如何以编程方式获取主题权限 [Kafka,Java]

huangapple
go评论108阅读模式
英文:

How to programmatically get topics permissions [Kafka, Java]

问题

我正在实现高级 Kafka 健康检查。现在实现了“标准”健康检查:

  1.     @Override
  2.     protected void doHealthCheck(Builder builder) {
  3.         try (AdminClient adminClient = AdminClient.create(this.kafkaAdmin.getConfig())) {
  4.             DescribeClusterResult result = adminClient.describeCluster(this.describeOptions);
  5.             String brokerId = result.controller().get().idString();
  6.             int replicationFactor = getReplicationFactor(brokerId, adminClient);
  7.             int nodes = result.nodes().get().size();
  8.             Health h = Option.when(nodes >= replicationFactor, builder::up)
  9.                              .getOrElse(() ->
  10.                                  builder.down()
  11.                                         .withDetail("clusterId", result.clusterId())
  12.                                         .withDetail("brokerId", brokerId)
  13.                                         .withDetail("nodes", nodes))
  14.                              .build();
  15.             log.info("Current state kafka: {}", h.getStatus(), keyValue(HEALTH, h.getStatus()));
  16.         } catch (Exception e) {
  17.             Health h = builder.down().build();
  18.             log.error("Current state kafka: {}, with error {}", h.getStatus(), e.toString(),
  19.                 keyValue(HEALTH, h.getStatus()));
  20.         }
  21.     }

但目标是检查我的服务是否能够从特定主题读取/写入。

我在 AdminClient 和其他类中找不到适当的功能来实现这一点。

总的来说,是否存在这样的功能?

英文:

I'm implementing advanced Kafka health-check. Now it's realized "standard" health-check:

  1.     @Override
  2.     protected void doHealthCheck(Builder builder) {
  3.         try (AdminClient adminClient = AdminClient.create(this.kafkaAdmin.getConfig())) {
  4.             DescribeClusterResult result = adminClient.describeCluster(this.describeOptions);
  5.             String brokerId = result.controller().get().idString();
  6.             int replicationFactor = getReplicationFactor(brokerId, adminClient);
  7.             int nodes = result.nodes().get().size();
  8.             Health h = Option.when(nodes >= replicationFactor, builder::up)
  9.                              .getOrElse(() ->
  10.                                  builder.down()
  11.                                         .withDetail("clusterId", result.clusterId())
  12.                                         .withDetail("brokerId", brokerId)
  13.                                         .withDetail("nodes", nodes))
  14.                              .build();
  15.             log.info("Current state kafka: {}", h.getStatus(), keyValue(HEALTH, h.getStatus()));
  16.         } catch (Exception e) {
  17.             Health h = builder.down().build();
  18.             log.error("Current state kafka: {}, with error {}", h.getStatus(), e.toString(),
  19.                 keyValue(HEALTH, h.getStatus()));
  20.         }
  21.     }

But the goal is to check whether my service is able to read/write from/to certain topic.

I couldn't find appropriate functionality for this in AdminClient and other classes.

And in general it exists?

答案1

得分: 1

Data I need is here:

  1. AclBindingFilter filter = new AclBindingFilter(
  2.     new ResourcePatternFilter(ResourceType.ANY, null, PatternType.LITERAL),
  3.     new AccessControlEntryFilter(null, null, AclOperation.ANY, AclPermissionType.ANY));
  4.     
  5. adminClient.describeAcls(filter).values().get();

如何以编程方式获取主题权限 [Kafka,Java]

> (pattern=ResourcePattern(resourceType=TOPIC, name=APP_DIRECTORY.VIEW, patternType=LITERAL), entry=(principal=User:CN=CN,L=L,ST=ST,C=C, host=*, operation=READ, permissionType=ALLOW))

英文:

Data I need is here:

  1. AclBindingFilter filter = new AclBindingFilter(
  2. new ResourcePatternFilter(ResourceType.ANY, null, PatternType.LITERAL),
  3. new AccessControlEntryFilter(null, null, AclOperation.ANY, AclPermissionType.ANY));
  5. adminClient.describeAcls(filter).values().get();

