THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block |
|---|
public interface Authorizer extends Configurable {
/**
* @param session The session being authenticated.
* @param operation Type of operation client is trying to perform on resource.
* @param resource Resource the client is trying to access.
* @return
*
* @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist
* @throws org.apache.kafka.common.errors.InvalidOperationException if requested operation is not
* supported on the resource
*/
public boolean authorize(Session session, Operation operation, Resource resource);
/**
* implementation specific description, like, supported principal types.
*
* @return implementation specific description.
*/
public String description();
/**
* add the acls to resource, this is an additive operation so existing acls will not be overwritten, instead these new
* acls will be added to existing acls.
*
* @param acls set of acls to add to existing acls
* @param resource the resource to which these acls should be attached.
*
* @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to add acls for the resource
* @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist
* @throws org.apache.kafka.common.errors.InvalidAclException if an invalid acl is being added
*/
public void addAcls(Set<Acl> acls, Resource resource);
/**
* remove these acls from the resource.
*
* @param acls set of acls to be removed.
* @param resource resource from which the acls should be removed.
* @return true if some acl got removed, false if no acl was removed.
*
* @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to remove acls for the resource
* @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist
* @throws org.apache.kafka.common.errors.InvalidAclException if an invalid acl is being removed
*/
public boolean removeAcls(Set<Acl> acls, Resource resource);
/**
* remove a resource along with all of its acls from acl store.
*
* @param resource
* @return
*
* @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to remove acls for the resource
* @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist
*/
public boolean removeAcls(Resource resource);
/**
* get set of acls for this resource
*
* @param resource
* @return empty set if no acls are found, otherwise the acls for the resource.
*
* @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to access acls for the resource
* @throws org.apache.kafka.common.errors.InvalidResourceException if resource does not exist
*/
public Set<Acl> acls(Resource resource);
/**
* get the acls for this principal.
*
* @param principal
* @return empty Map if no acls exist for this principal, otherwise a map of resource -> acls for the principal.
*
* @throws org.apache.kafka.common.errors.AuthorizationException if not authorized to access acls for the principal
* @throws org.apache.kafka.common.errors.InvalidPrincipalException if principal is invalid
*/
public Map<Resource, Set<Acl>> acls(KafkaPrincipal principal);
/**
* gets the map of resource to acls for all resources.
*/
public Map<Resource, Set<Acl>> acls();
/**
* Closes this instance.
*/
public void close();
}
|
Proposed Changes
The KIP proposes to move authorizer interface and all related classes, i.e., Acl, Operation, PermissionType, Resource, ResourceType, KafkaPrincipal and Session, to a separate package, org.apache.kafka.authorizer, that third-party authorizer implementations, core and clients packages can depend on. Only change made to default authorizer, SimpleAclAuthorizer, will be the interface it extends.
...