前言
之前的博客里介绍了如何给账户赋予Read或者Write的权限,这篇博客将会主要说说如何查看我们每个账户的权限。更多内容请点击【Apache Kafka API AdminClient 目录】。
查询账户信息
查询账户使用的方法是adminClient.describeAcls(),官网只提供这一个方法去查询账户权限。
Modifier and Type | Method | Description |
---|---|---|
default DescribeAclsResult | describeAcls(AclBindingFilter filter) | This is a convenience method for describeAcls(AclBindingFilter, DescribeAclsOptions) with default options. |
DescribeAclsResult | describeAcls(AclBindingFilter filter, DescribeAclsOptions options) | Lists access control lists (ACLs) according to the supplied filter. |
但是传入的参数决定了我们能够查询的范围,之前我们已经详细的说过了AclBindingFilter
这个类是如何构造的,但是这个类里面有一个成员静态变量ANY
,这个变量直接new
出来了AclBindingFilter
并且把各种参数都设置为ANY
类型,这也是为什么一个方法可以实现多种效果的原因,又学到了一个编程技巧,赞一个。
/**
* A filter which matches any ACL binding.
*/
public static final AclBindingFilter ANY = new AclBindingFilter(ResourcePatternFilter.ANY, AccessControlEntryFilter.ANY);
废话不多说直接上Sample看看怎么用的吧。
Sample
查询指定账户
public void describeAccount() throws ExecutionException, InterruptedException {
//构造kaf_java_int的资源对象。这里ResourceType.ANY改为ResourceType.GROUP那么就只能输出kaf_java_int账号相关的Group ID信息。
ResourcePatternFilter resourcePatternFilter = new ResourcePatternFilter(ResourceType.ANY, "kaf_java_int", PatternType.ANY);
//绑定查询权限
AclBindingFilter aclBindingFilter=new AclBindingFilter(resourcePatternFilter,AccessControlEntryFilter.ANY);
//查询
DescribeAclsResult result = adminClient.describeAcls(aclBindingFilter);
Collection<AclBinding> gets = result.values().get();
for (AclBinding get : gets) {
System.out.println(get.pattern().name()); //输出当前Topic名
System.out.println(get.pattern().patternType());//输出当前写入模式
System.out.println(get.pattern().resourceType());//输出当前资源类型
System.out.println(get.entry().principal());//输出当前账户名
System.out.println(get.entry().permissionType());//输出允许类型
System.out.println(get.entry().operation());//输出操作
System.out.println("-------------------------");
}
System.out.println();
}
输出结果:
kaf_java_int 当前Topic名
LITERAL 当前写入模式
TOPIC 当前资源类型
User:kaf_java_int 当前账户名
ALLOW 允许类型
READ 输出操作
-------------------------
kaf_java_int
LITERAL
TOPIC
User:kaf_java_int
ALLOW
WRITE
-------------------------
查询所有账户信息
public void describeAllACL(){
DescribeAclsResult result = adminClient.describeAcls(AclBindingFilter.ANY);
try {
Collection<AclBinding> gets = result.values().get();
for (AclBinding get : gets) {
System.out.println(get.pattern().name());
System.out.println(get.pattern().patternType());
System.out.println(get.pattern().resourceType());
System.out.println(get.entry().principal());
System.out.println(get.entry().permissionType());
System.out.println(get.entry().operation());
System.out.println("-------------------------");
}
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
}
}
输出结果:
类似上面,只不过内容更多,涉及到公司内部信息,不做展示。
ResourceType
ResourceType是资源类型,如果是ANY将会把下面所有都匹配上。
public enum ResourceType {
/**
* Represents any ResourceType which this client cannot understand,
* perhaps because this client is too old.
*/
UNKNOWN((byte) 0),
/**
* In a filter, matches any ResourceType.
*/
ANY((byte) 1),
/**
* A Kafka topic.
*/
TOPIC((byte) 2),
/**
* A consumer group.
*/
GROUP((byte) 3),
/**
* The cluster as a whole.
*/
CLUSTER((byte) 4),
/**
* A transactional ID.
*/
TRANSACTIONAL_ID((byte) 5),
/**
* A token ID.
*/
DELEGATION_TOKEN((byte) 6);
PatternType
PatternType是指匹配类型,ANY模式会匹配所有类型;MATCH模式类似于contain()函数,所有包含在内的字符都会匹配出来;LITERAL模式表示字面上匹配,也可以理解为精确匹配;PREFIXED模式是前缀匹配,所有符合的前缀都可以进行匹配。
public enum PatternType {
/**
* Represents any PatternType which this client cannot understand, perhaps because this client is too old.
*/
UNKNOWN((byte) 0),
/**
* In a filter, matches any resource pattern type.
*/
ANY((byte) 1),
/**
* In a filter, will perform pattern matching.
*
* e.g. Given a filter of {@code ResourcePatternFilter(TOPIC, "payments.received", MATCH)`}, the filter match
* any {@link ResourcePattern} that matches topic 'payments.received'. This might include:
* <ul>
* <li>A Literal pattern with the same type and name, e.g. {@code ResourcePattern(TOPIC, "payments.received", LITERAL)}</li>
* <li>A Wildcard pattern with the same type, e.g. {@code ResourcePattern(TOPIC, "*", LITERAL)}</li>
* <li>A Prefixed pattern with the same type and where the name is a matching prefix, e.g. {@code ResourcePattern(TOPIC, "payments.", PREFIXED)}</li>
* </ul>
*/
MATCH((byte) 2),
/**
* A literal resource name.
*
* A literal name defines the full name of a resource, e.g. topic with name 'foo', or group with name 'bob'.
*
* The special wildcard character {@code *} can be used to represent a resource with any name.
*/
LITERAL((byte) 3),
/**
* A prefixed resource name.
*
* A prefixed name defines a prefix for a resource, e.g. topics with names that start with 'foo'.
*/
PREFIXED((byte) 4);
AclPermissionType
允许类型,如果ANY表示所有允许类型都匹配;DENY只匹配拒绝操作的类型,页可以用这个类型限制账号的操作;ALLOW匹配允许类型。
public enum AclPermissionType {
/**
* Represents any AclPermissionType which this client cannot understand,
* perhaps because this client is too old.
*/
UNKNOWN((byte) 0),
/**
* In a filter, matches any AclPermissionType.
*/
ANY((byte) 1),
/**
* Disallows access.
*/
DENY((byte) 2),
/**
* Grants access.
*/
ALLOW((byte) 3);