THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Code Block |
---|
public interface Authorizer extends Configurable { /** * @param session The session being authenticated. * @param operation Type of operation client is trying to perform on resource. * @param resource Resource the client is trying to access. * @return * * @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist * @throws org.apache.kafka.common.errors.InvalidOperationException if requested operation is not * supported on the resource */ public boolean authorize(Session session, Operation operation, Resource resource); /** * implementation specific description, like, supported principal types. * * @return implementation specific description. */ public String description(); /** * add the acls to resource, this is an additive operation so existing acls will not be overwritten, instead these new * acls will be added to existing acls. * * @param acls set of acls to add to existing acls * @param resource the resource to which these acls should be attached. * * @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to add acls for the resource * @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist * @throws org.apache.kafka.common.errors.InvalidAclException if an invalid acl is being added */ public void addAcls(Set<Acl> acls, Resource resource); /** * remove these acls from the resource. * * @param acls set of acls to be removed. * @param resource resource from which the acls should be removed. * @return true if some acl got removed, false if no acl was removed. * * @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to remove acls for the resource * @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist * @throws org.apache.kafka.common.errors.InvalidAclException if an invalid acl is being removed */ public boolean removeAcls(Set<Acl> acls, Resource resource); /** * remove a resource along with all of its acls from acl store. * * @param resource * @return * * @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to remove acls for the resource * @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist */ public boolean removeAcls(Resource resource); /** * get set of acls for this resource * * @param resource * @return empty set if no acls are found, otherwise the acls for the resource. * * @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to access acls for the resource * @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist */ public Set<Acl> acls(Resource resource); /** * get the acls for this principal. * * @param principal * @return empty Map if no acls exist for this principal, otherwise a map of resource -> acls for the principal. * * @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to access acls for the principal * @throws org.apache.kafka.common.errors.InvalidPrincipalException if principal is invalid */ public Map<Resource, Set<Acl>> acls(KafkaPrincipal principal); /** * gets the map of resource to acls for all resources. */ public Map<Resource, Set<Acl>> acls(); /** * Closes this instance. */ public void close(); } |
Proposed Changes
The KIP proposes to move authorizer interface and all related classes, i.e., Acl, Operation, PermissionType, Resource, ResourceType, KafkaPrincipal and Session
, to a separate package, org.apache.kafka.authorizer
, that third-party authorizer implementations, core
and clients
packages can depend on. Only change made to default authorizer, SimpleAclAuthorizer,
will be the interface it extends.
...