Example 71 with Policies
use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.
the class NonPersistentTopics method getListFromBundle.
@GET
@Path("/{property}/{cluster}/{namespace}/{bundle}")
@ApiOperation(value = "Get the list of non-persistent topics under a namespace bundle.", response = String.class, responseContainer = "List")
@ApiResponses(value = { @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Namespace doesn't exist") })
public List<String> getListFromBundle(@PathParam("property") String property, @PathParam("cluster") String cluster, @PathParam("namespace") String namespace, @PathParam("bundle") String bundleRange) {
log.info("[{}] list of topics on namespace bundle {}/{}/{}/{}", clientAppId(), property, cluster, namespace, bundleRange);
validateAdminAccessOnProperty(property);
Policies policies = getNamespacePolicies(property, cluster, namespace);
if (!cluster.equals(Constants.GLOBAL_CLUSTER)) {
validateClusterOwnership(cluster);
validateClusterForProperty(property, cluster);
} else {
// check cluster ownership for a given global namespace: redirect if peer-cluster owns it
validateGlobalNamespaceOwnership(NamespaceName.get(property, cluster, namespace));
}
NamespaceName fqnn = NamespaceName.get(property, cluster, namespace);
if (!isBundleOwnedByAnyBroker(fqnn, policies.bundles, bundleRange)) {
log.info("[{}] Namespace bundle is not owned by any broker {}/{}/{}/{}", clientAppId(), property, cluster, namespace, bundleRange);
return null;
}
NamespaceBundle nsBundle = validateNamespaceBundleOwnership(fqnn, policies.bundles, bundleRange, true, true);
try {
final List<String> topicList = Lists.newArrayList();
pulsar().getBrokerService().getTopics().forEach((name, topicFuture) -> {
TopicName topicName = TopicName.get(name);
if (nsBundle.includes(topicName)) {
topicList.add(name);
}
});
return topicList;
} catch (Exception e) {
log.error("[{}] Failed to unload namespace bundle {}/{}", clientAppId(), fqnn.toString(), bundleRange, e);
throw new RestException(e);
}
}
Also used :
NamespaceBundle(org.apache.pulsar.common.naming.NamespaceBundle)
NamespaceName(org.apache.pulsar.common.naming.NamespaceName)
Policies(org.apache.pulsar.common.policies.data.Policies)
RestException(org.apache.pulsar.broker.web.RestException)
RestException(org.apache.pulsar.broker.web.RestException)
KeeperException(org.apache.zookeeper.KeeperException)
ExecutionException(java.util.concurrent.ExecutionException)
PulsarServerException(org.apache.pulsar.broker.PulsarServerException)
TopicName(org.apache.pulsar.common.naming.TopicName)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 72 with Policies
use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.
the class PulsarAuthorizationProvider method canConsumeAsync.
/**
* Check if the specified role has permission to receive messages from the specified fully qualified topic
* name.
*
* @param topicName
* the fully qualified topic name associated with the topic.
* @param role
* the app id used to receive messages from the topic.
