Java Code Examples for org.apache.kafka.common.security.auth.KafkaPrincipal#USER_TYPE
The following examples show how to use
org.apache.kafka.common.security.auth.KafkaPrincipal#USER_TYPE .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 6 votes |
|
@Test
public void getAcls() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "my_user");
Resource topic1 = Resource.fromString(Topic.name() + Resource.Separator() + "topic1");
Resource topic2 = Resource.fromString(Topic.name() + Resource.Separator() + "topic2");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(readAcl, topic1);
client.addAcls(readAcl, topic2);
Map<Resource, Set<Acl>> allAcls = new HashMap<>();
allAcls.put(topic1, readAcl);
allAcls.put(topic2, readAcl);
assertThat(client.getAcls(), is(allAcls));
}
Example 2
| Source File: SentryKafkaAuthorizerTest.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testSubAdmin() {
KafkaPrincipal admin = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "subadmin");
RequestChannel.Session host1Session = new RequestChannel.Session(admin, testHostName1);
RequestChannel.Session host2Session = new RequestChannel.Session(admin, testHostName2);
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Create"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Describe"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("ClusterAction"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Read"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Write"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Create"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Delete"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Alter"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Describe"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("ClusterAction"),topic1Resource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Create"), clusterResource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Describe"), clusterResource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("ClusterAction"), clusterResource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Read"), topic1Resource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Write"), topic1Resource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Create"), topic1Resource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Delete"), topic1Resource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Alter"), topic1Resource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Describe"), topic1Resource));
Assert.assertFalse("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("ClusterAction"), topic1Resource));
}
Example 3
| Source File: JwtKafkaPrincipalBuilder.java From strimzi-kafka-oauth with Apache License 2.0 | 5 votes |
|
@Override
public KafkaPrincipal build(AuthenticationContext context) {
if (context instanceof SaslAuthenticationContext) {
OAuthBearerSaslServer server = (OAuthBearerSaslServer) ((SaslAuthenticationContext) context).server();
if (OAuthBearerLoginModule.OAUTHBEARER_MECHANISM.equals(server.getMechanismName())) {
return new JwtKafkaPrincipal(KafkaPrincipal.USER_TYPE,
server.getAuthorizationID(),
(BearerTokenWithPayload) server.getNegotiatedProperty("OAUTHBEARER.token"));
}
}
return super.build(context);
}
Example 4
| Source File: SentryKafkaAuthorizerTest.java From incubator-sentry with Apache License 2.0 | 5 votes |
|
@Test
public void testAdmin() {
KafkaPrincipal admin = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "admin");
RequestChannel.Session host1Session = new RequestChannel.Session(admin, testHostName1);
RequestChannel.Session host2Session = new RequestChannel.Session(admin, testHostName2);
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Create"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Describe"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("ClusterAction"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Read"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Write"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Create"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Delete"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Alter"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("Describe"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host1Session, Operation$.MODULE$.fromString("ClusterAction"),topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Create"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Describe"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("ClusterAction"), clusterResource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Read"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Write"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Create"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Delete"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Alter"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("Describe"), topic1Resource));
