org.apache.kafka.common.acl.AccessControlEntryFilter Java Exaples

Source File: TopologyBuilderAdminClient.java From kafka-topology-builder with MIT License

6 votes

public void clearAcls(TopologyAclBinding aclBinding) throws IOException {
  Collection<AclBindingFilter> filters = new ArrayList<>();

  LOGGER.debug("clearAcl = " + aclBinding);
  ResourcePatternFilter resourceFilter =
      new ResourcePatternFilter(
          aclBinding.getResourceType(),
          aclBinding.getResourceName(),
          PatternType.valueOf(aclBinding.getPattern()));

  AccessControlEntryFilter accessControlEntryFilter =
      new AccessControlEntryFilter(
          aclBinding.getPrincipal(),
          aclBinding.getHost(),
          AclOperation.valueOf(aclBinding.getOperation()),
          AclPermissionType.ANY);

  AclBindingFilter filter = new AclBindingFilter(resourceFilter, accessControlEntryFilter);
  filters.add(filter);
  clearAcls(filters);
}

Source File: AccessControlManagerIT.java From kafka-topology-builder with MIT License

6 votes

private void verifyControlCenterAcls(Platform platform)
    throws ExecutionException, InterruptedException {

  List<ControlCenter> c3List = platform.getControlCenter();

  for (ControlCenter c3 : c3List) {
    ResourcePatternFilter resourceFilter =
        new ResourcePatternFilter(ResourceType.TOPIC, null, PatternType.ANY);

    AccessControlEntryFilter entryFilter =
        new AccessControlEntryFilter(
            c3.getPrincipal(), null, AclOperation.ANY, AclPermissionType.ALLOW);

    AclBindingFilter filter = new AclBindingFilter(resourceFilter, entryFilter);

    Collection<AclBinding> acls = kafkaAdminClient.describeAcls(filter).values().get();

    Assert.assertEquals(16, acls.size());
  }
}

Source File: AccessControlManagerIT.java From kafka-topology-builder with MIT License

5 votes

private void verifyProducerAcls(List<Producer> producers, String topic)
    throws InterruptedException, ExecutionException {

  for (Producer producer : producers) {
    ResourcePatternFilter resourceFilter = ResourcePatternFilter.ANY;
    AccessControlEntryFilter entryFilter =
        new AccessControlEntryFilter(
            producer.getPrincipal(), null, AclOperation.ANY, AclPermissionType.ALLOW);

    AclBindingFilter filter = new AclBindingFilter(resourceFilter, entryFilter);
    Collection<AclBinding> acls = kafkaAdminClient.describeAcls(filter).values().get();

    Assert.assertEquals(2, acls.size());

    List<ResourceType> types =
        acls.stream()
            .map(aclBinding -> aclBinding.pattern().resourceType())
            .collect(Collectors.toList());

    Assert.assertTrue(types.contains(ResourceType.TOPIC));

    List<AclOperation> ops =
        acls.stream()
            .map(aclsBinding -> aclsBinding.entry().operation())
            .collect(Collectors.toList());

    Assert.assertTrue(ops.contains(AclOperation.DESCRIBE));
    Assert.assertTrue(ops.contains(AclOperation.WRITE));
  }
}

Source File: AccessControlManagerIT.java From kafka-topology-builder with MIT License

5 votes

private void verifyConsumerAcls(List<Consumer> consumers, String topic)
    throws InterruptedException, ExecutionException {

  for (Consumer consumer : consumers) {
    ResourcePatternFilter resourceFilter = ResourcePatternFilter.ANY;
    AccessControlEntryFilter entryFilter =
        new AccessControlEntryFilter(
            consumer.getPrincipal(), null, AclOperation.ANY, AclPermissionType.ALLOW);

    AclBindingFilter filter = new AclBindingFilter(resourceFilter, entryFilter);
    Collection<AclBinding> acls = kafkaAdminClient.describeAcls(filter).values().get();

    Assert.assertEquals(3, acls.size());

    List<ResourceType> types =
        acls.stream()
            .map(aclBinding -> aclBinding.pattern().resourceType())
            .collect(Collectors.toList());

    Assert.assertTrue(types.contains(ResourceType.GROUP));
    Assert.assertTrue(types.contains(ResourceType.TOPIC));

