Java Code Examples for org.apache.kafka.common.resource.ResourceType#CLUSTER
The following examples show how to use
org.apache.kafka.common.resource.ResourceType#CLUSTER .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: MDSApiClient.java From kafka-topology-builder with MIT License | 6 votes |
|
public TopologyAclBinding bindRole(
String principal, String role, String resourceName, Map<String, Object> scope) {
HttpPost postRequest =
new HttpPost(mdsServer + "/security/1.0/principals/" + principal + "/roles/" + role);
postRequest.addHeader("accept", " application/json");
postRequest.addHeader("Content-Type", "application/json");
postRequest.addHeader("Authorization", "Basic " + basicCredentials);
try {
postRequest.setEntity(new StringEntity(JSON.asString(scope)));
LOGGER.debug("bind.entity: " + JSON.asString(scope));
post(postRequest);
return new TopologyAclBinding(
ResourceType.CLUSTER, resourceName, "*", role, principal, PatternType.ANY.name());
} catch (IOException e) {
e.printStackTrace();
return null;
}
}
Example 2
| Source File: TopologyBuilderAdminClient.java From kafka-topology-builder with MIT License | 5 votes |
|
public List<AclBinding> setAclsForControlCenter(String principal, String appId)
throws IOException {
List<AclBinding> bindings = new ArrayList<>();
bindings.add(buildGroupLevelAcl(principal, appId, PatternType.PREFIXED, AclOperation.READ));
bindings.add(
buildGroupLevelAcl(principal, appId + "-command", PatternType.PREFIXED, AclOperation.READ));
Arrays.asList("_confluent-monitoring", "_confluent-command", " _confluent-metrics")
.forEach(
topic ->
Stream.of(
AclOperation.WRITE,
AclOperation.READ,
AclOperation.CREATE,
AclOperation.DESCRIBE)
.map(
aclOperation ->
buildTopicLevelAcl(principal, topic, PatternType.LITERAL, aclOperation))
.forEach(aclBinding -> bindings.add(aclBinding)));
Stream.of(AclOperation.WRITE, AclOperation.READ, AclOperation.CREATE, AclOperation.DESCRIBE)
.map(
aclOperation ->
buildTopicLevelAcl(principal, appId, PatternType.PREFIXED, aclOperation))
.forEach(aclBinding -> bindings.add(aclBinding));
ResourcePattern resourcePattern =
new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
AccessControlEntry entry =
new AccessControlEntry(principal, "*", AclOperation.DESCRIBE, AclPermissionType.ALLOW);
bindings.add(new AclBinding(resourcePattern, entry));
entry =
new AccessControlEntry(
principal, "*", AclOperation.DESCRIBE_CONFIGS, AclPermissionType.ALLOW);
bindings.add(new AclBinding(resourcePattern, entry));
createAcls(bindings);
return bindings;
}
Example 3
| Source File: TopologyBuilderAdminClient.java From kafka-topology-builder with MIT License | 5 votes |
|
public List<AclBinding> setAclsForConnect(
String principal, String topicPrefix, List<String> readTopics, List<String> writeTopics)
throws IOException {
List<AclBinding> acls = new ArrayList<>();
List<String> topics = Arrays.asList("connect-status", "connect-offsets", "connect-configs");
for (String topic : topics) {
acls.add(buildTopicLevelAcl(principal, topic, PatternType.LITERAL, AclOperation.READ));
acls.add(buildTopicLevelAcl(principal, topic, PatternType.LITERAL, AclOperation.WRITE));
}
ResourcePattern resourcePattern =
new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
AccessControlEntry entry =
new AccessControlEntry(principal, "*", AclOperation.CREATE, AclPermissionType.ALLOW);
acls.add(new AclBinding(resourcePattern, entry));
resourcePattern = new ResourcePattern(ResourceType.GROUP, "*", PatternType.LITERAL);
entry = new AccessControlEntry(principal, "*", AclOperation.READ, AclPermissionType.ALLOW);
acls.add(new AclBinding(resourcePattern, entry));
if (readTopics != null) {
readTopics.forEach(
topic -> {
acls.add(buildTopicLevelAcl(principal, topic, PatternType.LITERAL, AclOperation.READ));
});
}
if (writeTopics != null) {
writeTopics.forEach(
topic -> {
acls.add(buildTopicLevelAcl(principal, topic, PatternType.LITERAL, AclOperation.WRITE));
});
}
createAcls(acls);
return acls;
}
Example 4
| Source File: SimpleAclRuleResourceTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testToKafkaResourcePatternForClusterResource() {
// Regular cluster
SimpleAclRuleResource clusterResourceRules = new SimpleAclRuleResource(null, SimpleAclRuleResourceType.CLUSTER, null);
