THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block | ||||
---|---|---|---|---|
| ||||
package org.apache.kafka.server.authorizer; import java.io.Closeable; import java.util.List; import java.util.Map; import java.util.Set; import java.util.concurrent.CompletableFuture; import org.apache.kafka.common.Configurable; import org.apache.kafka.common.acl.AccessControlEntry; import org.apache.kafka.common.annotation.InterfaceStability; import org.apache.kafka.common.resource.ResourcePattern; import org.apache.kafka.common.security.auth.SecurityProtocol; import org.apache.kafka.common.KafkaRequestContext; /** * * Pluggable authorizer interface for Kafka brokers. * * Startup sequence in brokers: * <ol> * <li>Broker creates authorizer instance if configured in `authorizer.class` or `authorizer.class.name`.</li> * <li>Broker configures and starts authorizer instance. Authorizer implementation starts loading its metadata.</li> * <li>Broker starts SocketServer to accept connections and process requests.</li> * <li>For each listener, SocketServer waits for authorization metadata to be available in the * authorizer before accepting connections. The future returned by {@link #start(String, SecurityProtocol)} * must return only when authorizer is ready to authorize requests on the listener.</li> * <li>Broker accepts connections. For each connection, broker performs authentication and then accepts Kafka requests. * For each request, broker invokes {@link #authorize(KafkaRequestContext, List)} to authorize * actions performed by the request.</li> * </ol> * * Authorizer implementation class may optionally implement the following interfaces: * <ul> * <li>@{@link org.apache.kafka.common.Reconfigurable} to enable dynamic reconfiguration * without restarting the broker.</li> * <li>{@link org.apache.kafka.common.ClusterResourceListener} to obtain cluster id</li> * </ul> */ @InterfaceStability.Evolving public interface Authorizer extends Configurable, Closeable { /** * Starts loading authorization metadata for the listener and returns afutures future that can be used to wait until * used to wait until* all metadata for authorizing requests on the specifiedeach listener areis available. Each listener will be * Each listener will be* started only after its metadata is available and authorizer is ready to start authorizing * start authorizing requests on that listener. * * @param listenerNamelisteners Listener names with their security Nameprotocols of listener * @return *CompletableFutures @paramfor securityProtocoleach listener Securitythat completes protocolwhen usedauthorizer byis theready listenerto * @return CompletableFuture that completes when authorizer is ready to start authorizing requests on that listener. Returned map contains one future * for each listener requestsname onin the input specified`listeners` listenermap. */ CompletableFuture<Void>Map<String, CompletableFuture<Void>> start(String listenerNameMap<String, SecurityProtocolSecurityProtocol> securityProtocollisteners); /** * Authorizes the specified action. Additional metadata for the action is specified * in `requestContext`. * * @param requestContext Request context including request type, security protocol and listener name * @param actions Actions being authorized including resource and operation for each action * @return List of authorization results for each action in the same order as the provided actions */ List<AuthorizationResult> authorize(KafkaRequestContext requestContext, List<Action> actions); /** * Creates a new ACL binding. * * @param requestContext Request context if the ACL is being created by a broker to handle * a client request to create ACLs. This may be null if ACLs are created directly in ZooKeeper * using AclCommand. * @param resourcePattern Resource pattern for which ACLs are being added * @param accessControlEntries List of access control entries to add for resource * * @return Create result for each access control entry in the same order as in the input list */ List<AclCreateResult> createAcls(KafkaRequestContext requestContext, ResourcePattern resourcePattern, List<AccessControlEntry> accessControlEntries); /** * Deletes the specified ACL binding. * * @param requestContext Request context if the ACL is being deleted by a broker to handle * a client request to delete ACLs. This may be null if ACLs are deleted directly in ZooKeeper * using AclCommand. * @param resourcePattern Resource pattern for which ACLs are being removed * @param accessControlEntries Set of access control entries to remove for resource * * @return Delete result for each access control entry in the same order as in the input list. * Each result indicates if the entry was actually deleted. */ List<AclDeleteResult> deleteAcls(KafkaRequestContext requestContext, ResourcePattern resourcePattern, List<AccessControlEntry> accessControlEntries); /** * Deletes all ACL bindings for the specified resource pattern. Only ACLs explicitly configured * with this resource pattern are deleted, no matching is performed. * * @param requestContext Request context if the ACLs are being deleted by a broker to handle * a client request to delete ACLs. This may be null if ACLs are deleted directly in ZooKeeper * using AclCommand. * @param resourcePattern Resource pattern whose ACLs are deleted * @return true if at least one ACL binding was deleted, false otherwise */ boolean deleteAcls(KafkaRequestContext requestContext, ResourcePattern resourcePattern); /** * Returns all ACL bindings. * * @return Access control entries of all ACL bindings grouped by resource pattern. */ Map<ResourcePattern, Set<AccessControlEntry>> acls(); /** * Returns access control entries defined for the specified resource pattern. * * @param resourcePattern Resource pattern for which ACLs are returned. No matching is performed, * only ACLs defined for the specified pattern are returned. * * @return ACL bindings for resource pattern. */ Set<AccessControlEntry> acls(ResourcePattern resourcePattern); } |
...