* @param subscription
* the subscription name defined by the client
*/
@Override
public CompletableFuture<Boolean> canConsumeAsync(TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription) {
CompletableFuture<Boolean> permissionFuture = new CompletableFuture<>();
try {
configCache.policiesCache().getAsync(POLICY_ROOT + topicName.getNamespace()).thenAccept(policies -> {
if (!policies.isPresent()) {
if (log.isDebugEnabled()) {
log.debug("Policies node couldn't be found for topic : {}", topicName);
}
} else {
if (isNotBlank(subscription) && !isSuperUser(role)) {
switch(policies.get().subscription_auth_mode) {
case Prefix:
if (!subscription.startsWith(role)) {
PulsarServerException ex = new PulsarServerException(String.format("Failed to create consumer - The subscription name needs to be prefixed by the authentication role, like %s-xxxx for topic: %s", role, topicName));
permissionFuture.completeExceptionally(ex);
return;
}
break;
default:
break;
}
}
}
checkAuthorization(topicName, role, AuthAction.consume).thenAccept(isAuthorized -> {
permissionFuture.complete(isAuthorized);
});
}).exceptionally(ex -> {
log.warn("Client with Role - {} failed to get permissions for topic - {}. {}", role, topicName, ex.getMessage());
permissionFuture.completeExceptionally(ex);
return null;
});
} catch (Exception e) {
log.warn("Client with Role - {} failed to get permissions for topic - {}. {}", role, topicName, e.getMessage());
permissionFuture.completeExceptionally(e);
}
return permissionFuture;
}
Also used :
ZooKeeper(org.apache.zookeeper.ZooKeeper)
TopicName(org.apache.pulsar.common.naming.TopicName)
Logger(org.slf4j.Logger)
KeeperException(org.apache.zookeeper.KeeperException)
ServiceConfiguration(org.apache.pulsar.broker.ServiceConfiguration)
Preconditions.checkNotNull(com.google.common.base.Preconditions.checkNotNull)
ObjectMapperFactory.getThreadLocal(org.apache.pulsar.common.util.ObjectMapperFactory.getThreadLocal)
LoggerFactory(org.slf4j.LoggerFactory)
Set(java.util.Set)
IOException(java.io.IOException)
CompletableFuture(java.util.concurrent.CompletableFuture)
ConfigurationCacheService(org.apache.pulsar.broker.cache.ConfigurationCacheService)
Stat(org.apache.zookeeper.data.Stat)
AuthenticationDataSource(org.apache.pulsar.broker.authentication.AuthenticationDataSource)
States(org.apache.zookeeper.ZooKeeper.States)
Policies(org.apache.pulsar.common.policies.data.Policies)
StringUtils.isNotBlank(org.apache.commons.lang3.StringUtils.isNotBlank)
POLICIES(org.apache.pulsar.broker.cache.ConfigurationCacheService.POLICIES)
PulsarServerException(org.apache.pulsar.broker.PulsarServerException)
AuthAction(org.apache.pulsar.common.policies.data.AuthAction)
ZooKeeperCache(org.apache.pulsar.zookeeper.ZooKeeperCache)
Map(java.util.Map)
NamespaceName(org.apache.pulsar.common.naming.NamespaceName)
PulsarServerException(org.apache.pulsar.broker.PulsarServerException)
CompletableFuture(java.util.concurrent.CompletableFuture)
KeeperException(org.apache.zookeeper.KeeperException)
IOException(java.io.IOException)
PulsarServerException(org.apache.pulsar.broker.PulsarServerException)
Example 73 with Policies
use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.
the class PulsarAuthorizationProvider method grantPermissionAsync.
@Override
public CompletableFuture<Void> grantPermissionAsync(NamespaceName namespaceName, Set<AuthAction> actions, String role, String authDataJson) {
CompletableFuture<Void> result = new CompletableFuture<>();
try {
validatePoliciesReadOnlyAccess();
} catch (Exception e) {
result.completeExceptionally(e);
}
ZooKeeper globalZk = configCache.getZooKeeper();
final String property = namespaceName.getProperty();
final String cluster = namespaceName.getCluster();
final String namespace = namespaceName.getLocalName();
final String policiesPath = String.format("/%s/%s/%s/%s/%s", "admin", POLICIES, property, cluster, namespace);
try {
Stat nodeStat = new Stat();
byte[] content = globalZk.getData(policiesPath, null, nodeStat);
Policies policies = getThreadLocal().readValue(content, Policies.class);
policies.auth_policies.namespace_auth.put(role, actions);
// Write back the new policies into zookeeper
globalZk.setData(policiesPath, getThreadLocal().writeValueAsBytes(policies), nodeStat.getVersion());
configCache.policiesCache().invalidate(policiesPath);
log.info("[{}] Successfully granted access for role {}: {} - namespace {}/{}/{}", role, role, actions, property, cluster, namespace);
result.complete(null);
} catch (KeeperException.NoNodeException e) {
log.warn("[{}] Failed to set permissions for namespace {}/{}/{}: does not exist", role, property, cluster, namespace);
result.completeExceptionally(new IllegalArgumentException("Namespace does not exist" + namespace));
} catch (KeeperException.BadVersionException e) {
log.warn("[{}] Failed to set permissions for namespace {}/{}/{}: concurrent modification", role, property, cluster, namespace);
result.completeExceptionally(new IllegalStateException("Concurrent modification on zk path: " + policiesPath + ", " + e.getMessage()));
} catch (Exception e) {
log.error("[{}] Failed to get permissions for namespace {}/{}/{}", role, property, cluster, namespace, e);
result.completeExceptionally(new IllegalStateException("Failed to get permissions for namespace " + namespace));
}
return result;
}
Also used :
Policies(org.apache.pulsar.common.policies.data.Policies)
KeeperException(org.apache.zookeeper.KeeperException)
IOException(java.io.IOException)
PulsarServerException(org.apache.pulsar.broker.PulsarServerException)
CompletableFuture(java.util.concurrent.CompletableFuture)
ZooKeeper(org.apache.zookeeper.ZooKeeper)
Stat(org.apache.zookeeper.data.Stat)
KeeperException(org.apache.zookeeper.KeeperException)
Example 74 with Policies
use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.
