Class AuthorizationService
java.lang.Object
org.apache.pulsar.broker.authorization.AuthorizationService
Authorization service that manages pluggable authorization provider and authorize requests accordingly.
-
Constructor Summary
ConstructorDescriptionAuthorizationService
(ServiceConfiguration conf, PulsarResources pulsarResources) -
Method Summary
Modifier and TypeMethodDescriptionallowFunctionOpsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData) allowFunctionOpsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams) allowNamespaceOperationAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String originalRole, String role, AuthenticationDataSource authData) allowNamespaceOperationAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a namespace to the given client.boolean
allowNamespacePolicyOperation
(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) Deprecated.- will be removed after 2.12.allowNamespacePolicyOperationAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) allowNamespacePolicyOperationAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a namespace to the given client.allowSinkOpsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData) allowSinkOpsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams) allowSourceOpsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData) allowSourceOpsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams) boolean
allowTenantOperation
(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData) Deprecated.- will be removed after 2.12.allowTenantOperationAsync
(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData) allowTenantOperationAsync
(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a tenant to the given client.allowTopicOperation
(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData) Deprecated.- will be removed after 2.12.allowTopicOperationAsync
(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData) allowTopicOperationAsync
(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a topic to the given client.allowTopicOperationAsync
(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationParameters authParams) allowTopicPolicyOperation
(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) Deprecated.- will be removed after 2.12.allowTopicPolicyOperationAsync
(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) allowTopicPolicyOperationAsync
(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a topic to the given client.boolean
canConsume
(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription) canConsumeAsync
(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription) Check if the specified role has permission to receive messages from the specified fully qualified topic name.boolean
canLookup
(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) Check whether the specified role can perform a lookup for the specified topic.canLookupAsync
(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) Check whether the specified role can perform a lookup for the specified topic.boolean
canProduce
(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) canProduceAsync
(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) Check if the specified role has permission to send messages to the specified fully qualified topic name.CompletableFuture<Map<String,
Set<org.apache.pulsar.common.policies.data.AuthAction>>> getPermissionsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName) CompletableFuture<Map<String,
Set<org.apache.pulsar.common.policies.data.AuthAction>>> getPermissionsAsync
(org.apache.pulsar.common.naming.TopicName topicName) getSubscriptionPermissionsAsync
(org.apache.pulsar.common.naming.NamespaceName namespaceName) grantPermissionAsync
(org.apache.pulsar.common.naming.NamespaceName namespace, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson) Grant authorization-action permission on a namespace to the given client.grantPermissionAsync
(org.apache.pulsar.common.naming.TopicName topicName, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson) Grant authorization-action permission on a topic to the given client.grantSubscriptionPermissionAsync
(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, Set<String> roles, String authDataJson) Grant permission to roles that can access subscription-admin api.boolean
isProxyRole
(String role) isSuperUser
(String user, AuthenticationDataSource authenticationData) isSuperUser
(AuthenticationParameters authParams) isTenantAdmin
(String tenant, String role, org.apache.pulsar.common.policies.data.TenantInfo tenantInfo, AuthenticationDataSource authenticationData) boolean
isValidOriginalPrincipal
(String authenticatedPrincipal, String originalPrincipal, SocketAddress remoteAddress, boolean allowNonProxyPrincipalsToBeEqual) Validates that the authenticatedPrincipal and the originalPrincipal are a valid combination.boolean
isValidOriginalPrincipal
(String authenticatedPrincipal, String originalPrincipal, AuthenticationDataSource authDataSource) Whether the authenticatedPrincipal and the originalPrincipal form a valid pair.removePermissionsAsync
(org.apache.pulsar.common.naming.TopicName topicName) revokePermissionAsync
(org.apache.pulsar.common.naming.NamespaceName namespace, String role) Revoke authorization-action permission on a namespace to the given client.revokePermissionAsync
(org.apache.pulsar.common.naming.TopicName topicName, String role) Revoke authorization-action permission on a topic to the given client.revokeSubscriptionPermissionAsync
(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, String role, String authDataJson) Revoke subscription admin-api access for a role.