Assert.assertTrue("Test failed.", authorizer.authorize(host2Session, Operation$.MODULE$.fromString("ClusterAction"), topic1Resource));
}
Example 5
| Source File: SimpleAclOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 5 votes |
|
@Test
public void testGetUsersFromAcls(VertxTestContext context) {
Admin mockAdminClient = mock(AdminClient.class);
SimpleAclOperator aclOp = new SimpleAclOperator(vertx, mockAdminClient);
ResourcePattern res1 = new ResourcePattern(ResourceType.TOPIC, "my-topic", PatternType.LITERAL);
ResourcePattern res2 = new ResourcePattern(ResourceType.GROUP, "my-group", PatternType.LITERAL);
KafkaPrincipal foo = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "CN=foo");
AclBinding fooAclBinding = new AclBinding(res1, new AccessControlEntry(foo.toString(), "*",
org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
KafkaPrincipal bar = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "CN=bar");
AclBinding barAclBinding = new AclBinding(res1, new AccessControlEntry(bar.toString(), "*",
org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
KafkaPrincipal baz = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "baz");
AclBinding bazAclBinding = new AclBinding(res2, new AccessControlEntry(baz.toString(), "*",
org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
KafkaPrincipal all = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "*");
AclBinding allAclBinding = new AclBinding(res1, new AccessControlEntry(all.toString(), "*",
org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
KafkaPrincipal anonymous = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "ANONYMOUS");
AclBinding anonymousAclBinding = new AclBinding(res2, new AccessControlEntry(anonymous.toString(), "*",
org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
Collection<AclBinding> aclBindings =
asList(fooAclBinding, barAclBinding, bazAclBinding, allAclBinding, anonymousAclBinding);
assertDoesNotThrow(() -> mockDescribeAcls(mockAdminClient, AclBindingFilter.ANY, aclBindings));
assertThat(aclOp.getUsersWithAcls(), is(new HashSet<>(asList("foo", "bar", "baz"))));
context.completeNow();
}
Example 6
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test(expected = AdminOperationException.class)
public void removeAcls_zkException() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "user");
Resource resource = Resource.fromString(Topic.name() + Resource.Separator() + "topic");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
failureClient.removeAcls(readAcl, resource);
}
Example 7
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test (expected = IllegalArgumentException.class)
public void removeAcls_nullResource() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "my_user");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.removeAcls(readAcl, null);
}
Example 8
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test
public void removeAcls() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "my_user");
Resource topic1 = Resource.fromString(Topic.name() + Resource.Separator() + "topic1");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(readAcl, topic1);
assertThat(client.getAcls(topic1), is(readAcl));
client.removeAcls(readAcl, topic1);
assertThat(client.getAcls(topic1), is(empty()));
}
Example 9
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test(expected = AdminOperationException.class)
public void addAcls_zkException() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "user");
Resource resource = Resource.fromString(Topic.name() + Resource.Separator() + "topic");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
failureClient.addAcls(readAcl, resource);
}
Example 10
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test
public void addAcls() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "my_user");
Resource topic1 = Resource.fromString(Topic.name() + Resource.Separator() + "topic1");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(readAcl, topic1);
