英文:
How to programmatically get topics permissions [Kafka, Java]
问题
我正在实现高级 Kafka 健康检查。现在实现了“标准”健康检查:
@Override
protected void doHealthCheck(Builder builder) {
try (AdminClient adminClient = AdminClient.create(this.kafkaAdmin.getConfig())) {
DescribeClusterResult result = adminClient.describeCluster(this.describeOptions);
String brokerId = result.controller().get().idString();
int replicationFactor = getReplicationFactor(brokerId, adminClient);
int nodes = result.nodes().get().size();
Health h = Option.when(nodes >= replicationFactor, builder::up)
.getOrElse(() ->
builder.down()
.withDetail("clusterId", result.clusterId())
.withDetail("brokerId", brokerId)
.withDetail("nodes", nodes))
.build();
log.info("Current state kafka: {}", h.getStatus(), keyValue(HEALTH, h.getStatus()));
} catch (Exception e) {
Health h = builder.down().build();
log.error("Current state kafka: {}, with error {}", h.getStatus(), e.toString(),
keyValue(HEALTH, h.getStatus()));
}
}
但目标是检查我的服务是否能够从特定主题读取/写入。
我在 AdminClient 和其他类中找不到适当的功能来实现这一点。
总的来说,是否存在这样的功能?
英文:
I'm implementing advanced Kafka health-check. Now it's realized "standard" health-check:
@Override
protected void doHealthCheck(Builder builder) {
try (AdminClient adminClient = AdminClient.create(this.kafkaAdmin.getConfig())) {
DescribeClusterResult result = adminClient.describeCluster(this.describeOptions);
String brokerId = result.controller().get().idString();
int replicationFactor = getReplicationFactor(brokerId, adminClient);
int nodes = result.nodes().get().size();
Health h = Option.when(nodes >= replicationFactor, builder::up)
.getOrElse(() ->
builder.down()
.withDetail("clusterId", result.clusterId())
.withDetail("brokerId", brokerId)
.withDetail("nodes", nodes))
.build();
log.info("Current state kafka: {}", h.getStatus(), keyValue(HEALTH, h.getStatus()));
} catch (Exception e) {
Health h = builder.down().build();
log.error("Current state kafka: {}, with error {}", h.getStatus(), e.toString(),
keyValue(HEALTH, h.getStatus()));
}
}
But the goal is to check whether my service is able to read/write from/to certain topic.
I couldn't find appropriate functionality for this in AdminClient and other classes.
And in general it exists?
答案1
得分: 1
Data I need is here:
AclBindingFilter filter = new AclBindingFilter(
new ResourcePatternFilter(ResourceType.ANY, null, PatternType.LITERAL),
new AccessControlEntryFilter(null, null, AclOperation.ANY, AclPermissionType.ANY));
adminClient.describeAcls(filter).values().get();
![如何以编程方式获取主题权限 [Kafka,Java]](https://i.stack.imgur.com/WFRpG.png)
> (pattern=ResourcePattern(resourceType=TOPIC, name=APP_DIRECTORY.VIEW, patternType=LITERAL), entry=(principal=User:CN=CN,L=L,ST=ST,C=C, host=*, operation=READ, permissionType=ALLOW))
英文:
Data I need is here:
AclBindingFilter filter = new AclBindingFilter(
new ResourcePatternFilter(ResourceType.ANY, null, PatternType.LITERAL),
new AccessControlEntryFilter(null, null, AclOperation.ANY, AclPermissionType.ANY));
adminClient.describeAcls(filter).values().get();
> (pattern=ResourcePattern(resourceType=TOPIC, name=APP_DIRECTORY.VIEW, patternType=LITERAL), entry=(principal=User:CN=CN,L=L,ST=ST,C=C, host=*, operation=READ, permissionType=ALLOW))
答案2
得分: 0
我尚未使用过它,但describeTopics的结果中包含authorizedOperations。
/**
* 此主题的授权操作,如果未知则为null。
*/
public Set<AclOperation> authorizedOperations() {
return authorizedOperations;
}
/**
* 表示ACL授予或拒绝执行的操作。
*
* 某些操作意味着其他操作:
* <ul>
* <li><code>ALLOW ALL</code>意味着允许一切
* <li><code>DENY ALL</code>意味着拒绝一切
*
* <li><code>ALLOW READ</code>意味着允许DESCRIBE
* <li><code>ALLOW WRITE</code>意味着允许DESCRIBE
* <li><code>ALLOW DELETE</code>意味着允许DESCRIBE
*
* <li><code>ALLOW ALTER</code>意味着允许DESCRIBE
*
* <li><code>ALLOW ALTER_CONFIGS</code>意味着允许DESCRIBE_CONFIGS
* </ul>
* 此类的API仍在不断演变中,如果有必要,我们可能会在次要版本中破坏兼容性。
*/
@InterfaceStability.Evolving
public enum AclOperation {
自2.3版本起。
英文:
I have not used it but the results from describeTopics has authorizedOperations.
/**
* authorized operations for this topic, or null if this is not known.
*/
public Set<AclOperation> authorizedOperations() {
return authorizedOperations;
}
/**
* Represents an operation which an ACL grants or denies permission to perform.
*
* Some operations imply other operations:
* <ul>
* <li><code>ALLOW ALL</code> implies <code>ALLOW</code> everything
* <li><code>DENY ALL</code> implies <code>DENY</code> everything
*
* <li><code>ALLOW READ</code> implies <code>ALLOW DESCRIBE</code>
* <li><code>ALLOW WRITE</code> implies <code>ALLOW DESCRIBE</code>
* <li><code>ALLOW DELETE</code> implies <code>ALLOW DESCRIBE</code>
*
* <li><code>ALLOW ALTER</code> implies <code>ALLOW DESCRIBE</code>
*
* <li><code>ALLOW ALTER_CONFIGS</code> implies <code>ALLOW DESCRIBE_CONFIGS</code>
* </ul>
* The API for this class is still evolving and we may break compatibility in minor releases, if necessary.
*/
@InterfaceStability.Evolving
public enum AclOperation {
Since 2.3.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论