-
Constructor Details
-
AuthorizationService
public AuthorizationService(ServiceConfiguration conf, PulsarResources pulsarResources) throws PulsarServerException - Throws:
PulsarServerException
-
-
Method Details
-
isSuperUser
-
isSuperUser
public CompletableFuture<Boolean> isSuperUser(String user, AuthenticationDataSource authenticationData) -
isTenantAdmin
public CompletableFuture<Boolean> isTenantAdmin(String tenant, String role, org.apache.pulsar.common.policies.data.TenantInfo tenantInfo, AuthenticationDataSource authenticationData) -
grantPermissionAsync
public CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson) Grant authorization-action permission on a namespace to the given client. NOTE: used to complete withIllegalArgumentException
when namespace not found or withIllegalStateException
when failed to grant permission.- Parameters:
namespace
-actions
-role
-authDataJson
- additional authdata in json for targeted authorization provider
-
revokePermissionAsync
public CompletableFuture<Void> revokePermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String role) Revoke authorization-action permission on a namespace to the given client.- Parameters:
namespace
-role
-
-
grantSubscriptionPermissionAsync
public CompletableFuture<Void> grantSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, Set<String> roles, String authDataJson) Grant permission to roles that can access subscription-admin api.- Parameters:
namespace
-subscriptionName
-roles
-authDataJson
- additional authdata in json for targeted authorization provider- Returns:
-
revokeSubscriptionPermissionAsync
public CompletableFuture<Void> revokeSubscriptionPermissionAsync(org.apache.pulsar.common.naming.NamespaceName namespace, String subscriptionName, String role, String authDataJson) Revoke subscription admin-api access for a role.- Parameters:
namespace
-subscriptionName
-role
-- Returns:
-
grantPermissionAsync
public CompletableFuture<Void> grantPermissionAsync(org.apache.pulsar.common.naming.TopicName topicName, Set<org.apache.pulsar.common.policies.data.AuthAction> actions, String role, String authDataJson) Grant authorization-action permission on a topic to the given client. NOTE: used to complete withIllegalArgumentException
when namespace not found or withIllegalStateException
when failed to grant permission.- Parameters:
topicName
-role
-authDataJson
- additional authdata in json for targeted authorization provider
-
revokePermissionAsync
public CompletableFuture<Void> revokePermissionAsync(org.apache.pulsar.common.naming.TopicName topicName, String role) Revoke authorization-action permission on a topic to the given client.- Parameters:
topicName
-role
-
-
canProduceAsync
public CompletableFuture<Boolean> canProduceAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) Check if the specified role has permission to send messages to the specified fully qualified topic name.- Parameters:
topicName
- the fully qualified topic name associated with the topic.role
- the app id used to send messages to the topic.
-
canConsumeAsync
public CompletableFuture<Boolean> canConsumeAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription) Check if the specified role has permission to receive messages from the specified fully qualified topic name.- Parameters:
topicName
- the fully qualified topic name associated with the topic.role
- the app id used to receive messages from the topic.subscription
- the subscription name defined by the client
-
canProduce
public boolean canProduce(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) throws Exception - Throws:
Exception
-
canConsume
public boolean canConsume(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData, String subscription) throws Exception - Throws:
Exception
-
canLookup
public boolean canLookup(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) throws Exception Check whether the specified role can perform a lookup for the specified topic. For that the caller needs to have producer or consumer permission.- Parameters:
topicName
-role
-- Returns:
- Throws:
Exception
-
canLookupAsync
public CompletableFuture<Boolean> canLookupAsync(org.apache.pulsar.common.naming.TopicName topicName, String role, AuthenticationDataSource authenticationData) Check whether the specified role can perform a lookup for the specified topic. For that the caller needs to have producer or consumer permission.- Parameters:
topicName
-role
-- Returns:
- Throws:
Exception
-
allowFunctionOpsAsync
public CompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData) -
allowFunctionOpsAsync
public CompletableFuture<Boolean> allowFunctionOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams) -
allowSourceOpsAsync
public CompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData) -
allowSourceOpsAsync
public CompletableFuture<Boolean> allowSourceOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams) -
allowSinkOpsAsync
public CompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, String role, AuthenticationDataSource authenticationData) -
allowSinkOpsAsync
public CompletableFuture<Boolean> allowSinkOpsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, AuthenticationParameters authParams) -
isValidOriginalPrincipal
public boolean isValidOriginalPrincipal(String authenticatedPrincipal, String originalPrincipal, AuthenticationDataSource authDataSource) Whether the authenticatedPrincipal and the originalPrincipal form a valid pair. This method assumes that authenticatedPrincipal and originalPrincipal can be equal, as long as they are not a proxy role. This use case is relevant for the admin server because of the way the proxy handles authentication. The binary protocol should not use this method.- Returns:
- true when roles are a valid combination and false when roles are an invalid combination
-
isValidOriginalPrincipal
public boolean isValidOriginalPrincipal(String authenticatedPrincipal, String originalPrincipal, SocketAddress remoteAddress, boolean allowNonProxyPrincipalsToBeEqual) Validates that the authenticatedPrincipal and the originalPrincipal are a valid combination. Valid combinations fulfill one of the following two rules:1. The authenticatedPrincipal is in
ServiceConfiguration#getProxyRoles()
, if, and only if, the originalPrincipal is set to a role that is not also inServiceConfiguration#getProxyRoles()
.2. The authenticatedPrincipal and the originalPrincipal are the same, but are not a proxyRole, when allowNonProxyPrincipalsToBeEqual is true.