assertThat(client.getAcls(topic1), is(readAcl));
}
Example 11
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test(expected = UnsupportedOperationException.class)
public void getAcls_withResource_immutable() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "user");
Resource topic = Resource.fromString(Topic.name() + Resource.Separator() + "topic");
Set<Acl> userAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(userAcl, topic);
client.getAcls(topic).clear();
}
Example 12
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test
public void getAcls_withResource() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "my_user");
Resource topic1 = Resource.fromString(Topic.name() + Resource.Separator() + "topic1");
Resource topic2 = Resource.fromString(Topic.name() + Resource.Separator() + "topic2");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(readAcl, topic1);
client.addAcls(readAcl, topic2);
assertThat(client.getAcls(topic1), is(readAcl));
}
Example 13
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test(expected = UnsupportedOperationException.class)
public void getAcls_withKafkaPrincipal_immutable() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "user");
Resource topic = Resource.fromString(Topic.name() + Resource.Separator() + "topic");
Set<Acl> userAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(userAcl, topic);
client.getAcls(user).clear();
}
Example 14
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test
public void getAcls_withKafkaPrincipal() {
KafkaPrincipal user1 = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "user1");
KafkaPrincipal user2 = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "user2");
Resource topic1 = Resource.fromString(Topic.name() + Resource.Separator() + "topic1");
Set<Acl> user1Acl = Collections.singleton(new Acl(user1, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
Set<Acl> user2Acl = Collections.singleton(new Acl(user2, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(user1Acl, topic1);
client.addAcls(user2Acl, topic1);
assertThat(client.getAcls(user1), is(Collections.singletonMap(topic1, user1Acl)));
}
Example 15
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 5 votes |
|
@Test(expected = UnsupportedOperationException.class)
public void getAcls_immutable() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "my_user");
Resource topic = Resource.fromString(Topic.name() + Resource.Separator() + "topic");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(readAcl, topic);
client.getAcls().clear();
}
Example 16
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 4 votes |
|
@Test (expected = IllegalArgumentException.class)
public void addAcls_nullResource() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "my_user");
Set<Acl> readAcl = Collections.singleton(new Acl(user, Allow$.MODULE$, Acl.WildCardHost(), Read$.MODULE$));
client.addAcls(readAcl, null);
}
Example 17
| Source File: KafkaAdminClientTest.java From common-kafka with Apache License 2.0 | 4 votes |
|
@Test(expected = AdminOperationException.class)
public void getAcls_withKafkaPrincipal_zkException() {
KafkaPrincipal user = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "user");
failureClient.getAcls(user);
}
Example 18
| Source File: SimpleAclOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
@Test
public void testReconcileInternalCreateAddsAclsToAuthorizer(VertxTestContext context) {
Admin mockAdminClient = mock(AdminClient.class);
SimpleAclOperator aclOp = new SimpleAclOperator(vertx, mockAdminClient);
ResourcePattern resource1 = new ResourcePattern(ResourceType.CLUSTER, "kafka-cluster", PatternType.LITERAL);
ResourcePattern resource2 = new ResourcePattern(ResourceType.TOPIC, "my-topic", PatternType.LITERAL);
KafkaPrincipal foo = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "CN=foo");
AclBinding describeAclBinding = new AclBinding(resource1, new AccessControlEntry(foo.toString(), "*",
org.apache.kafka.common.acl.AclOperation.DESCRIBE, AclPermissionType.ALLOW));
AclBinding readAclBinding = new AclBinding(resource2, new AccessControlEntry(foo.toString(), "*",
org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
AclBinding writeAclBinding = new AclBinding(resource2, new AccessControlEntry(foo.toString(), "*",
org.apache.kafka.common.acl.AclOperation.WRITE, AclPermissionType.ALLOW));