    List<AclOperation> ops =
        acls.stream()
            .map(aclsBinding -> aclsBinding.entry().operation())
            .collect(Collectors.toList());

    Assert.assertTrue(ops.contains(AclOperation.DESCRIBE));
    Assert.assertTrue(ops.contains(AclOperation.READ));
  }
}

Source File: KafkaHighLevelAdminClient.java From kafdrop with Apache License 2.0

5 votes

Collection<AclBinding> listAcls() {
  final Collection<AclBinding> aclsBindings;
  try {
    aclsBindings = adminClient.describeAcls(new AclBindingFilter(ResourcePatternFilter.ANY, AccessControlEntryFilter.ANY))
        .values().get();
  } catch (InterruptedException | ExecutionException e) {
    if (e.getCause() instanceof SecurityDisabledException) {
      return Collections.emptyList();
    } else {
      throw new KafkaAdminClientException(e);
    }
  }
  return aclsBindings;
}

Source File: KafkaHighLevelAdminClient.java From kafdrop with Apache License 2.0

5 votes

private void printAcls() {
  try {
    final var acls = adminClient.describeAcls(new AclBindingFilter(ResourcePatternFilter.ANY, AccessControlEntryFilter.ANY)).values().get();
    final var newlineDelimitedAcls = new StringBuilder();
    for (var acl : acls) {
      newlineDelimitedAcls.append('\n').append(acl);
    }
    LOG.info("ACLs: {}", newlineDelimitedAcls);
  } catch (InterruptedException | ExecutionException e) {
    LOG.error("Error describing ACLs", e);
  }
}

Source File: SimpleAclOperator.java From strimzi-kafka-operator with Apache License 2.0

5 votes

/**
 * Returns Set of ACLs applying to single user.
 *
 * @param username  Name of the user.
 * @return The Set of ACLs applying to single user.
 */
public Set<SimpleAclRule> getAcls(String username)   {
    log.debug("Searching for ACL rules of user {}", username);
    Set<SimpleAclRule> result = new HashSet<>();
    KafkaPrincipal principal = new KafkaPrincipal("User", username);

    AclBindingFilter aclBindingFilter = new AclBindingFilter(ResourcePatternFilter.ANY,
        new AccessControlEntryFilter(principal.toString(), null, AclOperation.ANY, AclPermissionType.ANY));

    Collection<AclBinding> aclBindings = null;
    try {
        aclBindings = adminClient.describeAcls(aclBindingFilter).values().get();
    } catch (InterruptedException | ExecutionException e) {
        // Admin Client API needs authorizer enabled on the Kafka brokers
        if (e.getCause() instanceof SecurityDisabledException) {
            throw new InvalidResourceException("Authorization needs to be enabled in the Kafka custom resource", e.getCause());
        } else if (e.getCause() instanceof UnknownServerException && e.getMessage().contains("Simple ACL delegation not enabled")) {
            throw new InvalidResourceException("Simple ACL delegation needs to be enabled in the Kafka custom resource", e.getCause());
        }
    }

    if (aclBindings != null) {
        log.debug("ACL rules for user {}", username);
        for (AclBinding aclBinding : aclBindings) {
            log.debug("{}", aclBinding);
            result.add(SimpleAclRule.fromAclBinding(aclBinding));
        }
    }

    return result;
}

Source File: AccessControlManagerIT.java From kafka-topology-builder with MIT License

4 votes

private void verifySchemaRegistryAcls(Platform platform)
    throws ExecutionException, InterruptedException {

  List<SchemaRegistry> srs = platform.getSchemaRegistry();

  for (SchemaRegistry sr : srs) {

    ResourcePatternFilter resourceFilter =
        new ResourcePatternFilter(ResourceType.TOPIC, null, PatternType.ANY);

    AccessControlEntryFilter entryFilter =
        new AccessControlEntryFilter(
            sr.getPrincipal(), null, AclOperation.ANY, AclPermissionType.ALLOW);

    AclBindingFilter filter = new AclBindingFilter(resourceFilter, entryFilter);

    Collection<AclBinding> acls = kafkaAdminClient.describeAcls(filter).values().get();

    Assert.assertEquals(3, acls.size());
  }
}

org.apache.kafka.common.acl.AccessControlEntryFilter Java Examples