- Returns:
- true when roles are a valid combination and false when roles are an invalid combination
-
isProxyRole
-
allowTenantOperationAsync
public CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a tenant to the given client.- Parameters:
tenantName
- tenant nameoperation
- tenant operationrole
- role nameauthData
- additional authdata in json for targeted authorization provider- Returns:
- IllegalArgumentException when tenant not found
- Throws:
IllegalStateException
- when failed to grant permission
-
allowTenantOperationAsync
public CompletableFuture<Boolean> allowTenantOperationAsync(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData) -
allowTenantOperation
@Deprecated public boolean allowTenantOperation(String tenantName, org.apache.pulsar.common.policies.data.TenantOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception Deprecated.- will be removed after 2.12. Use async variant.- Throws:
Exception
-
allowNamespaceOperationAsync
public CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a namespace to the given client.- Parameters:
namespaceName
-operation
-role
-authData
- additional authdata in json for targeted authorization provider- Returns:
- IllegalArgumentException when namespace not found
- Throws:
IllegalStateException
- when failed to grant permission
-
allowNamespaceOperationAsync
public CompletableFuture<Boolean> allowNamespaceOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.NamespaceOperation operation, String originalRole, String role, AuthenticationDataSource authData) -
allowNamespacePolicyOperationAsync
public CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a namespace to the given client.- Parameters:
namespaceName
-operation
-role
-authData
- additional authdata in json for targeted authorization provider- Returns:
- IllegalArgumentException when namespace not found
- Throws:
IllegalStateException
- when failed to grant permission
-
allowNamespacePolicyOperationAsync
public CompletableFuture<Boolean> allowNamespacePolicyOperationAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) -
allowNamespacePolicyOperation
@Deprecated public boolean allowNamespacePolicyOperation(org.apache.pulsar.common.naming.NamespaceName namespaceName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception Deprecated.- will be removed after 2.12. Use async variant.- Throws:
Exception
-
allowTopicPolicyOperationAsync
public CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a topic to the given client.- Parameters:
topicName
-policy
-operation
-role
-authData
- additional authdata in json for targeted authorization provider- Throws:
IllegalStateException
- when failed to grant permission
-
allowTopicPolicyOperationAsync
public CompletableFuture<Boolean> allowTopicPolicyOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) -
allowTopicPolicyOperation
@Deprecated public Boolean allowTopicPolicyOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.PolicyName policy, org.apache.pulsar.common.policies.data.PolicyOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception Deprecated.- will be removed after 2.12. Use async variant.- Throws:
Exception
-
allowTopicOperationAsync
public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String role, AuthenticationDataSource authData) Grant authorization-action permission on a topic to the given client.- Parameters:
topicName
-operation
-role
-authData
- additional authdata in json for targeted authorization provider- Returns:
- IllegalArgumentException when namespace not found
- Throws:
IllegalStateException
- when failed to grant permission
-
allowTopicOperationAsync
public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, AuthenticationParameters authParams) -
allowTopicOperationAsync
public CompletableFuture<Boolean> allowTopicOperationAsync(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData) -
allowTopicOperation
@Deprecated public Boolean allowTopicOperation(org.apache.pulsar.common.naming.TopicName topicName, org.apache.pulsar.common.policies.data.TopicOperation operation, String originalRole, String role, AuthenticationDataSource authData) throws Exception Deprecated.- will be removed after 2.12. Use async variant.- Throws:
Exception
-
removePermissionsAsync
public CompletableFuture<Void> removePermissionsAsync(org.apache.pulsar.common.naming.TopicName topicName) -
getPermissionsAsync
public CompletableFuture<Map<String,Set<org.apache.pulsar.common.policies.data.AuthAction>>> getPermissionsAsync(org.apache.pulsar.common.naming.TopicName topicName) -
getPermissionsAsync
public CompletableFuture<Map<String,Set<org.apache.pulsar.common.policies.data.AuthAction>>> getPermissionsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName) -
getSubscriptionPermissionsAsync
public CompletableFuture<Map<String,Set<String>>> getSubscriptionPermissionsAsync(org.apache.pulsar.common.naming.NamespaceName namespaceName)
-