如何以编程方式获取主题权限 [Kafka,Java]

> (pattern=ResourcePattern(resourceType=TOPIC, name=APP_DIRECTORY.VIEW, patternType=LITERAL), entry=(principal=User:CN=CN,L=L,ST=ST,C=C, host=*, operation=READ, permissionType=ALLOW))

答案2

得分: 0

我尚未使用过它,但describeTopics的结果中包含authorizedOperations

  1.     /**
  2.      * 此主题的授权操作,如果未知则为null。
  3.      */
  4.     public Set<AclOperation> authorizedOperations() {
  5.         return authorizedOperations;
  6.     }
  1. /**
  2.  * 表示ACL授予或拒绝执行的操作。
  3.  *
  4.  * 某些操作意味着其他操作:
  5.  * <ul>
  6.  * <li><code>ALLOW ALL</code>意味着允许一切
  7.  * <li><code>DENY ALL</code>意味着拒绝一切
  8.  *
  9.  * <li><code>ALLOW READ</code>意味着允许DESCRIBE
  10.  * <li><code>ALLOW WRITE</code>意味着允许DESCRIBE
  11.  * <li><code>ALLOW DELETE</code>意味着允许DESCRIBE
  12.  *
  13.  * <li><code>ALLOW ALTER</code>意味着允许DESCRIBE
  14.  *
  15.  * <li><code>ALLOW ALTER_CONFIGS</code>意味着允许DESCRIBE_CONFIGS
  16.  * </ul>
  17.  * 此类的API仍在不断演变中,如果有必要,我们可能会在次要版本中破坏兼容性。
  18.  */
  19. @InterfaceStability.Evolving
  20. public enum AclOperation {

自2.3版本起。

英文:

I have not used it but the results from describeTopics has authorizedOperations.

  1.     /**
  2.      * authorized operations for this topic, or null if this is not known.
  3.      */
  4.     public Set&lt;AclOperation&gt;  authorizedOperations() {
  5.         return authorizedOperations;
  6.     }
  1. /**
  2.  * Represents an operation which an ACL grants or denies permission to perform.
  3.  *
  4.  * Some operations imply other operations:
  5.  * &lt;ul&gt;
  6.  * &lt;li&gt;&lt;code&gt;ALLOW ALL&lt;/code&gt; implies &lt;code&gt;ALLOW&lt;/code&gt; everything
  7.  * &lt;li&gt;&lt;code&gt;DENY ALL&lt;/code&gt; implies &lt;code&gt;DENY&lt;/code&gt; everything
  8.  *
  9.  * &lt;li&gt;&lt;code&gt;ALLOW READ&lt;/code&gt; implies &lt;code&gt;ALLOW DESCRIBE&lt;/code&gt;
  10.  * &lt;li&gt;&lt;code&gt;ALLOW WRITE&lt;/code&gt; implies &lt;code&gt;ALLOW DESCRIBE&lt;/code&gt;
  11.  * &lt;li&gt;&lt;code&gt;ALLOW DELETE&lt;/code&gt; implies &lt;code&gt;ALLOW DESCRIBE&lt;/code&gt;
  12.  *
  13.  * &lt;li&gt;&lt;code&gt;ALLOW ALTER&lt;/code&gt; implies &lt;code&gt;ALLOW DESCRIBE&lt;/code&gt;
  14.  *
  15.  * &lt;li&gt;&lt;code&gt;ALLOW ALTER_CONFIGS&lt;/code&gt; implies &lt;code&gt;ALLOW DESCRIBE_CONFIGS&lt;/code&gt;
  16.  * &lt;/ul&gt;
  17.  * The API for this class is still evolving and we may break compatibility in minor releases, if necessary.
  18.  */
  19. @InterfaceStability.Evolving
  20. public enum AclOperation {

Since 2.3.

huangapple
  • 本文由 发表于 2020年7月24日 19:55:58
  • 转载请务必保留本文链接:https://go.coder-hub.com/63073054.html
  • apache-kafka
  • java
  • spring
  • spring-boot
  • spring-kafka
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定