AuthHelper¶

AuthHelper is used by ControllerApis and KafkaApis to authorize requests to execute an operation on a resource (by type and name).

Creating Instance¶

AuthHelper takes the following to be created:

Authorizer

AuthHelper is created when:

ControllerApis is created (authHelper)
KafkaApis is created

Authorizing Request¶

authorize(
  requestContext: RequestContext,
  operation: AclOperation,
  resourceType: ResourceType,
  resourceName: String,
  logIfAllowed: Boolean = true,
  logIfDenied: Boolean = true,
  refCount: Int = 1): Boolean

authorize requests the Authorizer (if defined) to authorize the request (to execute the AclOperation on a resource by ResourceType and resourceName).

authorize is used when:

Kafka Service	Request	AclOperation	ResourceType	Resource Name
`AuthHelper`	authorizeClusterOperation		`CLUSTER`	kafka-cluster
`ControllerApis`	FIXME
`KafkaApis`	handleOffsetCommitRequest	READ	GROUP	groupId
	FIXME

authorizeByResourceType¶

authorizeByResourceType(
  requestContext: RequestContext,
  operation: AclOperation,
  resourceType: ResourceType): Boolean

authorizeByResourceType requests the Authorizer (if defined) to authorizeByResourceType.

authorizeByResourceType is used when:

KafkaApis is requested to handleInitProducerIdRequest (to authorize AclOperation.WRITE action on ResourceType.TOPIC)

authorizeClusterOperation¶

authorizeClusterOperation(
  request: RequestChannel.Request,
  operation: AclOperation): Unit

authorizeClusterOperation authorizes the given AclOperation with CLUSTER resource type and (hardcoded) kafka-cluster name.

If access is denied, authorizeClusterOperation throws a ClusterAuthorizationException:

Request [request] is not authorized.

authorizeClusterOperation is used when:

Kafka Service	Request	AclOperation
`AclApis`	handleCreateAcls	`ALTER`
	handleDeleteAcls	`ALTER`
	handleDescribeAcls	`DESCRIBE`
`ControllerApis`	FIXME
`KafkaApis`	handleLeaderAndIsrRequest	`CLUSTER_ACTION`
	handleStopReplicaRequest	`CLUSTER_ACTION`
	handleUpdateMetadataRequest	`CLUSTER_ACTION`
	handleControlledShutdownRequest	`CLUSTER_ACTION`
	handleWriteTxnMarkersRequest	`CLUSTER_ACTION`
	handleAlterPartitionRequest	`CLUSTER_ACTION`
	handleAllocateProducerIdsRequest	`CLUSTER_ACTION`
	handleAlterPartitionReassignmentsRequest	`ALTER`
	handleListPartitionReassignmentsRequest	`DESCRIBE`