ResourcePattern expectedKafkaResourcePattern = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
assertThat(clusterResourceRules.toKafkaResourcePattern(), is(expectedKafkaResourcePattern));
}
Example 5
| Source File: SimpleAclRuleResourceTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testFromKafkaResourcePatternWithClusterResource() {
// Regular cluster
ResourcePattern kafkaClusterResourcePattern = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
SimpleAclRuleResource expectedClusterResourceRules = new SimpleAclRuleResource("kafka-cluster", SimpleAclRuleResourceType.CLUSTER, AclResourcePatternType.LITERAL);
assertThat(SimpleAclRuleResource.fromKafkaResourcePattern(kafkaClusterResourcePattern), is(expectedClusterResourceRules));
}
Example 6
| Source File: SimpleAclRuleResourceTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testFromCrdToKafkaResourcePatternForClusterResource() {
// Regular cluster
AclRuleResource resource = new AclRuleClusterResource();
ResourcePattern expectedKafkaClusterResourcePattern = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
assertThat(SimpleAclRuleResource.fromCrd(resource).toKafkaResourcePattern(), is(expectedKafkaClusterResourcePattern));
}
Example 7
| Source File: SimpleAclOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
@Test
public void testReconcileInternalCreateAddsAclsToAuthorizer(VertxTestContext context) {
Admin mockAdminClient = mock(AdminClient.class);
SimpleAclOperator aclOp = new SimpleAclOperator(vertx, mockAdminClient);
ResourcePattern resource1 = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
ResourcePattern resource2 = new ResourcePattern(ResourceType.TOPIC, "my-topic", PatternType.LITERAL);
KafkaPrincipal foo = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "CN=foo");
AclBinding describeAclBinding = new AclBinding(resource1, new AccessControlEntry(foo.toString(), "*",
org.apache.kafka.common.acl.AclOperation.DESCRIBE, AclPermissionType.ALLOW));
AclBinding readAclBinding = new AclBinding(resource2, new AccessControlEntry(foo.toString(), "*",
org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
AclBinding writeAclBinding = new AclBinding(resource2, new AccessControlEntry(foo.toString(), "*",
org.apache.kafka.common.acl.AclOperation.WRITE, AclPermissionType.ALLOW));
SimpleAclRuleResource ruleResource1 = new SimpleAclRuleResource("kafka-cluster", SimpleAclRuleResourceType.CLUSTER, AclResourcePatternType.LITERAL);
SimpleAclRuleResource ruleResource2 = new SimpleAclRuleResource("my-topic", SimpleAclRuleResourceType.TOPIC, AclResourcePatternType.LITERAL);
SimpleAclRule resource1DescribeRule = new SimpleAclRule(AclRuleType.ALLOW, ruleResource1, "*", AclOperation.DESCRIBE);
SimpleAclRule resource2ReadRule = new SimpleAclRule(AclRuleType.ALLOW, ruleResource2, "*", AclOperation.READ);
SimpleAclRule resource2WriteRule = new SimpleAclRule(AclRuleType.ALLOW, ruleResource2, "*", AclOperation.WRITE);
ArgumentCaptor<Collection<AclBinding>> aclBindingsCaptor = ArgumentCaptor.forClass(Collection.class);
assertDoesNotThrow(() -> {
mockDescribeAcls(mockAdminClient, null, emptyList());
mockCreateAcls(mockAdminClient, aclBindingsCaptor);
});
Checkpoint async = context.checkpoint();
aclOp.reconcile("CN=foo", new LinkedHashSet<>(asList(resource2ReadRule, resource2WriteRule, resource1DescribeRule)))
.onComplete(context.succeeding(rr -> context.verify(() -> {
Collection<AclBinding> capturedAclBindings = aclBindingsCaptor.getValue();
assertThat(capturedAclBindings, hasSize(3));
assertThat(capturedAclBindings, hasItems(describeAclBinding, readAclBinding, writeAclBinding));
Set<ResourcePattern> capturedResourcePatterns =
capturedAclBindings.stream().map(AclBinding::pattern).collect(Collectors.toSet());
assertThat(capturedResourcePatterns, hasSize(2));
assertThat(capturedResourcePatterns, hasItems(resource1, resource2));
async.flag();
})));
}
Example 8
| Source File: SimpleAclRuleResourceTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
@Test
public void testFromKafkaResourcePatternToKafkaResourcePatternRoundTripForClusterResource() {
// Regular cluster
ResourcePattern kafka = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
assertThat(SimpleAclRuleResource.fromKafkaResourcePattern(kafka).toKafkaResourcePattern(), is(kafka));
}
