Examples with Policies org.apache.pulsar.common.policies.data.Policies used on opensource projects

Example 11 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class NamespacesBase method internalSetSubscriptionAuthMode.

protected void internalSetSubscriptionAuthMode(SubscriptionAuthMode subscriptionAuthMode) {
    validateAdminAccessOnProperty(namespaceName.getProperty());
    validatePoliciesReadOnlyAccess();
    if (subscriptionAuthMode == null) {
        subscriptionAuthMode = SubscriptionAuthMode.None;
    }
    try {
        Stat nodeStat = new Stat();
        final String path = path(POLICIES, namespaceName.toString());
        byte[] content = globalZk().getData(path, null, nodeStat);
        Policies policies = jsonMapper().readValue(content, Policies.class);
        policies.subscription_auth_mode = subscriptionAuthMode;
        globalZk().setData(path, jsonMapper().writeValueAsBytes(policies), nodeStat.getVersion());
        policiesCache().invalidate(path(POLICIES, namespaceName.toString()));
        log.info("[{}] Successfully updated subscription auth mode: namespace={}, map={}", clientAppId(), namespaceName, jsonMapper().writeValueAsString(policies.backlog_quota_map));
    } catch (KeeperException.NoNodeException e) {
        log.warn("[{}] Failed to update subscription auth mode for namespace {}: does not exist", clientAppId(), namespaceName);
        throw new RestException(Status.NOT_FOUND, "Namespace does not exist");
    } catch (KeeperException.BadVersionException e) {
        log.warn("[{}] Failed to update subscription auth mode for namespace {}/{}/{}: concurrent modification", clientAppId(), namespaceName);
        throw new RestException(Status.CONFLICT, "Concurrent modification");
    } catch (RestException pfe) {
        throw pfe;
    } catch (Exception e) {
        log.error("[{}] Failed to update subscription auth mode for namespace {}/{}/{}", clientAppId(), namespaceName, e);
        throw new RestException(e);
    }
}

Example 12 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class PersistentTopicsBase method internalGetPermissionsOnTopic.

protected Map<String, Set<AuthAction>> internalGetPermissionsOnTopic() {
    // This operation should be reading from zookeeper and it should be allowed without having admin privileges
    validateAdminAccessOnProperty(namespaceName.getProperty());
    String topicUri = topicName.toString();
    try {
        Policies policies = policiesCache().get(path(POLICIES, namespaceName.toString())).orElseThrow(() -> new RestException(Status.NOT_FOUND, "Namespace does not exist"));
        Map<String, Set<AuthAction>> permissions = Maps.newTreeMap();
        AuthPolicies auth = policies.auth_policies;
        // First add namespace level permissions
        for (String role : auth.namespace_auth.keySet()) {
            permissions.put(role, auth.namespace_auth.get(role));
        }
        // Then add topic level permissions
        if (auth.destination_auth.containsKey(topicUri)) {
            for (Map.Entry<String, Set<AuthAction>> entry : auth.destination_auth.get(topicUri).entrySet()) {
                String role = entry.getKey();
                Set<AuthAction> topicPermissions = entry.getValue();
                if (!permissions.containsKey(role)) {
                    permissions.put(role, topicPermissions);
                } else {
                    // Do the union between namespace and topic level
                    Set<AuthAction> union = Sets.union(permissions.get(role), topicPermissions);
                    permissions.put(role, union);
                }
            }
        }
        return permissions;
    } catch (Exception e) {
        log.error("[{}] Failed to get permissions for topic {}", clientAppId(), topicUri, e);
        throw new RestException(e);
    }
}

Example 13 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class PersistentTopicsBase method internalGrantPermissionsOnTopic.

protected void internalGrantPermissionsOnTopic(String role, Set<AuthAction> actions) {
    // This operation should be reading from zookeeper and it should be allowed without having admin privileges
    validateAdminAccessOnProperty(namespaceName.getProperty());
    validatePoliciesReadOnlyAccess();
    String topicUri = topicName.toString();
    try {
        Stat nodeStat = new Stat();
        byte[] content = globalZk().getData(path(POLICIES, namespaceName.toString()), null, nodeStat);
        Policies policies = jsonMapper().readValue(content, Policies.class);
        if (!policies.auth_policies.destination_auth.containsKey(topicUri)) {
            policies.auth_policies.destination_auth.put(topicUri, new TreeMap<String, Set<AuthAction>>());
        }
        policies.auth_policies.destination_auth.get(topicUri).put(role, actions);
        // Write the new policies to zookeeper
        globalZk().setData(path(POLICIES, namespaceName.toString()), jsonMapper().writeValueAsBytes(policies), nodeStat.getVersion());
        // invalidate the local cache to force update
        policiesCache().invalidate(path(POLICIES, namespaceName.toString()));
        log.info("[{}] Successfully granted access for role {}: {} - topic {}", clientAppId(), role, actions, topicUri);
    } catch (KeeperException.NoNodeException e) {
        log.warn("[{}] Failed to grant permissions on topic {}: Namespace does not exist", clientAppId(), topicUri);
        throw new RestException(Status.NOT_FOUND, "Namespace does not exist");
    } catch (Exception e) {
        log.error("[{}] Failed to grant permissions for topic {}", clientAppId(), topicUri, e);
        throw new RestException(e);
    }
}

Example 14 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class NonPersistentDispatcherSingleActiveConsumer method isConsumersExceededOnSubscription.

protected boolean isConsumersExceededOnSubscription() {
    Policies policies;
    try {
        policies = topic.getBrokerService().pulsar().getConfigurationCache().policiesCache().get(AdminResource.path(POLICIES, TopicName.get(topicName).getNamespace())).orElseGet(() -> new Policies());
    } catch (Exception e) {
        policies = new Policies();
    }
    final int maxConsumersPerSubscription = policies.max_consumers_per_subscription > 0 ? policies.max_consumers_per_subscription : serviceConfig.getMaxConsumersPerSubscription();
    if (maxConsumersPerSubscription > 0 && maxConsumersPerSubscription <= consumers.size()) {
        return true;
    }
    return false;
}

Example 15 with Policies

use of org.apache.pulsar.common.policies.data.Policies in project incubator-pulsar by apache.

the class ModularLoadManagerImpl method shouldAntiAffinityNamespaceUnload.

public boolean shouldAntiAffinityNamespaceUnload(String namespace, String bundle, String currentBroker) {
    try {
        Optional<Policies> nsPolicies = pulsar.getConfigurationCache().policiesCache().get(path(POLICIES, namespace));
        if (!nsPolicies.isPresent() || StringUtils.isBlank(nsPolicies.get().antiAffinityGroup)) {
            return true;
        }
        synchronized (brokerCandidateCache) {
            brokerCandidateCache.clear();
            ServiceUnitId serviceUnit = pulsar.getNamespaceService().getNamespaceBundleFactory().getBundle(namespace, bundle);
            LoadManagerShared.applyNamespacePolicies(serviceUnit, policies, brokerCandidateCache, getAvailableBrokers(), brokerTopicLoadingPredicate);
            return LoadManagerShared.shouldAntiAffinityNamespaceUnload(namespace, bundle, currentBroker, pulsar, brokerToNamespaceToBundleRange, brokerCandidateCache);
        }
    } catch (Exception e) {
        log.warn("Failed to check anti-affinity namespace ownership for {}/{}/{}, {}", namespace, bundle, currentBroker, e.getMessage());
    }
    return true;
}