SimpleAclRuleResource ruleResource1 = new SimpleAclRuleResource("kafka-cluster", SimpleAclRuleResourceType.CLUSTER, AclResourcePatternType.LITERAL);
SimpleAclRuleResource ruleResource2 = new SimpleAclRuleResource("my-topic", SimpleAclRuleResourceType.TOPIC, AclResourcePatternType.LITERAL);
SimpleAclRule resource1DescribeRule = new SimpleAclRule(AclRuleType.ALLOW, ruleResource1, "*", AclOperation.DESCRIBE);
SimpleAclRule resource2ReadRule = new SimpleAclRule(AclRuleType.ALLOW, ruleResource2, "*", AclOperation.READ);
SimpleAclRule resource2WriteRule = new SimpleAclRule(AclRuleType.ALLOW, ruleResource2, "*", AclOperation.WRITE);
ArgumentCaptor<Collection<AclBinding>> aclBindingsCaptor = ArgumentCaptor.forClass(Collection.class);
assertDoesNotThrow(() -> {
mockDescribeAcls(mockAdminClient, null, emptyList());
mockCreateAcls(mockAdminClient, aclBindingsCaptor);
});
Checkpoint async = context.checkpoint();
aclOp.reconcile("CN=foo", new LinkedHashSet<>(asList(resource2ReadRule, resource2WriteRule, resource1DescribeRule)))
.onComplete(context.succeeding(rr -> context.verify(() -> {
Collection<AclBinding> capturedAclBindings = aclBindingsCaptor.getValue();
assertThat(capturedAclBindings, hasSize(3));
assertThat(capturedAclBindings, hasItems(describeAclBinding, readAclBinding, writeAclBinding));
Set<ResourcePattern> capturedResourcePatterns =
capturedAclBindings.stream().map(AclBinding::pattern).collect(Collectors.toSet());
assertThat(capturedResourcePatterns, hasSize(2));
assertThat(capturedResourcePatterns, hasItems(resource1, resource2));
async.flag();
})));
}
Example 19
| Source File: SimpleAclOperatorTest.java From strimzi-kafka-operator with Apache License 2.0 | 4 votes |
|
@Test
public void testReconcileInternalUpdateCreatesNewAclsAndDeletesOldAcls(VertxTestContext context) {
Admin mockAdminClient = mock(AdminClient.class);
SimpleAclOperator aclOp = new SimpleAclOperator(vertx, mockAdminClient);
ResourcePattern resource1 = new ResourcePattern(ResourceType.TOPIC, "my-topic", PatternType.LITERAL);
ResourcePattern resource2 = new ResourcePattern(ResourceType.TOPIC, "my-topic2", PatternType.LITERAL);
KafkaPrincipal foo = new KafkaPrincipal(KafkaPrincipal.USER_TYPE, "CN=foo");
AclBinding readAclBinding = new AclBinding(resource1, new AccessControlEntry(foo.toString(), "*", org.apache.kafka.common.acl.AclOperation.READ, AclPermissionType.ALLOW));
AclBinding writeAclBinding = new AclBinding(resource2, new AccessControlEntry(foo.toString(), "*", org.apache.kafka.common.acl.AclOperation.WRITE, AclPermissionType.ALLOW));
SimpleAclRuleResource resource = new SimpleAclRuleResource("my-topic2", SimpleAclRuleResourceType.TOPIC, AclResourcePatternType.LITERAL);
SimpleAclRule rule1 = new SimpleAclRule(AclRuleType.ALLOW, resource, "*", AclOperation.WRITE);
ArgumentCaptor<Collection<AclBinding>> aclBindingsCaptor = ArgumentCaptor.forClass(Collection.class);
ArgumentCaptor<Collection<AclBindingFilter>> aclBindingFiltersCaptor = ArgumentCaptor.forClass(Collection.class);
assertDoesNotThrow(() -> {
mockDescribeAcls(mockAdminClient, null, Collections.singleton(readAclBinding));
mockCreateAcls(mockAdminClient, aclBindingsCaptor);
mockDeleteAcls(mockAdminClient, Collections.singleton(readAclBinding), aclBindingFiltersCaptor);
});
Checkpoint async = context.checkpoint();
aclOp.reconcile("CN=foo", new LinkedHashSet(asList(rule1)))
.onComplete(context.succeeding(rr -> context.verify(() -> {
// Create Write rule for resource 2
Collection<AclBinding> capturedAclBindings = aclBindingsCaptor.getValue();
assertThat(capturedAclBindings, hasSize(1));
assertThat(capturedAclBindings, hasItem(writeAclBinding));
Set<ResourcePattern> capturedResourcePatterns =
capturedAclBindings.stream().map(AclBinding::pattern).collect(Collectors.toSet());
assertThat(capturedResourcePatterns, hasSize(1));
assertThat(capturedResourcePatterns, hasItem(resource2));
// Delete read rule for resource 1
Collection<AclBindingFilter> capturedAclBindingFilters = aclBindingFiltersCaptor.getValue();
assertThat(capturedAclBindingFilters, hasSize(1));
assertThat(capturedAclBindingFilters, hasItem(readAclBinding.toFilter()));
Set<ResourcePatternFilter> capturedResourcePatternFilters =
capturedAclBindingFilters.stream().map(AclBindingFilter::patternFilter).collect(Collectors.toSet());
assertThat(capturedResourcePatternFilters, hasSize(1));
assertThat(capturedResourcePatternFilters, hasItem(resource1.toFilter()));
async.flag();
})));
}