the class Namespaces method getBundlesData.
@GET
@Path("/{property}/{namespace}/bundles")
@ApiOperation(value = "Get the bundles split data.")
@ApiResponses(value = { @ApiResponse(code = 403, message = "Don't have admin permission"), @ApiResponse(code = 404, message = "Property or cluster or namespace doesn't exist"), @ApiResponse(code = 412, message = "Namespace is not setup to split in bundles") })
public BundlesData getBundlesData(@PathParam("property") String property, @PathParam("namespace") String namespace) {
validateAdminAccessOnProperty(property);
validatePoliciesReadOnlyAccess();
validateNamespaceName(property, namespace);
Policies policies = getNamespacePolicies(namespaceName);
return policies.bundles;
}
Also used :
RetentionPolicies(org.apache.pulsar.common.policies.data.RetentionPolicies)
PersistencePolicies(org.apache.pulsar.common.policies.data.PersistencePolicies)
Policies(org.apache.pulsar.common.policies.data.Policies)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 75 with Policies
use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.
the class Namespaces method getDefaultPolicesIfNull.
private Policies getDefaultPolicesIfNull(Policies policies) {
if (policies != null) {
return policies;
}
Policies defaultPolicies = new Policies();
int defaultNumberOfBundles = config().getDefaultNumberOfNamespaceBundles();
defaultPolicies.bundles = getBundles(defaultNumberOfBundles);
return defaultPolicies;
}
Also used :
RetentionPolicies(org.apache.pulsar.common.policies.data.RetentionPolicies)
PersistencePolicies(org.apache.pulsar.common.policies.data.PersistencePolicies)
Policies(org.apache.pulsar.common.policies.data.Policies)
Aggregations
Policies (org.apache.pulsar.common.policies.data.Policies)93
KeeperException (org.apache.zookeeper.KeeperException)43
RetentionPolicies (org.apache.pulsar.common.policies.data.RetentionPolicies)40
PersistencePolicies (org.apache.pulsar.common.policies.data.PersistencePolicies)39
RestException (org.apache.pulsar.broker.web.RestException)34
PulsarServerException (org.apache.pulsar.broker.PulsarServerException)30
SubscriptionBusyException (org.apache.pulsar.broker.service.BrokerServiceException.SubscriptionBusyException)28
Stat (org.apache.zookeeper.data.Stat)26
WebApplicationException (javax.ws.rs.WebApplicationException)24
ExecutionException (java.util.concurrent.ExecutionException)23
PulsarAdminException (org.apache.pulsar.client.admin.PulsarAdminException)23
Test (org.testng.annotations.Test)21
NamespaceBundle (org.apache.pulsar.common.naming.NamespaceBundle)15
TopicName (org.apache.pulsar.common.naming.TopicName)14
ApiOperation (io.swagger.annotations.ApiOperation)13
ApiResponses (io.swagger.annotations.ApiResponses)13
Path (javax.ws.rs.Path)13
ManagedLedgerException (org.apache.bookkeeper.mledger.ManagedLedgerException)13
NotAllowedException (org.apache.pulsar.broker.service.BrokerServiceException.NotAllowedException)11
NamespaceName (org.apache.pulsar.common.naming.NamespaceName)11
