policies) RestException(org.apache.pulsar.broker.web.RestException) KeeperException(org.apache.zookeeper.KeeperException) RestException(org.apache.pulsar.broker.web.RestException)

Example 64 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class ResourceQuotasBase method internalRemoveNamespaceBundleResourceQuota.

@SuppressWarnings("deprecation")
protected void internalRemoveNamespaceBundleResourceQuota(String bundleRange) {
    validateSuperUserAccess();
    validatePoliciesReadOnlyAccess();
    Policies policies = getNamespacePolicies(namespaceName);
    if (!namespaceName.isGlobal()) {
        validateClusterOwnership(namespaceName.getCluster());
        validateClusterForProperty(namespaceName.getProperty(), namespaceName.getCluster());
    }
    NamespaceBundle nsBundle = validateNamespaceBundleRange(namespaceName, policies.bundles, bundleRange);
    try {
        pulsar().getLocalZkCacheService().getResourceQuotaCache().unsetQuota(nsBundle);
        log.info("[{}] Successfully unset resource quota for namespace bundle {}", clientAppId(), nsBundle.toString());
    } catch (KeeperException.NoNodeException e) {
        log.warn("[{}] Failed to unset resource quota for namespace bundle {}: concurrent modification", clientAppId(), nsBundle.toString());
        throw new RestException(Status.CONFLICT, "Cuncurrent modification on namespace bundle quota");
    } catch (Exception e) {
        log.error("[{}] Failed to unset resource quota for namespace bundle {}", clientAppId(), nsBundle.toString());
        throw new RestException(e);
    }
}
Also used : NamespaceBundle(org.apache.pulsar.common.naming.NamespaceBundle) Policies(org.apache.pulsar.common.policies.data.Policies) RestException(org.apache.pulsar.broker.web.RestException) KeeperException(org.apache.zookeeper.KeeperException) KeeperException(org.apache.zookeeper.KeeperException) RestException(org.apache.pulsar.broker.web.RestException)

Example 65 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class Namespaces method getPermissions.

@GET
@Path("/{property}/{cluster}/{namespace}/permissions")
@ApiOperation(hidden = true, value = "Retrieve the permissions for a namespace.")
@ApiResponses(value = { @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Property or cluster or namespace doesn't exist"), @ApiResponse(code = 409, message = "Namespace is not empty") })
public Map<String, Set<AuthAction>> getPermissions(@PathParam("property") String property, @PathParam("cluster") String cluster, @PathParam("namespace") String namespace) {
    validateAdminAccessOnProperty(property);
    validateNamespaceName(property, cluster, namespace);
    Policies policies = getNamespacePolicies(namespaceName);
    return policies.auth_policies.namespace_auth;
}
Also used : RetentionPolicies(org.apache.pulsar.common.policies.data.RetentionPolicies) PersistencePolicies(org.apache.pulsar.common.policies.data.PersistencePolicies) Policies(org.apache.pulsar.common.policies.data.Policies) Path(javax.ws.rs.Path) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Aggregations

Policies (org.apache.pulsar.common.policies.data.Policies)93 KeeperException (org.apache.zookeeper.KeeperException)43 RetentionPolicies (org.apache.pulsar.common.policies.data.RetentionPolicies)40 PersistencePolicies (org.apache.pulsar.common.policies.data.PersistencePolicies)39 RestException (org.apache.pulsar.broker.web.RestException)34 PulsarServerException (org.apache.pulsar.broker.PulsarServerException)30 SubscriptionBusyException (org.apache.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException)28 Stat (org.apache.zookeeper.data.Stat)26 WebApplicationException (javax.ws.rs.WebApplicationException)24 ExecutionException (java.util.concurrent.ExecutionException)23 PulsarAdminException (org.apache.pulsar.client.admin.PulsarAdminException)23 Test (org.testng.annotations.Test)21 NamespaceBundle (org.apache.pulsar.common.naming.NamespaceBundle)15 TopicName (org.apache.pulsar.common.naming.TopicName)14 ApiOperation (io.swagger.annotations.ApiOperation)13 ApiResponses (io.swagger.annotations.ApiResponses)13 Path (javax.ws.rs.Path)13 ManagedLedgerException (org.apache.bookkeeper.mledger.ManagedLedgerException)13 NotAllowedException (org.apache.pulsar.broker.service.BrokerServiceException.NotAllowedException)11 NamespaceName (org.apache.pulsar.common.naming.NamespaceName)11
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial