All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.streamnative.pulsar.handlers.kop.security.auth.Authorizer Maven / Gradle / Ivy

There is a newer version: 4.0.0.4
Show newest version
/**
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.streamnative.pulsar.handlers.kop.security.auth;

import io.streamnative.pulsar.handlers.kop.security.KafkaPrincipal;
import java.util.concurrent.CompletableFuture;

/**
 * Interface of authorizer.
 */
public interface Authorizer {

    /**
     * Check whether the specified role can perform a lookup for the specified topic.
     *
     * For that the caller needs to have producer or consumer permission.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canLookupAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can list topic.
     *
     * For that the caller needs to have producer or consumer permission.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canGetTopicList(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can access a Pulsar Tenant.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canAccessTenantAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can create topic.
     * This permission mapping to pulsar is Tenant Admin or Super Admin.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canCreateTopicAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can delete topic.
     * This permission mapping to pulsar is Tenant Admin or Super Admin.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canDeleteTopicAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can alter topic.
     * This permission mapping to pulsar is Tenant Admin or Super Admin.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canAlterTopicAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can manage Pulsar tenant.
     * This permission mapping to pulsar is Tenant Admin or Super Admin.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canManageTenantAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can perform a produce for the specified topic.
     *
     * For that the caller needs to have producer permission.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canProduceAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can perform a consumer for the specified topic.
     *
     * For that the caller needs to have consumer permission.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canConsumeAsync(KafkaPrincipal principal, Resource resource);

    /**
     * Check whether the specified role can delete group.
     *
     * @param principal login info
     * @param resource resources to be authorized
     * @return a boolean to determine whether authorized or not
     */
    CompletableFuture canDeleteGroupAsync(KafkaPrincipal principal, Resource resource);

    CompletableFuture canDescribeConsumerGroup(KafkaPrincipal principal, Resource resource);
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy