Apache Kafka API AdminClient 查看账户权限

本文介绍了如何使用Apache Kafka的AdminClient查询账户权限,特别是通过AclBindingFilter来过滤查询条件。示例代码展示了如何查询指定账户和所有账户的权限信息,包括资源类型、匹配模式、账户名、允许类型和操作等关键信息。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

前言

之前的博客里介绍了如何给账户赋予Read或者Write的权限,这篇博客将会主要说说如何查看我们每个账户的权限。更多内容请点击【Apache Kafka API AdminClient 目录】

查询账户信息

查询账户使用的方法是adminClient.describeAcls(),官网只提供这一个方法去查询账户权限。

Modifier and TypeMethodDescription
default DescribeAclsResultdescribeAcls(AclBindingFilter filter)This is a convenience method for describeAcls(AclBindingFilter, DescribeAclsOptions) with default options.
DescribeAclsResultdescribeAcls(AclBindingFilter filter, DescribeAclsOptions options)Lists access control lists (ACLs) according to the supplied filter.

但是传入的参数决定了我们能够查询的范围,之前我们已经详细的说过了AclBindingFilter这个类是如何构造的,但是这个类里面有一个成员静态变量ANY,这个变量直接new出来了AclBindingFilter并且把各种参数都设置为ANY类型,这也是为什么一个方法可以实现多种效果的原因,又学到了一个编程技巧,赞一个。

/**
 * A filter which matches any ACL binding.
 */
public static final AclBindingFilter ANY = new AclBindingFilter(ResourcePatternFilter.ANY, AccessControlEntryFilter.ANY);

废话不多说直接上Sample看看怎么用的吧。

Sample

查询指定账户

public void describeAccount() throws ExecutionException, InterruptedException {
    //构造kaf_java_int的资源对象。这里ResourceType.ANY改为ResourceType.GROUP那么就只能输出kaf_java_int账号相关的Group ID信息。
    ResourcePatternFilter resourcePatternFilter = new ResourcePatternFilter(ResourceType.ANY, "kaf_java_int", PatternType.ANY);
    //绑定查询权限
    AclBindingFilter aclBindingFilter=new AclBindingFilter(resourcePatternFilter,AccessControlEntryFilter.ANY);
    //查询
    DescribeAclsResult result = adminClient.describeAcls(aclBindingFilter);
    Collection<AclBinding> gets = result.values().get();
    for (AclBinding get : gets) {
        System.out.println(get.pattern().name()); //输出当前Topic名
        System.out.println(get.pattern().patternType());//输出当前写入模式
        System.out.println(get.pattern().resourceType());//输出当前资源类型
        System.out.println(get.entry().principal());//输出当前账户名
        System.out.println(get.entry().permissionType());//输出允许类型
        System.out.println(get.entry().operation());//输出操作
        System.out.println("-------------------------");
    }
    System.out.println();
}

输出结果:
kaf_java_int			当前Topic名
LITERAL					当前写入模式
TOPIC 					当前资源类型
User:kaf_java_int		当前账户名
ALLOW					允许类型
READ					输出操作
-------------------------
kaf_java_int
LITERAL
TOPIC
User:kaf_java_int
ALLOW
WRITE
-------------------------

查询所有账户信息

public void describeAllACL(){
    DescribeAclsResult result = adminClient.describeAcls(AclBindingFilter.ANY);
    try {
        Collection<AclBinding> gets = result.values().get();
        for (AclBinding get : gets) {
            System.out.println(get.pattern().name());
            System.out.println(get.pattern().patternType());
            System.out.println(get.pattern().resourceType());
            System.out.println(get.entry().principal());
            System.out.println(get.entry().permissionType());
            System.out.println(get.entry().operation());
            System.out.println("-------------------------");
        }
    } catch (InterruptedException e) {
        e.printStackTrace();
    } catch (ExecutionException e) {
        e.printStackTrace();
    }
}
输出结果:
类似上面,只不过内容更多,涉及到公司内部信息,不做展示。

ResourceType

ResourceType是资源类型,如果是ANY将会把下面所有都匹配上。

public enum ResourceType {
    /**
     * Represents any ResourceType which this client cannot understand,
     * perhaps because this client is too old.
     */
    UNKNOWN((byte) 0),
    /**
     * In a filter, matches any ResourceType.
     */
    ANY((byte) 1),
    /**
     * A Kafka topic.
     */
    TOPIC((byte) 2),
    /**
     * A consumer group.
     */
    GROUP((byte) 3),
    /**
     * The cluster as a whole.
     */
    CLUSTER((byte) 4),
    /**
     * A transactional ID.
     */
    TRANSACTIONAL_ID((byte) 5),
    /**
     * A token ID.
     */
    DELEGATION_TOKEN((byte) 6);

PatternType

PatternType是指匹配类型,ANY模式会匹配所有类型;MATCH模式类似于contain()函数,所有包含在内的字符都会匹配出来;LITERAL模式表示字面上匹配,也可以理解为精确匹配;PREFIXED模式是前缀匹配,所有符合的前缀都可以进行匹配。

public enum PatternType {
    /**
     * Represents any PatternType which this client cannot understand, perhaps because this client is too old.
     */
    UNKNOWN((byte) 0),
    /**
     * In a filter, matches any resource pattern type.
     */
    ANY((byte) 1),
    /**
     * In a filter, will perform pattern matching.
     *
     * e.g. Given a filter of {@code ResourcePatternFilter(TOPIC, "payments.received", MATCH)`}, the filter match
     * any {@link ResourcePattern} that matches topic 'payments.received'. This might include:
     * <ul>
     *     <li>A Literal pattern with the same type and name, e.g. {@code ResourcePattern(TOPIC, "payments.received", LITERAL)}</li>
     *     <li>A Wildcard pattern with the same type, e.g. {@code ResourcePattern(TOPIC, "*", LITERAL)}</li>
     *     <li>A Prefixed pattern with the same type and where the name is a matching prefix, e.g. {@code ResourcePattern(TOPIC, "payments.", PREFIXED)}</li>
     * </ul>
     */
    MATCH((byte) 2),
    /**
     * A literal resource name.
     *
     * A literal name defines the full name of a resource, e.g. topic with name 'foo', or group with name 'bob'.
     *
     * The special wildcard character {@code *} can be used to represent a resource with any name.
     */
    LITERAL((byte) 3),

    /**
     * A prefixed resource name.
     *
     * A prefixed name defines a prefix for a resource, e.g. topics with names that start with 'foo'.
     */
    PREFIXED((byte) 4);

AclPermissionType

允许类型,如果ANY表示所有允许类型都匹配;DENY只匹配拒绝操作的类型,页可以用这个类型限制账号的操作;ALLOW匹配允许类型。

public enum AclPermissionType {
    /**
     * Represents any AclPermissionType which this client cannot understand,
     * perhaps because this client is too old.
     */
    UNKNOWN((byte) 0),
    /**
     * In a filter, matches any AclPermissionType.
     */
    ANY((byte) 1),
    /**
     * Disallows access.
     */
    DENY((byte) 2),
    /**
     * Grants access.
     */
    ALLOW((byte) 3);
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值